HIPAA Law

Hopefully, all those who work in the healthcare industry will be aware of their duties under HIPAA. Primarily, they are required to ensure that the security and integrity of patients’ private data (Protected Health Information, or PHI) are maintained. However, there may be some confusion regarding the disclosure of PHI. The flow of information is … Read more

Most people who know of the Health Insurance Portability and Accountability act of 1996 will know that it protects patient privacy. But how far does the Act extend? Does it prevent workers from sharing stories about their practice? How much can healthcare workers disclose about their day? Is telling a story about a patient a … Read more

What does HIPAA Protect? What kinds of information are covered by the Act, and why is it important that this data is protected? We will discuss the answers to those questions in this post.  HIPAA had many purposes when it was introduced, ranging from tax reform to expanding access to health insurance. However, it is … Read more

Given how well-known the Health Insurance Portability and Accountability Act is, it may be surprising to learn how narrowly defined a “Covered Entity” is. Possession of health data does not automatically make an organization subject to HIPAA law, leading many to ask: what is a covered entity under HIPAA? Which organizations are required to follow … Read more

What happens after a HIPAA complaint is filed? Is there a specific timeline that a patient can expect to be followed? How should complaints be made in the first place?  Under HIPAA, all patients have the right to complain to healthcare organizations, health plans, or healthcare clearinghouses (all deemed to be HIPAA “Covered Entities”, CEs) … Read more

How do you avoid HIPAA violations? Should HIPAA Covered Entities and Business Associates resign themselves to the fact that HIPAA violations are hard to avoid and give up trying to avoid them? Of course, the answer to that question is “no”, and during this article we will discuss what can be done to avoid HIPAA … Read more

Despite the Health Insurance Portability and Accountability Act (HIPAA) first being enacted over 20 years ago, some organizations are still found to be violating HIPAA Rules. Common causes for violations are related to security procedures. Below, we will outline some essential areas that HIPAA covered entities and their business associates should review to avoid sanctions … Read more

Are Amazon Web Services (AWS) HIPAA Compliant? AWS includes the necessary features to be used in compliance with HIPAA’s Security Rule and Amazon will enter into Business Associate Agreements (BAA) with covered entities. Does this mean AWS is HIPAA compliant? As we often state, even when tools include all the required settings they must be … Read more

Must Emails be Archived to Comply with HIPAA? HIPAA’s Security Rule does not stipulate that email archives must be HIPAA compliant. However, covered entities should consider archiving their email correspondence in a HIPAA compliant manner. The Security Rule does stipulate that electronic communications that include PHI must be kept for at least six years. These … Read more

HIPAA compliance and Saas (Software as a Service) is another area that is causing confusion for many in the healthcare space. This is somewhat understandable as HIPAA was originally introduced in 1996, when the idea of SaaS and cloud storage platforms was far from the common consciousness. More recent Acts and Rules, such as 2009’s … Read more

Is GoToMeeting HIPAA compliant? Could HIPAA covered entities or their business associates use GoToMeeting to share protected health information (PHI) and stay compliant with HIPAA? GoToMeeting is an online conferencing tool developed by LogMeIn. Many solutions of this type exist to enable people to share desktops and perform meetings remotely and they offer a number … Read more

The Health Insurance Portability and Accountability Act, better known as HIPAA, is an important piece of legislation governing many aspects related to healthcare, but who enforces HIPAA? Which federal departments or bureaus are concerned with checking that covered entities and their business associates are acting in compliance with HIPAA Rules? Who Enforces HIPAA? The chief … Read more

Is Microsoft Azure HIPAA compliant? Can HIPAA covered entities use Microsoft Azure cloud services in compliance with HIPAA Rules? A lot of healthcare organizations are looking to the cloud as a better way to offer some of their services. Indeed, many have already made the switch. While the cloud represents a number of improvements in … Read more

Loss or theft of mobile devices can lead to the breaches of the largest volume of protected health information (PHI), but HIPAA security breaches are most often caused by unauthorized access to patients’ medical records by nosy employees. Veriphyr Identity and Access Intelligence carried out a survey and found that of the seven-out-of-ten entities that … Read more

