The HIPAA Security Officer’s Responsibilities

Under Federal Regulations, specifically 45 CFR 164.308 – the HIPAA Security Rule’s Administrative Safeguards – HIPAA covered entities must appoint a HIPAA Security Officer. The Security Officer must develop and introduce internal policies and processes to safeguard the integrity of electronic protected health information (ePHI). IT managers are commonly put in this role as ePHI … Read more

When Should You Promote HIPAA Awareness?

All staff members should have been trained on their obligations under HIPAA Rules, but how and when should awareness and knowledge of HIPAA be promoted and increased? How regularly should refresher courses or further training be given? The various organizations subject to HIPAA Rules – covered entities, their business associates, and others – are required … Read more

How to Prevent HIPAA Violations

Despite the best efforts of healthcare organizations and their business associates to protect data and follow HIPAA’s Security, Privacy, and Breach Notification Rules, information breaches can and do still happen. While cybercriminals are the breach bogeymen for most business sectors, healthcare often finds itself let down by its own staff. Even with the best procedures … Read more

HIPAA Compliance for Self-Insured Health Plans

Even some of the more basic aspects of the Health Insurance Portability and Accountability Act (HIPAA) can be difficult to understand, but when it comes to self-insured or self-administered health group plans, the level of complexity goes up a notch. Under HIPAA, healthcare clearing houses, providers, and health plans (referred to as covered entities), are … Read more

HIPAA and De-identification of Protected Health Information

The HIPAA Privacy Rule puts a number of restrictions in place to keep protected health information (PHI) secure. This also hampers healthcare organizations’ ability to share information. A way to share data while remaining HIPAA compliant could be the de-identification of information. PHI that has been de-identified has had its identifying elements removed. HIPAA’s Privacy … Read more

HIPAA Social Media and Texting Guidelines

Last year, Deven McGraw of the Department of Health and Human Services’ Office for Civil Rights (OCR) spoke about 2017’s HIPAA guidance. In 2016, the Joint Commission revised their position by allowing the use of text messages for orders, but this was quickly banned again. Later that year the Joint Commission again changed the ruling … Read more

HIPAA Cell Phone Regulations

Personal phones are increasingly finding themselves being used by healthcare professional to share patient data with care teams. This is an obvious breach of HIPAA Rules. Even if the data is sent to authorized individuals, the use of insecure and unencrypted networks to share sensitive information such as test results and patient data is a … Read more

HIPAA Compliance Requirements for Call Centers

Texting and HIPAA Compliance for Call Centers Any company that provides an answering or call-forwarding service for the healthcare sector needs to be aware of their obligations under the Health Insurance Portability and Accountability Act (HIPAA). Following the introduction of the Final Omnibus Rule in 2013, companies that provide services relating to the processing, sharing, … Read more

HIPAA SMS Compliance and Regulations

The Majority of SMS Messages Violate HIPAA There is no specific rule under HIPAA that outlaws protected health information (PHI) being sent via SMS – “Short Message Service”. However, there are a number of criteria that must be met for the use of SMS to send PHI to be HIPAA compliant. Many SMS messages violate … Read more

Is Using Google Docs HIPAA Compliant

Google Docs and Google Drive are tools that facilitate document sharing, but can they be used to share documents containing protected health information (PHI)? Is using Google Docs HIPAA compliant? Is using Google Docs HIPAA compliant? The answer to whether using Google Docs is HIPAA compliant or not is both yes and no. Whether a … Read more

Can E-Signatures be Used Under HIPAA Rules?

The ability to sign documents electronically has led to gains in efficiency in many industries, including the healthcare sector. However, there is still doubt over whether e-signatures are acceptable under HIPAA rules. The simple answer is “yes, they are acceptable and can be used”, but steps must be taken to validate the security and legal … Read more

What are the Duties of HIPAA Privacy Officers and HIPAA Security Officers

Under the Healthcare Insurance Portability and Accountability Act (HIPAA), all HIPAA-covered entities and business associates must appoint a person (or persons) to the role of HIPAA Compliance Officer. A current employee can be appointed or a new role can be created. The Compliance Officer position can even be filled by outsourcing the duties temporarily or … Read more

Termination of Nurse Following HIPAA Violation Upheld by Court

A North Audubon Hospital registered nurse had her employment contract terminated as a penalty following an allegation by a patient that she had violated HIPAA regulations. Dianna Hereford contested the termination on the grounds of a HIPAA violation by filing an action in Jefferson Circuit Court and stating she had “strictly complied with HIPAA regulations”. … Read more

How Should You Respond to an Unintentional HIPAA Violation?

