When the providers and upper management understand the ramifications of violations, then the rest of the staff typically will follow the examples that are set in place. Because HIPAA Compliance starts at the top! Violations happen when someone makes a...

There are many different types of “audits”, so when we refer to audits, we are referring to a “HIPAA audit”. When anyone mentions HIPAA audit, most practices think it won’t happen to them. I hear so often; I have never...

It is the start of a new year and one thing we know for sure; nothing stays the same. Rules change, technology changes, and we must keep up. We wrote about the new Information Blocking Rule last July, but we...

Be careful what you post on your website, you could be charged for false advertising! Some HIPAA compliance companies want you to use their “seal” of compliance. It is great advertising for them, but does it put your practice at...

Medical professionals have had a rough year and a half. This has been trying times for so many and we have had to learn to adapt to new ways of running practices. I was hoping to be able to share...

Many medical providers are so busy trying to run a successful practice they sometimes forget the “technical” side of their business. Hackers know this and capitalize on it. Lately in the news, we have heard about Microsoft and Apple vulnerabilities...

Is your medical practice HIPAA compliant?   Do you have a Risk Management Plan?   Do you have all your HIPAA policies and procedures?   Have your employees completed HIPAA training?   Do you have all your Business Associate agreements...

We try to share useful information as we come across it. Below are some links that we think may be of interest to our audience such as: ICD-10 updates, Fraud, Waste, and Abuse Training, Booklets, and Prevention. We have also...

The OCR released their Summer 2021 Cybersecurity Newsletter and it stated that a recent report of security incidents and data breaches were committed 61% by external actors and 39% by insiders. During COVID last year, systems that monitor audit logs...

As all of you know, HIPAA is a moving target. Just when you think you understand what is going on, it changes. By now, most of you have heard about the 21st Century Cures Act / Information Blocking Rule. This...

Most practices seek assistance from one or more businesses to help them with certain functions within their organization. Depending on the type of service they provide, they may be considered a “Business Associate” under the HIPAA guidelines. So, what defines...

Many practices think once they have conducted a risk analysis, they are done with their HIPAA compliance efforts. Unfortunately, a risk analysis is just the beginning! You must document your ongoing HIPAA efforts through evaluations. 45 CFR § 164.308(a)(8) Evaluation – HIPAA...

April 15, 2021 By Suze Shaffer | Aris Medical Solutions Recently a cosmetic practice was fined $30,000 to settle potential HIPAA Privacy Rule violations. In the past many practices believed if they did not accept insurance payments (considered as a...

When it comes to planning for a disaster, most people think “that won’t happen to me”. Under HIPAA, you are required to ensure the integrity, confidentiality, and available of ePHI. When creating your contingency plan, it is necessary to review...

What the Office for Civil Rights (OCR) and the Department of Health and Human Services (HHS) considers as reasonable and appropriate safeguards are always open for discretion. Every organization is different, and what may work for one, may not for...

It is hard to believe we are in 2021, but I am sure you are like the rest of us and glad to see 2020 in the rear-view mirror. As we move into this new year, we need to look...

Yesterday, the Office for Civil Rights (OCR) at the Department of Health and Human Services (DHHS) released its 2016-2017 HIPAA Audits Report. Although this seems outdated, it typically takes this long to compile the data.  They reviewed selected covered entities...

During this pandemic, the Office for Civil Rights (OCR) relaxed some of the requirements for Telehealth. This has since been retracted. Make sure the service you are using is in fact HIPAA compliant and you have a business associate agreement...

When an employee is terminated, it is necessary to remove access to protected health information (PHI) immediately. It is just as important for employees not to share their log-in credentials with anyone. The City of New Haven, Connecticut found out...

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA,...