HIPAA record retention requirements is understood to relate to two separate but similar retention requirements: those for HIPAA medical record retention and those for HIPAA record retention. This similarity has led to some uncertainty. Below we will try to explain which records are required to be kept for HIPAA compliance and what records covered entities … Read more

In specific circumstances, HIPAA covered entities are allowed to share sets of identifiable healthcare information, known as limited data sets, with authorized institutions and remain in compliance with the HIPAA Privacy Rule. In such cases, data can be shared for research, public health information, and healthcare operations without obtaining permission from patients. Limited data sets … Read more

While pagers may be seen as an effectively dead technology, there could still be issues arising from their use with protected health information (PHI). Though largely replaced by other messaging devices, some are wondering whether the use of pagers and paging is HIPAA compliant. Are Pagers HIPAA Compliant? The HIPAA Security and Privacy Rules require … Read more

Under Federal Regulations, specifically 45 CFR 164.308 – the HIPAA Security Rule’s Administrative Safeguards – HIPAA covered entities must appoint a HIPAA Security Officer. The Security Officer must develop and introduce internal policies and processes to safeguard the integrity of electronic protected health information (ePHI). IT managers are commonly put in this role as ePHI … Read more

All staff members should have been trained on their obligations under HIPAA Rules, but how and when should awareness and knowledge of HIPAA be promoted and increased? How regularly should refresher courses or further training be given? The various organizations subject to HIPAA Rules – covered entities, their business associates, and others – are required … Read more

Despite the best efforts of healthcare organizations and their business associates to protect data and follow HIPAA’s Security, Privacy, and Breach Notification Rules, information breaches can and do still happen. While cybercriminals are the breach bogeymen for most business sectors, healthcare often finds itself let down by its own staff. Even with the best procedures … Read more

Even some of the more basic aspects of the Health Insurance Portability and Accountability Act (HIPAA) can be difficult to understand, but when it comes to self-insured or self-administered health group plans, the level of complexity goes up a notch. Under HIPAA, healthcare clearing houses, providers, and health plans (referred to as covered entities), are … Read more

The HIPAA Privacy Rule puts a number of restrictions in place to keep protected health information (PHI) secure. This also hampers healthcare organizations’ ability to share information. A way to share data while remaining HIPAA compliant could be the de-identification of information. PHI that has been de-identified has had its identifying elements removed. HIPAA’s Privacy … Read more

Last year, Deven McGraw of the Department of Health and Human Services’ Office for Civil Rights (OCR) spoke about 2017’s HIPAA guidance. In 2016, the Joint Commission revised their position by allowing the use of text messages for orders, but this was quickly banned again. Later that year the Joint Commission again changed the ruling … Read more

Personal phones are increasingly finding themselves being used by healthcare professional to share patient data with care teams. This is an obvious breach of HIPAA Rules. Even if the data is sent to authorized individuals, the use of insecure and unencrypted networks to share sensitive information such as test results and patient data is a … Read more

Texting and HIPAA Compliance for Call Centers Any company that provides an answering or call-forwarding service for the healthcare sector needs to be aware of their obligations under the Health Insurance Portability and Accountability Act (HIPAA). Following the introduction of the Final Omnibus Rule in 2013, companies that provide services relating to the processing, sharing, … Read more

The Majority of SMS Messages Violate HIPAA There is no specific rule under HIPAA that outlaws protected health information (PHI) being sent via SMS – “Short Message Service”. However, there are a number of criteria that must be met for the use of SMS to send PHI to be HIPAA compliant. Many SMS messages violate … Read more

Google Docs and Google Drive are tools that facilitate document sharing, but can they be used to share documents containing protected health information (PHI)? Is using Google Docs HIPAA compliant? Is using Google Docs HIPAA compliant? The answer to whether using Google Docs is HIPAA compliant or not is both yes and no. Whether a … Read more

The ability to sign documents electronically has led to gains in efficiency in many industries, including the healthcare sector. However, there is still doubt over whether e-signatures are acceptable under HIPAA rules. The simple answer is “yes, they are acceptable and can be used”, but steps must be taken to validate the security and legal … Read more

Under the Healthcare Insurance Portability and Accountability Act (HIPAA), all HIPAA-covered entities and business associates must appoint a person (or persons) to the role of HIPAA Compliance Officer. A current employee can be appointed or a new role can be created. The Compliance Officer position can even be filled by outsourcing the duties temporarily or … Read more

