When it is time to terminate an employee, it is never easy. Whether they are a short- or long-term employee, it can be difficult. Sadly, if you make a mistake you can end up with a complaint filed against you....

The U.S. Department of Health and Human Services (HHS), through the Office for Civil Rights (OCR), announced the formation of a new Enforcement Division, Policy Division, and Strategic Planning Division. Is more HIPAA Enforcement on the way? The newly established...

2023 HIPAA Audits and Penalties may Increase

Right of Access Time Limit

Happy New Year! As we look back on 2022, we noticed that the Office for Civil Rights (OCR) has really started enforcing the Patients Right of Access. To see a list of fines and resolutions agreements, check out our What...

Scammers are always busy trying different tactics to get to your wallet. During holidays is no different. Bad actors use the holidays and people’s goodwill to fool them into giving. Be careful of offers that are too good to be...

The Office for Civil Rights (OCR) has issued a bulletin to remind covered entities and business associates of their obligations under HIPAA when using online tracking technology. These technologies include but are not limited to Google Analytics, Meta Pixel, Cookies,...

Can a Medical Practitioner be sued for a HIPAA Violation or a Data Breach?

Can a patient pay cash when they have health insurance

Cyber attacks - think before you click

First, I hope that all of you and your loved ones are safe. Fiona and Ian have affected many places, and many have suffered so much. Prayers for all… HIPAA Applies Only to Covered Entities and Business Associates The HIPAA...

HIPAA Privacy Facts for Medical Offices

Since HIPAA’s inception there have been several updates over the years. As technology changes, so must some the of HIPAA rules. We have not seen any major changes since 2013 when the Omnibus Rule gave HIPAA teeth and enforcement became...

Since 2015 the number of data breaches in healthcare has steadily been rising. This includes medical offices, health plans, and business associates. These breaches range from unauthorized access, loss, theft, but mostly from hacking. Hacking was determined to be from...

We have advised our clients for years to only transmit protected health information (PHI) if it is encrypted. We have also recommended encryption for the data at rest. With the rise of hacking, this is never more important. There are...

We have talked in the past about the Office for Civil Rights conducting a minimum of a 12 month look back for data security/ HIPAA compliance efforts. If an organization suffers a breach, with proper documentation fines may be waived. This...

It is a known fact that hackers target the healthcare sector because the data is so valuable. The cost of healthcare data breaches increased from a total average of $7.13M in 2020 to $9.23M in 2021. The average breach cost...

The Office for Civil Rights (OCR) released a Request for Information (RFI) seeking comments from all stakeholders including covered entities, business associates, patients, and their families. The growing number of cybersecurity threats are a significant concern driving the need for...

The Office for Civil Rights sent out a cyber newsletter stating that throughout 2020-2021 hackers have targeted the health care industry and the number of breaches increased 45% from 2019 to 2020. The number of breaches due to hacking or...

This week the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced the resolution of four investigations related to the HIPAA privacy rule. Two cases were part of the HIPAA Right of Access, bringing the...