Most practices cannot afford to hire a HIPAA Compliance Officer. So, practice owners often assign their Office Manager or their Practice Administrator for the HIPAA Compliance Officer Responsibilities. Since they are not trained as a Compliance Officer, many times, HIPAA...

Patients’ right of access has extreme consequences if they are not handled properly. It starts the moment a patient makes this request. HIPAA prohibits unreasonable measures when patients request access to their medical records. Most practices think this request MUST...

We wrote about this back in December 2022, but the Office for Civil Rights (OCR) and the Federal Trade Commission (FTC) has added an additional warning. The OCR has confirmed its active investigations nationwide to ensure compliance with HIPAA. The...

Most of us are familiar with fines for data breaches of over 500 patient records. This time a business associate was fined $75K for 267 records. Covered entities are responsibility to vet their business associates. This includes making sure they...

We have been asked this several times, so we decided to write a notification about this subject. When it is time to terminate an employee, it is never easy. Whether they are a short- or long-term employee, it can be...

Is more HIPAA Enforcement on the way? The U.S. Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), announced the formation of a new Enforcement Division, Policy Division, and Strategic Planning Division. The newly established...

The Department of Health and Human Services (HHS) delivered their annual report to congress and noted there have been significant increases in HIPAA complaints and large breaches. They also noted that there have not been increases in appropriations during the...

When a patient or a patient’s representative requests a copy of medical records it is very important to act promptly. Currently you have 30 days to comply with this request, and one 30-day extension (if you advise the patient/representative that...

Happy New Year! As we look back on 2022, we noticed that the Office for Civil Rights (OCR) has really started enforcing the Patients Right of Access. To see a list of fines and resolutions agreements, check out our What...

Scammers are always busy trying different tactics to get to your wallet. During holidays is no different. Bad actors use the holidays and people’s goodwill to fool them into giving. Be careful of offers that are too good to be...

The Office for Civil Rights (OCR) has issued a bulletin to remind covered entities and business associates of their obligations under HIPAA when using online tracking technology. These technologies include but are not limited to Google Analytics, Meta Pixel, Cookies,...

With so many data breaches in the news many medical practitioners are asking if they can be sued over HIPAA violations or from a data breach. HIPAA rules state there is no private right of action, therefore, a patient cannot...

The Omnibus rule, also known as the “Final” rule changed HIPAA in many ways. It gave HIPAA teeth and included business associates as being liable under the HIPAA rules. I thought most medical providers had been made aware of the...

It is no secret that patient data is valuable on the black market. Cyber criminals will try many different methods to gain access to this data. The Office for Civil Rights (OCR) stated in their Cybersecurity Newsletter that there has...

First, I hope that all of you and your loved ones are safe. Fiona and Ian have affected many places, and many have suffered so much. Prayers for all… HIPAA Applies Only to Covered Entities and Business Associates The HIPAA...

There has been some confusion about when and how to share patient information. I thought it might be a good time to review some of the facts from the HIPAA Privacy and Security Rules. Here are some highlights: The Privacy...

Since HIPAA’s inception there have been several updates over the years. As technology changes, so must some the of HIPAA rules. We have not seen any major changes since 2013 when the Omnibus Rule gave HIPAA teeth and enforcement became...

Since 2015 the number of data breaches in healthcare has steadily been rising. This includes medical offices, health plans, and business associates. These breaches range from unauthorized access, loss, theft, but mostly from hacking. Hacking was determined to be from...

We have advised our clients for years to only transmit protected health information (PHI) if it is encrypted. We have also recommended encryption for the data at rest. With the rise of hacking, this is never more important. There are...

We have talked in the past about the Office for Civil Rights conducting a minimum of a 12 month look back for data security/ HIPAA compliance efforts. If an organization suffers a breach, with proper documentation fines may be waived. This...