A North Audubon Hospital registered nurse had her employment contract terminated as a penalty following an allegation by a patient that she had violated HIPAA regulations. Dianna Hereford contested the termination on the grounds of a HIPAA violation by filing an action in Jefferson Circuit Court and stating she had “strictly complied with HIPAA regulations”. … Read more

Almost every HIPAA covered entity, as well as their business associates and the healthcare professionals they employ, does their utmost to guaranteed HIPAA rules are respected – but what happens when an unintentional HIPAA violation occurs? What should covered entities, healthcare employees, and business associates do? How Should Healthcare Employees Report an Unintended HIPAA Violation? … Read more

Can mobile devices be used to transmit health information under HIPAA? Mobile devices such as smartphones, tablets, and other portable devices have transformed the way people work and send information. Healthcare providers and HIPAA-covered entities are no exception and mobile devices can be found in almost every health facility. Sharing information via mobile data may … Read more

The Health Insurance Portability and Accountability Act, commonly know as HIPAA, has probably been the most significant set of regulations to impact the healthcare industry since it first came into law in 1996. Despite this, there are still a number of insurers and healthcare providers that do not fully understand their requirements under HIPAA, especially … Read more

Dropbox offers healthcare organizations a simple tool to store and share files, but is Dropbox HIPAA compliant? Can entities use Dropbox to save or transfer protected health information (PHI)? Is Dropbox HIPAA Complaint? Dropbox offers a service where files can be saved to cloud storage and shared with other users. Many individuals and companies share … Read more

Skype and similar messaging platforms are useful tools to rapidly share information, but is Skype compliant with HIPAA regulations? Would sending protected health information (PHI) via Skype as part of an electronic text message violate HIPAA rules? Currently, the topic of whether Skype is HIPAA compliant is up for debate. While messages are encrypted and … Read more

Is it possible for patients to sue or file lawsuits for a HIPAA violation? As there is no private cause of action in HIPAA, it is not possible for a patient to sue for a HIPAA violation under HIPAA rules. Patients are not entitled to seek damages for violation of HIPAA rules even in cases … Read more

HIPAA password requirements call for a number of processes to be established to create, modify, and protect passwords if no other equally effective security option is in use. We advise the use of two factor authentication as the optimal method to comply with HIPAA password requirements. The HIPAA Security Rule outlines the HIPAA password requirements … Read more

What is a HIPAA Texting Policy? A HIPAA Texting Policy is a guide or set of procedures that should be drawn up following a review of methods used by staff, medical professionals, and business associates to transmit protected health information (PHI). Any risks that have been identified during the review should be addressed by the … Read more

Cloud storage offers a number of benefits to companies in many industries, but can covered entities in the healthcare industry use Microsoft OneDrive? Is OneDrive HIPAA compliant? Microsoft Office 365 Business Essentials is a standard software package that is successfully used by healthcare providers. It also includes an online exchange for email. Another feature of … Read more

Every healthcare employee should know how to report a HIPAA violation, who they should report the violation to, and if the violation warrants a report to the Department of Health and Human Services’ Office for Civil Rights (OCR). HIPAA covered entities and their business associates are obliged to investigate any possible HIPAA violation that occurs … Read more

The Health Insurance Portability and Accountability Act, commonly known as HIPAA, is a law that people often talk about, but why is HIPAA so important? What did HIPAA change and how does it impact patients and the healthcare industry? HIPAA came into effect in 1996 with the goal of addressing the issue of health insurance … Read more

For the moment, Amazon’s Alexa is not HIPAA compliant. This reduces its utility to those in the healthcare field. This is surely only temporary and a HIPAA compliant version may be on its way. Amazon’s cloud platform, Amazon Web Services (AWS), can be used in compliance with HIPAA, and Amazon are said to be interested … Read more

Google Voice is a telephony service from Google used by people as a call forwarding and messaging service, among other functions. Many are asking the question of whether Google Voice is HIPAA compliant or not – can it be used by healthcare employees in compliance with HIPAA rules? Is Google Voice HIPAA compliant? Google Voice … Read more