Almost every HIPAA covered entity, as well as their business associates and the healthcare professionals they employ, does their utmost to guaranteed HIPAA rules are respected – but what happens when an unintentional HIPAA violation occurs? What should covered entities, healthcare employees, and business associates do? How Should Healthcare Employees Report an Unintended HIPAA Violation? … Read more

Mobile Data Security and HIPAA compliance

Can mobile devices be used to transmit health information under HIPAA? Mobile devices such as smartphones, tablets, and other portable devices have transformed the way people work and send information. Healthcare providers and HIPAA-covered entities are no exception and mobile devices can be found in almost every health facility. Sharing information via mobile data may … Read more

A Summary of the HIPAA Breach Notification Rule

The Health Insurance Portability and Accountability Act, commonly know as HIPAA, has probably been the most significant set of regulations to impact the healthcare industry since it first came into law in 1996. Despite this, there are still a number of insurers and healthcare providers that do not fully understand their requirements under HIPAA, especially … Read more

Is Dropbox HIPAA Compliant?

Dropbox offers healthcare organizations a simple tool to store and share files, but is Dropbox HIPAA compliant? Can entities use Dropbox to save or transfer protected health information (PHI)? Is Dropbox HIPAA Complaint? Dropbox offers a service where files can be saved to cloud storage and shared with other users. Many individuals and companies share … Read more

Is Skype HIPAA Compliant?

Skype and similar messaging platforms are useful tools to rapidly share information, but is Skype compliant with HIPAA regulations? Would sending protected health information (PHI) via Skype as part of an electronic text message violate HIPAA rules? Currently, the topic of whether Skype is HIPAA compliant is up for debate. While messages are encrypted and … Read more

Can Patients Sue Following HIPAA Violations?

Is it possible for patients to sue or file lawsuits for a HIPAA violation? As there is no private cause of action in HIPAA, it is not possible for a patient to sue for a HIPAA violation under HIPAA rules. Patients are not entitled to seek damages for violation of HIPAA rules even in cases … Read more

HIPAA Password Requirements and How to Comply With Them

HIPAA password requirements call for a number of processes to be established to create, modify, and protect passwords if no other equally effective security option is in use. We advise the use of two factor authentication as the optimal method to comply with HIPAA password requirements. The HIPAA Security Rule outlines the HIPAA password requirements … Read more

HIPAA Texting Policy

What is a HIPAA Texting Policy? A HIPAA Texting Policy is a guide or set of procedures that should be drawn up following a review of methods used by staff, medical professionals, and business associates to transmit protected health information (PHI). Any risks that have been identified during the review should be addressed by the … Read more

Is Microsoft OneDrive HIPAA Compliant?

Cloud storage offers a number of benefits to companies in many industries, but can covered entities in the healthcare industry use Microsoft OneDrive? Is OneDrive HIPAA compliant? Microsoft Office 365 Business Essentials is a standard software package that is successfully used by healthcare providers. It also includes an online exchange for email. Another feature of … Read more

Reporting HIPAA Violations

Every healthcare employee should know how to report a HIPAA violation, who they should report the violation to, and if the violation warrants a report to the Department of Health and Human Services’ Office for Civil Rights (OCR). HIPAA covered entities and their business associates are obliged to investigate any possible HIPAA violation that occurs … Read more

The Importance of HIPAA

The Health Insurance Portability and Accountability Act, commonly known as HIPAA, is a law that people often talk about, but why is HIPAA so important? What did HIPAA change and how does it impact patients and the healthcare industry? HIPAA came into effect in 1996 with the goal of addressing the issue of health insurance … Read more

Is Amazon’s Alexa HIPAA Compliant?

For the moment, Amazon’s Alexa is not HIPAA compliant. This reduces its utility to those in the healthcare field. This is surely only temporary and a HIPAA compliant version may be on its way. Amazon’s cloud platform, Amazon Web Services (AWS), can be used in compliance with HIPAA, and Amazon are said to be interested … Read more

Is Google Voice HIPAA Compliant?

Google Voice is a telephony service from Google used by people as a call forwarding and messaging service, among other functions. Many are asking the question of whether Google Voice is HIPAA compliant or not – can it be used by healthcare employees in compliance with HIPAA rules? Is Google Voice HIPAA compliant? Google Voice … Read more

Is WhatsApp HIPAA Compliant?

