Gazelle Consulting

Who Enforces HIPAA?

HIPAA, which stands for the Health Insurance Portability and Accountability Act, is enforced by the Office for Civil Rights (OCR), which is an arm of the Department of Health and Human Services (HHS).

Phew, now that we’ve gotten the acronyms out of the way…

Background on HIPAA Enforcement

Prior to 2003, the HIPAA laws had no enforcement provisions, meaning that while the HHS had issued Privacy and Security rules, they were really just asking nicely for providers to comply.… Read More

Do Healthcare Apps Need to be HIPAA Compliant?

Healthcare apps are a rising trend in the healthcare industry, from patient centered health record tracking apps, to on-demand coverage details for HMOs.

Mobile apps are often developed by individual developers, app development firms, or by the covered entities themselves. With such a wide variety of circumstances and development environments, how can an app developer determine whether or not they need to follow HIPAA compliance guidelines for their app?… Read More

HIPAA Breach Notification Letter

Most HIPAA compliant businesses understand that they must notify HHS of any breach that affects more than 500 patients to the HHS no later than 60 days after the breach occurs.

But how do you report small breaches of under 500 individuals? 

How to Draft a HIPAA Breach Notification Letter

HHS has another set of guidelines for these small breaches, which require organizations to submit a list of all breaches affecting fewer than 500 individuals within a jurisdiction no later than 60 days after the end of the calendar year.… Read More