Following the introduction of end-to-end encryption, many Covered Entities are wondering is WhatsApp HIPAA compliant. Although end-to-end encryption protects PHI during transit, the popular messaging app does not include all the features required to comply with the Health Insurance Portability and Accountability Act. It is a common misconception that encryption alone make an app HIPAA … Read more

Although Microsoft has developed a number of products to meet the needs of businesses in regulated industries, not all are HIPAA compliant. Is Microsoft Outlook HIPAA compliant? That depends on the version of Outlook used, how it is configured, and the content of the Business Associate Agreement supporting the service. As HIPAA is technology neutral, … Read more

Although the Health Insurance Portability and Accountability Act stipulates employee training is mandatory, neither the Privacy Rule not the Security Rule provide guidelines regarding the HIPAA training requirements. This can be a significant obstacle to Covered Entities working towards HIPAA compliance. Businesses in the healthcare and health insurance industries (Covered Entities) and businesses providing services … Read more

To answer the question Is Slack HIPAA Compliant, one has to look at its functions and, more importantly, the mechanisms it has in place to protect the integrity of Protected Health Information at rest and in transit. Also, one has to look at the content of the company´s Business Associate Agreement. Slack – an acronym … Read more

Google Hangouts is one among many apps, social media tools, and messaging services that healthcare professionals want to use to share protected health information (PHI). Is Google Hangouts HIPAA compliant and can it be used to share PHI? Is Google Hangouts HIPAA Compliant? Healthcare organizations use a range of Google services every day. Google Hangouts, … Read more

Is Facebook Messenger HIPAA compliant and can it be used by healthcare professionals to share protected health information (PHI) in compliance with HIPAA Rules? Healthcare professionals are increasingly using non-traditional communication tools and platforms. Many are wondering if these platforms can be used to share PHI. Somewhat thanks to Facebook’s popularity, their chat application Facebook … Read more

HIPAA covered entities must know their obligations under the HIPAA Breach Notification Rule and have processes ready to be put in place should a protected health information (PHI) disclosure be discovered. Even if covered entities are familiar with the requirements in theory, those who have never suffered a breach may not understand their duties in … Read more

The Health Insurance Portability and Accountability Act, more commonly known as HIPAA, imposes a number of restrictions and requirements on the healthcare sector, but what is the purpose of HIPAA? Healthcare staff can be quite vocal on things prohibited by HIPAA, but are the gains worth the effort? What is the Purpose of HIPAA? Enacted … Read more

If you need to make a HIPAA complaint, do you know who complaints should be directed to within your covered entity? All healthcare staff who believe that have knowledge of a violation of HIPAA should report the violation internally. Generally, organizations have an appointed Privacy Officer, and this is normally the person you should report … Read more

If a Nurse violates HIPAA rules, what happens next? How would this HIPAA violation be dealt with and what penalties could an individual face for accidentally or deliberately violating HIPAA by accessing, disclosing, or sharing protected health information (PHI) without proper authorization? All covered entities and their business associates must follow the Health Insurance Portability … Read more

A Declaratory Ruling and Order to clarify HIPAA rules concerning patient telephone calls has been issued by the Federal Communication Commission (FCC) Understanding of and compliance between the Telephone Consumer Protection Act (TCPA) and patient telephone call rules under HIPAA have long caused trouble for a number of healthcare providers. Finally, 24 years after the … Read more

FaceTime is a video call service offered by Apple between certain iOS devices, but is it HIPAA compliant? Would it be against HIPAA Rules to use FaceTime to share protected heath information (PHI)? Below, we will review the security measures used by FaceTime; ask whether a business associate agreement (BAA) with Apple would be necessary; … Read more

Blockchain technology is widely spoken about when discussing the security of cyptocurrency transactions, but could blockchain be used for medical records? Could the use of blockchain technology benefit and improve the security of healthcare data? It is still early days when it comes to using blockchain to access medical records, but the potential improvements in … Read more

Is Google’s G Suite HIPAA compliant? Can healthcare organizations and covered entities use G Suite and not be in violation of HIPAA? Google have included a number of security and privacy features in G Suite to ensure it can be used in a manner compliant with the HIPAA Security Rule. Google have also shown their … Read more