Gazelle Consulting

Who Enforces HIPAA?

HIPAA, which stands for the Health Insurance Portability and Accountability Act, is enforced by the Office for Civil Rights (OCR), which is an arm of the Department of Health and Human Services (HHS).

Phew, now that we’ve gotten the acronyms out of the way…

Background on HIPAA Enforcement

Prior to 2003, the HIPAA laws had no enforcement provisions, meaning that while the HHS had issued Privacy and Security rules, they were really just asking nicely for providers to comply.… Read More

Do Healthcare Apps Need to be HIPAA Compliant?

Healthcare apps are a rising trend in the healthcare industry, from patient centered health record tracking apps, to on-demand coverage details for HMOs.

Mobile apps are often developed by individual developers, app development firms, or by the covered entities themselves. With such a wide variety of circumstances and development environments, how can an app developer determine whether or not they need to follow HIPAA compliance guidelines for their app?… Read More

HIPAA Breach Notification Letter

Most HIPAA compliant businesses understand that they must notify HHS of any breach that affects more than 500 patients to the HHS no later than 60 days after the breach occurs.

But how do you report small breaches of under 500 individuals? 

How to Draft a HIPAA Breach Notification Letter

HHS has another set of guidelines for these small breaches, which require organizations to submit a list of all breaches affecting fewer than 500 individuals within a jurisdiction no later than 60 days after the end of the calendar year.… Read More

Do I need to be HIPAA Compliant?

We frequently get this question from clients.

The answer ultimately comes down to whether or not your business is a covered entity, a business associate, or neither.

Do I need to be HIPAA Compliant?

The only business entities that have a responsibility to maintain HIPAA compliance are covered entities which are defined as follows:

  1. Health plans;
  2. Health care clearinghouses;
  3. Health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.
Read More