There have been major growing pains as the healthcare industry has collectively struggled to rise to the occasion as HIPAA compliant businesses.
We often hear stories about clinics or hospitals refusing to disclose patient records to the patients themselves or other providers without dealing with extensive red tape and headaches.… Read More
2018 was a year of serious HIPAA Enforcement.
Between the Vice Lords Gang, FileFax, and Anthem, there was no shortage of HIPAA cases.
Since 2003 the establishment of the Enforcement Act, an addendum to HIPAA that gave the OCR the right to enforce HIPAA on behalf of the HHS, we’ve seen an ever increasing number of fines and breaches.… Read More
HIPAA, which stands for the Health Insurance Portability and Accountability Act, is enforced by the Office for Civil Rights (OCR), which is an arm of the Department of Health and Human Services (HHS).
Phew, now that we’ve gotten the acronyms out of the way…
Background on HIPAA Enforcement
Prior to 2003, the HIPAA laws had no enforcement provisions, meaning that while the HHS had issued Privacy and Security rules, they were really just asking nicely for providers to comply.… Read More
Critics of the HIPAA regulations have been crying about the unnecessary regulatory burden to anyone who will listen ever since its advent.
Healthcare apps are a rising trend in the healthcare industry, from patient centered health record tracking apps, to on-demand coverage details for HMOs.
Mobile apps are often developed by individual developers, app development firms, or by the covered entities themselves. With such a wide variety of circumstances and development environments, how can an app developer determine whether or not they need to follow HIPAA compliance guidelines for their app?… Read More
Most HIPAA compliant businesses understand that they must notify HHS of any breach that affects more than 500 patients to the HHS no later than 60 days after the breach occurs.
But how do you report small breaches of under 500 individuals?
How to Draft a HIPAA Breach Notification Letter
HHS has another set of guidelines for these small breaches, which require organizations to submit a list of all breaches affecting fewer than 500 individuals within a jurisdiction no later than 60 days after the end of the calendar year.… Read More
Many covered entities work with vendors, consultants, lawyers, data managers and more for subcontracted services that require the use of PHI.
In order to release PHI to a subcontractor, covered entities are required to obtain a signed Business Associate Agreement that describes their HIPAA responsibility.… Read More
In September of 2015, the Office for Civil Rights (OCR) announced a new plan to strengthen HIPAA enforcement in response to criticism from the Office of Inspector General (OIG).
The OCR will be beefing up their compliance investigations and expanding their audit program in 2016.… Read More