PIH Health, Inc. (PIH), a California health care network, has agreed to pay the OCR $600,000. The violations stem from an email phishing attack that exposed unsecured electronic protected health information (ePHI). The settlement resolves an investigation that OCR conducted...

What you need to know In 2025 and beyond there are many HIPAA updates that are occurring in the healthcare arena. Staff education and patient privacy are front and center of the OCR. You can be fined for HIPAA violations...

In today's digital age, scams and hackers have become increasingly sophisticated, targeting individuals and businesses alike with tactics that are harder to detect and easier to fall for. From phishing emails and fake websites to ransomware attacks and identity theft,...

The Health Insurance Portability and Accountability Act (HIPAA) has long served as a cornerstone in protecting the privacy and security of individuals' health information. As digital technology continues to evolve, so do the ways in which health data can be...

Most people in healthcare have been affected by the Change healthcare cyberattack. Scams have hit a new level, and you must be more diligent than ever before. Scams can be spotted, but you must look closely. A scam can quickly...

Intrusion prevention - preventing a data breach

Common online tracking technology that could lead to a HIPAA violation

2024 HIPAA and other Compliance Updates

The difference between HIPAA documentation and medical records retention requirements.

Nefarious characters see healthcare organizations as high value yet relatively easy targets. These are referred to as target rich, cyber poor.  Given that healthcare organizations have a combination of personally identifiable information, financial information, health records, and countless medical devices,...

Most practices cannot afford to hire a HIPAA Compliance Officer. So, practice owners often assign their Office Manager or their Practice Administrator for the HIPAA Compliance Officer Responsibilities. Since they are not trained as a Compliance Officer, many times, HIPAA...

Patients’ right of access has extreme consequences if they are not handled properly. It starts the moment a patient makes this request. HIPAA prohibits unreasonable measures when patients request access to their medical records. Most practices think this request MUST...

We wrote about this back in December 2022, but the Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) has added an additional warning. The OCR has confirmed its active investigations nationwide to ensure compliance with HIPAA. The...

Most of us are familiar with fines for data breaches of over 500 patient records. This time a business associate was fined $75K for 267 records. Covered entities are responsibility to vet their business associates. This includes making sure they...

When it is time to terminate an employee, it is never easy. Whether they are a short- or long-term employee, it can be difficult. Sadly, if you make a mistake you can end up with a complaint filed against you....

The U.S. Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), announced the formation of a new Enforcement Division, Policy Division, and Strategic Planning Division. Is more HIPAA Enforcement on the way? The newly established...

2023 HIPAA Audits and Penalties may Increase

Right of Access Time Limit

Happy New Year! As we look back on 2022, we noticed that the Office for Civil Rights (OCR) has really started enforcing the Patients Right of Access. To see a list of fines and resolutions agreements, check out our What...

Scammers are always busy trying different tactics to get to your wallet. During holidays is no different. Bad actors use the holidays and people’s goodwill to fool them into giving. Be careful of offers that are too good to be...