News and Toolkit Updates
Recent breach shows importance of BA agreements
Carefully managing your Business Associates (BA) agreements is important. At PrivaPlan we can’t emphasize that enough. The following story illustrates why. As if going to the dentist doesn’t cause enough anxiety, last week 4300 dental patients learned that their personal records may have been compromised. Massachusetts General Hospital (MGH) in Boston contacted the patients about…
Final Guidance from OCR released on De-identification of PHI!
De-identification of PHI has become an increasingly complex issue and requirement with the increased use of electronic health records, health information exchanges and related. The Office of Civil Rights has been working on update guidance on methods of de-identification for some time. The final guidance is now available.
If you’re complying with HIPAA, you should be able to meet Stage 2 of Meaningful Use
The proposed certification rule included particular technical requirements when dealing with patient requests to amend their electronic data. The final rule allows for more flexibility in this technical capability.
From the PrivaPlan Blog
OCR proposes big changes to HIPAA Privacy Rule
This week, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) released proposed changes to the HIPAA Privacy Rule that would “break down barriers that have stood in the way of commonsense care coordination and value-based arrangements for far too long,” according HHS Secretary Alex Azar.
Cyberthreats are lurking in COVID-19 pandemic
“As more of our employees work from home and are under the collective stress of the COVID-19 pandemic we become easy victims,” said David Ginsberg, PrivaPlan president. “Security reminders and awareness at this time are essential.”
Best HIPAA Practices Working From Home During the COVID-19 Emergency
During the Coronavirus emergency, physicians and healthcare providers may want to adopt telemedicine as a way to provide patient care. This is an acceptable practice under HIPAA and California data and privacy laws but some precautions should be followed.
Can I share a coronavirus patient’s information to protect the public?
This month in light of the Novel Coronavirus (2019-nCoV) outbreak, the Department of Health and Human Services (HHS) released a bulletin reminding HIPAA covered entities and their business associates of the ways they may share patient information during an outbreak of infectious disease or other emergency situations.
Important notice regarding individuals’ right of access to health records
The Department of Health and Human Services’ Office for Civil Rights has released an announcement that certain legislative changes regarding individuals’ right of access to health records have been reversed.
Windows 7 support ends January 14, 2020
On January 14, 2020, Microsoft stopped free support for Windows 7 just as promised.
Do you understand what PHI is?
An apparent lack of understanding of what defines Protected Health Information (PHI) has cost one hospital system $2.175 million in fines to the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS).
HHS releases proposal to overhaul patient privacy rules for addiction treatment
The Department of Health and Human Services (HHS) announced proposed changes late last week to the federal regulations governing the confidentiality of patient records created by federally-assisted substance use disorder treatment programs, known as 42 CFR Part 2. Drafted in 1975, 42 CFR Part 2 was designed to protect patient records created by federally-assisted programs…
Are your Business Associates protecting your patient data?
This week, American Medical Collection Agency (AMCA), the billing collections vendor for both Quest Diagnostics and LabCorp, reported to both companies that the data of nearly 20 million customers may have been compromised.
HHS reduces maximum civil penalties for HIPAA violations
The HHS published a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties that changes the interpretation of fines for violations defined under the HITECH Act, effectively reducing some of the annual limits.
Email breaches in three states expose protected health information
Three email system breaches in three states exposed protected health information and each healthcare entity is stepping up efforts so it won't happen again.
PrivaPlan advises rural health care staff to train, train and retrain
Train, train and retrain is at the top of PrivaPlan’s list of practical solutions for being HIPAA compliant.
PrivaPlan HIPAA Certification Program promotes culture of compliance
PrivaPlan’s HIPAA Certification Program is giving healthcare professionals access to what had once been next to impossible to find: a one-stop shop to become a certified HIPAA expert.
HHS waives HIPAA sanctions and penalties for hurricane-affected hospitals
As Hurricane Florence continues its destructive path, hospitals affected by the storm have been given the go ahead to break certain provisions of the HIPAA Privacy Rule.
Judge rules in favor of OCR, orders cancer center to pay $4.3 for HIPAA violations
A HHS Administrative Law Judge has ruled that MD Anderson violated HIPAA and is requiring the Texas cancer center to pay $4.3 million in penalties to the OCR.
W-2 phishing season is here…again
As the tax season gets underway, you can bet that cyber criminals are doing their tax preparations for W-2 phishing; they’re preparing to dupe hundreds of payroll and HR departments into providing W-2 data on their employees.
Phishing scam exposes PHI of patients at Colorado Mental Health Institute
As the year comes to an end, there appears to be no end in sight for healthcare data hacks. An employee at the Colorado Mental Health Institute at Pueblo recently fell for a phishing scam that potentially exposed the PHI of 650 patients.
Will a Federal Data Security and Breach Notification Act finally get passed?
Three Democratic Senators re-introduced a Data Security and Breach Notification Act on Thursday that has failed to get legislative approval since 2015.
New HIPAA guidance released in opioid crisis
Responding to the opioid crisis, the OCR explains when and how healthcare providers can share a patient’s health information without violating HIPAA.
Our experts talk security with rural health care group
David Ginsberg talked about cyber security during one of the three sessions he led at the Colorado Rural Health Care Annual Rural Health Conference this week.
Latest HIMSS cybersecurity report: threats rise, so does security
The August 2017 HIMSS Cybersecurity Report indicates that respondents are taking proactive steps to stay ahead of security threats.
A new cyber threat is also a HIPAA Security threat
Recent analysis of a new variant of what appeared to be ransomware turns out instead to be malicious software that erases files on computers.
Survey finds 68% healthcare employees will share sensitive info
Results from a recent survey reveal that 68% of healthcare employees occasionally share confidential or regulated data.
Health data breaches rise significantly in March
The number of health data breaches for March was more than January and February combined.
FBI warns of cyber attacks on FTP servers in healthcare
An FBI alert warns the healthcare sector that cyber criminals have stepped up attacks targeting their FTP servers.