Following the introduction of end-to-end encryption, many Covered Entities are wondering is WhatsApp HIPAA compliant. Although end-to-end encryption protects PHI during transit, the popular messaging app does not include all the features required to comply with the Health Insurance Portability and Accountability Act. It is a common misconception that encryption alone make an app HIPAA … Read more

Is Microsoft Outlook HIPAA Compliant?

Although Microsoft has developed a number of products to meet the needs of businesses in regulated industries, not all are HIPAA compliant. Is Microsoft Outlook HIPAA compliant? That depends on the version of Outlook used, how it is configured, and the content of the Business Associate Agreement supporting the service. As HIPAA is technology neutral, … Read more

HIPAA Training Requirements

Although the Health Insurance Portability and Accountability Act stipulates employee training is mandatory, neither the Privacy Rule not the Security Rule provide guidelines regarding the HIPAA training requirements. This can be a significant obstacle to Covered Entities working towards HIPAA compliance. Businesses in the healthcare and health insurance industries (Covered Entities) and businesses providing services … Read more

Is Slack HIPAA Compliant?

To answer the question Is Slack HIPAA Compliant, one has to look at its functions and, more importantly, the mechanisms it has in place to protect the integrity of Protected Health Information at rest and in transit. Also, one has to look at the content of the company´s Business Associate Agreement. Slack – an acronym … Read more

Is Google Hangouts HIPAA Compliant?

Google Hangouts is one among many apps, social media tools, and messaging services that healthcare professionals want to use to share protected health information (PHI). Is Google Hangouts HIPAA compliant and can it be used to share PHI? Is Google Hangouts HIPAA Compliant? Healthcare organizations use a range of Google services every day. Google Hangouts, … Read more

Is Facebook Messenger HIPAA Compliant

Is Facebook Messenger HIPAA compliant and can it be used by healthcare professionals to share protected health information (PHI) in compliance with HIPAA Rules? Healthcare professionals are increasingly using non-traditional communication tools and platforms. Many are wondering if these platforms can be used to share PHI. Somewhat thanks to Facebook’s popularity, their chat application Facebook … Read more

HIPAA Violation Reporting Requirements

HIPAA covered entities must know their obligations under the HIPAA Breach Notification Rule and have processes ready to be put in place should a protected health information (PHI) disclosure be discovered. Even if covered entities are familiar with the requirements in theory, those who have never suffered a breach may not understand their duties in … Read more

What is the Purpose of HIPAA

The Health Insurance Portability and Accountability Act, more commonly known as HIPAA, imposes a number of restrictions and requirements on the healthcare sector, but what is the purpose of HIPAA? Healthcare staff can be quite vocal on things prohibited by HIPAA, but are the gains worth the effort? What is the Purpose of HIPAA? Enacted … Read more

What happens if a nurse violates HIPAA?

If a Nurse violates HIPAA rules, what happens next? How would this HIPAA violation be dealt with and what penalties could an individual face for accidentally or deliberately violating HIPAA by accessing, disclosing, or sharing protected health information (PHI) without proper authorization? All covered entities and their business associates must follow the Health Insurance Portability … Read more

Rules Concerning HIPAA and Patient Telephone Calls Confirmed by FCC

A Declaratory Ruling and Order to clarify HIPAA rules concerning patient telephone calls has been issued by the Federal Communication Commission (FCC) Understanding of and compliance between the Telephone Consumer Protection Act (TCPA) and patient telephone call rules under HIPAA have long caused trouble for a number of healthcare providers. Finally, 24 years after the … Read more

Is FaceTime HIPAA Compliant?

FaceTime is a video call service offered by Apple between certain iOS devices, but is it HIPAA compliant? Would it be against HIPAA Rules to use FaceTime to share protected heath information (PHI)? Below, we will review the security measures used by FaceTime; ask whether a business associate agreement (BAA) with Apple would be necessary; … Read more

The Benefits of Using Blockchain for Medical Records

Blockchain technology is widely spoken about when discussing the security of cyptocurrency transactions, but could blockchain be used for medical records? Could the use of blockchain technology benefit and improve the security of healthcare data? It is still early days when it comes to using blockchain to access medical records, but the potential improvements in … Read more

Is G Suite HIPAA Compliant?

Is Google’s G Suite HIPAA compliant? Can healthcare organizations and covered entities use G Suite and not be in violation of HIPAA? Google have included a number of security and privacy features in G Suite to ensure it can be used in a manner compliant with the HIPAA Security Rule. Google have also shown their … Read more