This case illustrates why a HIPAA Security Officer must have administrative rights access to their organization’s IT infrastructure. Although the compliance officer may not know what to do with this access, it is required so you have control over your...

Although this is not a HIPAA requirement, it does affect every business. Here are the highlights: Updated Form I‑9 Business should use the new form dated January 20, 2025, with an expiration date of May 31, 2027, if you are not doing...

As today’s healthcare organizations work to streamline operations and control administrative costs, outsourcing medical billing has emerged as a smart and efficient solution. However, while outsourcing medical billing can improve performance, it does not absolve you of your responsibility to...

Avoid common misconceptions about HIPAA compliance. Learn the critical steps needed to avoid Chiropractor HIPAA violations and fines. Many chiropractor practices think the Government SRA tool is all they need for their HIPAA risk assessment. Keep in mind, it does...

The U.S. Department of Justice (DOJ) has announced its largest-ever coordinated healthcare fraud takedown, charging 324 individuals, including 96 doctors, nurses, and other licensed medical professionals, across the country. The alleged schemes involved nearly $14.6 billion in fraudulent claims to...

A leading national consumer watchdog group has sounded the alarm on a massive data breach, warning that as many as 184 million passwords may have been compromised. If confirmed, this breach would be one of the largest in recent history,...

A Resolution Agreement is a formal settlement between the U.S. Department of Health and Human Services (HHS) and a HIPAA-covered entity or business associate. Under the agreement, the organization agrees to take specific corrective actions and submit regular compliance reports...

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has reached a settlement with Comprehensive Neurology, a small neurology practice based in New York, following a potential violation of the HIPAA Security Rule. The investigation stemmed...

PIH Health, Inc. (PIH), a California health care network, has agreed to pay the OCR $600,000. The violations stem from an email phishing attack that exposed unsecured electronic protected health information (ePHI). The settlement resolves an investigation that OCR conducted...

What you need to know In 2025 and beyond there are many HIPAA updates that are occurring in the healthcare arena. Staff education and patient privacy are front and center of the OCR. You can be fined for HIPAA violations...

In today's digital age, scams and hackers have become increasingly sophisticated, targeting individuals and businesses alike with tactics that are harder to detect and easier to fall for. From phishing emails and fake websites to ransomware attacks and identity theft,...

The Health Insurance Portability and Accountability Act (HIPAA) has long served as a cornerstone in protecting the privacy and security of individuals' health information. As digital technology continues to evolve, so do the ways in which health data can be...

Most people in healthcare have been affected by the Change healthcare cyberattack. Scams have hit a new level, and you must be more diligent than ever before. Scams can be spotted, but you must look closely. A scam can quickly...

Intrusion prevention - preventing a data breach

Common online tracking technology that could lead to a HIPAA violation

2024 HIPAA and other Compliance Updates

The difference between HIPAA documentation and medical records retention requirements.

Nefarious characters see healthcare organizations as high value yet relatively easy targets. These are referred to as target rich, cyber poor.  Given that healthcare organizations have a combination of personally identifiable information, financial information, health records, and countless medical devices,...

Most practices cannot afford to hire a HIPAA Compliance Officer. So, practice owners often assign their Office Manager or their Practice Administrator for the HIPAA Compliance Officer Responsibilities. Since they are not trained as a Compliance Officer, many times, HIPAA...

Patients’ right of access has extreme consequences if they are not handled properly. It starts the moment a patient makes this request. HIPAA prohibits unreasonable measures when patients request access to their medical records. Most practices think this request MUST...