Sign in

News and Toolkit Updates


Recent breach shows importance of BA agreements

Carefully managing your Business Associates (BA) agreements is important. At PrivaPlan we can’t emphasize that enough. The following story illustrates why. As if going to the dentist doesn’t cause enough anxiety, last week 4300 dental patients learned that their personal records may have been compromised. Massachusetts General Hospital (MGH) in Boston contacted the patients about…

From the PrivaPlan Blog


Be wary of recent Instagram and Facebook scams

When scammers pretending to be us try to fool our own followers on social media, things can quickly take a turn for the worse if our friends and family take the bait. Be suspicious and always ask yourself some questions before clicking through.


HHS releases new guidance for audio-only telehealth

This week the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released guidance to ensure covered health care providers and health plans stay HIPAA compliant when providing audio-only telehealth services.


What HIPAA Sanctions and Penalties are Waived in Declared Emergencies?

Regarding privacy issues during declared disasters, you should know when some HIPAA requirements are set aside or modified to better serve those who might otherwise suffer.


Top 5 HIPAA compliance issues and who commits them

Every hour of every day an average of two HIPAA complaints come into the Department of Health and Human Services’ Office for Civil Rights (OCR). Let us help you stay in compliance and stay off the OCR’s complaint list.


The Great Resignation Has Great Consequences on Your Data
3 Tips for Protecting Data When Employees Quit

Quitters. They’re everywhere. At least this is true concerning the Great Resignation where, in the past few years, millions have quit their jobs to seek out higher pay or better employment. If you are worried that former employees may still know how to access your data, these 3 steps will help.


HIPAA Updates are Focus of Proposed Legislation

What happens online stays online. It’s a fact of modern living. However, when that pertains to patient data, is enough being done to protect who has access to it?


October is Cybersecurity Awareness Month – Are You Cyber Smart?

Cybersecurity Awareness Month kicks off this week, now in its 18th year and hosted by the Cybersecurity & Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA).


Smishing is to texts what phishing is to emails and it’s getting worse

Smishing attacks are on the rise, capable of stealing credentials and distributing malware right into that device in the palm of your hand – your phone. The term smishing is a combination of "SMS" (short message services, widely referred to as texting) with phishing.


U.S. Government Announces New One-Stop Ransomware Website

The U.S. Government has launched a new website touted as a “One-Stop Location to Stop Ransomware.” Aptly named,, it is designed to help public and private organizations defend against the rise in ransomware cases.


Be Aware of Cyber Criminals During Amazon Prime Day

Along with all the legitimate promotions that continue to pop up on your screen from Amazon, the bad guys are also sending special deals to lure enthusiastic online shoppers into various phishing campaigns...


Vendor Mistakes Are Being Blamed for Latest Data Breaches

CVS Health and Volkswagen have been contacting millions of their customers to tell them that their personal information has been exposed. In two separate incidences, both companies were recently alerted that vendor errors compromised their data.


New COVID-19 vishing scam targets nursing homes

A new COVID-19 phone scam is targeting nursing homes in the Midwest. Called vishing, these phone calls use the guise of test results to steal personal information.


The COVID-19 Vaccine Phishing Campaigns are Here

The COVID-19 vaccines began arriving in U.S. hospitals this week, and as expected, the phishing campaigns are in full force, with an increase in suspicious texts or emails claiming to have information about the vaccine in exchange for personal information.


OCR proposes big changes to HIPAA Privacy Rule

This week, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) released proposed changes to the HIPAA Privacy Rule that would “break down barriers that have stood in the way of commonsense care coordination and value-based arrangements for far too long,” according HHS Secretary Alex Azar.


Alert: Imminent and increased threat of cybercrime attacks against healthcare industry

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued a Joint Cybersecurity Advisory October 28 siting “credible information” they have on an “imminent and increased” threat of cybercrime attacks against the US healthcare industry with the goal of locking down systems, stealing data, and extorting money.


Sign up now for Oct. 27th Webinar: Managing Cybersecurity During a Pandemic

BlueNovo and PrivaPlan will provide tips and tricks to safeguard your systems and people.


Alert: Postcard Disguised as Official OCR Communication is in the Mail

Though the postage is marked first class, the mailer’s intent is not. In fact, it is another low-class act by scammers. The United States Office for Civil Rights (OCR) released a statement on August 6 about postcards that are being sent to health care organizations disguised as official OCR communications, claiming to be notices of a mandatory HIPAA compliance risk assessment.


OCR Ensures Patients Can Receive Religious Visitations During COVID-19 in a Maryland Health System

Tuesday the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) announced the resolution of a religious discrimination complaint against Prince George’s Hospital Center of the University of Maryland Medical System (UMMS) after UMMS adopted new policies ensuring clergy access to patients for religious purposes during the COVID-19 pandemic.


Microsoft warns of COVID-19 phishing attack via Excel

Microsoft is warning users about an infected Excel email attachment that can wreak major havoc when opened. The massive phishing attack started on May 12 appearing as emails from the Johns Hopkins Center with an Excel attachment that claims to be US deaths caused by the Coronavirus.


OCR warns there is an individual posing as OCR Investigator

On April 3, the Office for Civil Rights (OCR) issued an alert that an individual posing as an OCR Investigator has contacted HIPAA covered entities in an attempt to obtain protected health information (PHI).


Cyberthreats are lurking in COVID-19 pandemic

“As more of our employees work from home and are under the collective stress of the COVID-19 pandemic we become easy victims,” said David Ginsberg, PrivaPlan president. “Security reminders and awareness at this time are essential.”


Best HIPAA Practices Working From Home During the COVID-19 Emergency

During the Coronavirus emergency, physicians and healthcare providers may want to adopt telemedicine as a way to provide patient care. This is an acceptable practice under HIPAA and California data and privacy laws but some precautions should be followed.


Can I share a coronavirus patient’s information to protect the public?

This month in light of the Novel Coronavirus (2019-nCoV) outbreak, the Department of Health and Human Services (HHS) released a bulletin reminding HIPAA covered entities and their business associates of the ways they may share patient information during an outbreak of infectious disease or other emergency situations.


Important notice regarding individuals’ right of access to health records

The Department of Health and Human Services’ Office for Civil Rights has released an announcement that certain legislative changes regarding individuals’ right of access to health records have been reversed.


Do you understand what PHI is?

An apparent lack of understanding of what defines Protected Health Information (PHI) has cost one hospital system $2.175 million in fines to the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS).