HIPAA compliance and regulation
Health Insurance Portability and Accountability Act (HIPAA) is a federal law that establishes national standards for safeguarding protected health information. Maintaining HIPAA compliance is essential to protecting patients and avoiding penalties and fines. Get the latest HIPAA news and learn strategies for compliance with HIPAA and other healthcare privacy and security regulations.
Top Stories
-
Podcast
04 Nov 2024
Understanding new NY hospital cybersecurity regulations
Recently enacted New York State general hospital cybersecurity requirements could be a sign of what's to come for the healthcare sector as a whole. Continue Reading
-
News
25 Oct 2024
HHS, NIST conference: OCR identifies top priority areas
Updating the HIPAA Security Rule is one of OCR's current top priorities, OCR Director Melanie Fontes Rainer said during an HHS/NIST conference on safeguarding health information. Continue Reading
-
News
23 Jun 2020
Judge Sends Episcopal Health Data Breach Lawsuit Back to State Court
Citing a lack of standing for a federal lawsuit, a New York federal judge sent a data breach lawsuit against Episcopal Health down to state court as the allegations fall under HIPAA. Continue Reading
-
News
15 Jun 2020
OCR Shares COVID-19 Guide on Contacting Patients for Blood Donations
In light of COVID-19, OCR reminds healthcare providers that HIPAA allows covered entities to contact patients recovering from the Coronavirus to inform them about blood and plasma donations. Continue Reading
-
News
12 Jun 2020
Community Care Patients Sue Accounting Firm Over Data Breach
BST, the accounting firm for Community Care Physicians, was targeted by Maze ransomware in December. One of the 170,000 patients impacted by the breach has sued BST, citing negligence. Continue Reading
-
News
03 Jun 2020
Aveanna Healthcare Faces Lawsuit Over Monthlong Data Breach
Patients have filed a lawsuit against Aveanna Healthcare over a monthlong data breach, alleging the provider lacked adequate security and failed to provide timely notice, among other claims. Continue Reading
-
News
01 Jun 2020
Crafting Successful Business Associate Agreements, Breach Response
The latest Healthcare Strategies’ podcast sheds light on needed elements for a successful business associate agreement, including breach response, with Impact Advisors’ Shefali Mookencherry. Continue Reading
-
News
11 May 2020
Zoom Settles with NY AG Over COVID-19-Related Privacy, Security Issues
As COVID-19 drove Zoom participation up 2,000 percent, reports found serious privacy and security risks in the platform; the New York AG settlement will enforce security controls requirements. Continue Reading
-
Feature
08 May 2020
Insights into HHS COVID-19 HIPAA Waivers and Lasting Implications
HHS and OCR have issued several COVID-19 HIPAA waivers around telehealth and data sharing amid the pandemic. But it’s crucial providers keep privacy and security in focus. Continue Reading
-
News
06 May 2020
COVID-19: OCR Reminds Providers of Media Access Restrictions to PHI
Even during the COVID-19 emergency, OCR reminds providers that HIPAA restricts the media and film crews from accessing areas where PHI could be accessible without patient authorization. Continue Reading
-
News
05 May 2020
LabCorp Hit with Shareholder Lawsuit Over 2 Separate Data Breaches
Following a second breach in less than a year, a LabCorp shareholder is suing the testing giant in an attempt to recoup share value losses. Continue Reading
-
News
01 May 2020
Ciitizen: ‘Significant Improvement’ in HIPAA Right of Access Compliance
The third version of Ciitizen’s Patient Record Scorecard, evaluating providers on their compliance with the HIPAA Privacy Rule's Right of Access, saw ‘significant improvement’ from the initial reports. Continue Reading
-
News
13 Apr 2020
OCR Lifts HIPAA Penalties for COVID-19 Community-Based Testing Sites
In the latest move to support the COVID-19 response, OCR announced it will lift penalties around HIPAA noncompliance for Community-Based Testing Sites during the pandemic. Continue Reading
-
News
06 Apr 2020
Sens. Probe Privacy, Cybersecurity of Apple COVID-19 Screening Tools
Four Democratic Senators are asking Apple to explain the privacy and cybersecurity practices of its COVID-19 screening app and website, in light of its data collection efforts. Continue Reading
-
News
03 Apr 2020
OCR Permits Business Associates to Share Patient Data During COVID-19
A new enforcement discretion by OCR will allow business associates to share PHI with public health authorities in good faith, without fear of an OCR penalty for HIPAA noncompliance. Continue Reading
-
News
25 Mar 2020
OCR Shares COVID-19 PHI, Data Sharing Guidance for First Responders
In light of the COVID-19 pandemic, OCR provided insights on how protected health information can be shared with first responders and law enforcement in compliance with the HIPAA Privacy Rule. Continue Reading
-
News
23 Mar 2020
OCR Clarifies HIPAA Liability on Telehealth Use During COVID-19
Two days after OCR announced it would lift penalties around telehealth use during the COVID-19 pandemic, its officials released clarifications around HIPAA compliance to ease concerns. Continue Reading
-
News
18 Mar 2020
OCR Lifts HIPAA Penalties for Telehealth Use During COVID-19
Following HHS' lead, OCR announced it won’t impose penalties for noncompliance against covered providers who use telehealth vendors that may not fully comply with HIPAA during COVID-19. Continue Reading
-
News
17 Mar 2020
HHS Issues Limited Waiver of HIPAA Sanctions Due to Coronavirus
HHS Secretary Alex Azar lifted certain HIPAA sanctions in response to the Coronavirus pandemic, including obtaining patient consent before sharing information with family about the individual's care. Continue Reading
-
News
04 Mar 2020
Senators Press Ascension on Data Sharing Agreement with Google
Calling Google’s responses to their inquiry incomplete, a group of senators are asking Ascension to shed light on its data sharing agreement with Google in light of patient privacy concerns. Continue Reading
-
News
03 Mar 2020
Judge Finalizes Quest Diagnostics Settlement Over 2016 Data Breach
First proposed in October, a judge has finalized the data breach lawsuit settlement between Quest Diagnostics and the patients impacted by a 2016 hack of the testing giant’s patient application. Continue Reading
-
News
03 Mar 2020
OCR Settles with Utah Provider for $100K Over HIPAA Security Failures
Provider Steven Porter, MD in Ogden, Utah settled with HHS OCR after failing to implement HIPAA security requirements, such as conducting a risk analysis of potential risks to patient data. Continue Reading
-
News
02 Mar 2020
OIG Finds NIH Security Practices Potentially Put EHR Data at Risk
An OIG audit around NIH's EHR security found that while it had some established controls, the agency’s security practices and policies may have increased the potential risk to its EHR data. Continue Reading
-
News
18 Feb 2020
OIG Finds Serious Misuse of Medicare Data Transactions by Pharmacies
A recent OIG audit of mail-order pharmacy’s Medicare Part D E1 transactions found rampant improper access and misuse of Medicare beneficiary data by pharmacies. Continue Reading
-
News
29 Jan 2020
Judge Rules Against HHS Over HIPAA Right of Access Third-Party Fees
Ciox Health sued HHS in 2018 to stop what it called “irrational” enforcement of the HIPAA Right of Access rule around third parties; a federal judge ruled HHS overstepped on fee limitations. Continue Reading
-
Answer
22 Jan 2020
Key Elements for Secure Business Associate Agreements, Relationships
Impact Advisors’ Shefali Mookencherry dives into key elements for building secure business associate agreements and relationships that can protect the covered entity in the event of a data breach. Continue Reading
-
News
17 Jan 2020
Sen. Warner Digs into DHA Over Exposed Army Medical Center Images
Millions of medical images are being exposed online through unsecured PACS; Sen. Warner is demanding action from DHA as sensitive health data is still being leaked through Army PACS. Continue Reading
-
News
15 Jan 2020
ONC Draft Federal Health IT Strategy Puts Privacy, Security in Focus
HHS ONC shares its draft Federal Health IT Strategy for 2020 to 2025, designed to improve investments and develop standards, among other goals with a focus on patient privacy and security. Continue Reading
-
News
14 Jan 2020
Health Plans Struggle with HIPAA Compliance, Unprepared for Audit
Many health plan sponsors aren't fully compliant with HIPAA or struggle to remain compliant with the rule, which means they are not prepared for an OCR HIPAA audit, Buck researchers find. Continue Reading
-
News
06 Jan 2020
HSCC Tells HHS: Include Patching in Stark Law Cybersecurity Donations
In response to HHS proposed changes to Stark Law and the Anti-Kickback Statute, HSCC is urging stakeholders to include patching and updates as allowable donations to protect providers. Continue Reading
-
News
17 Jun 2019
Proposed Bill Would Close HIPAA Gaps, Curb Health App Privacy Risks
A proposed bipartisan bill would direct HHS to create regulations for health tech like apps and direct-to-consumer genetic tests, which HIPAA does not cover, to bolster patient privacy. Continue Reading
-
Feature
05 Oct 2018
Complying with the HIPAA Privacy Rule During Emergency Situations
The last thing on healthcare professionals’ minds in emergency situations is complying with the HIPAA Privacy Rule, but it should be a priority. Continue Reading
-
News
10 Sep 2018
Identifying the Challenges to Securing Patient Data
Numerous challenges to securing patient data post threats to health data security, including significant financial costs. Continue Reading
-
News
27 Aug 2018
Oklahoma Hospital Sued for Alleged HIPAA Violation Over Drowning
McAlester Regional Health Center in Oklahoma is being sued for an alleged HIPAA violation for sharing information on a boy’s drowning with his biological mother, reported the Pauls Valley Democrat newspaper on Aug. 23. Continue Reading
-
Answer
24 Jul 2018
How Does HIPAA Apply to Wearable Health Technology?
The use of wearable health technology is expected to expand substantially within the next few years. How do HIPAA security and privacy protections apply to wearables and the health data they collect and store? Continue Reading
-
News
11 Jun 2018
New York Suspends Nurse for HIPAA Violation Affecting 3K Patients
The state of New York has suspended Martha Smith-Lightfoot, a former nurse at the University of Rochester Medical Center, for a HIPAA violation affecting more than 3,000 patients. Continue Reading
-
News
04 Jun 2018
Did EMS Worker Commit HIPAA Violation With Facebook Post?
Did an emergency medical services worker in Tennessee commit a HIPAA violation with a Facebook post that described the peculiar location of an emergency response—a chicken coop? Continue Reading
-
News
24 Jan 2018
Why Providers Need a Disaster Recovery Plan for EHR Security
Covered entities can help ensure a more comprehensive approach to EHR security by having a current disaster recovery plan in place. Continue Reading
-
News
13 Sep 2017
How HIPAA Rules Apply with Law Enforcement Investigations
A recent case in Utah brought forth concerns in how HIPAA rules actually apply when it comes to law enforcement investigations. Continue Reading
-
News
22 Sep 2016
The Role of HIM Professionals in HIPAA Compliance
When it comes to HIPAA compliance, healthcare organizations’ HIM professionals must ensure that those on the privacy and security sides are able to work together. Continue Reading
-
Feature
16 Sep 2016
HIPAA Data Breaches: What Covered Entities Must Know
Covered entities and their business associates need to understand the basics of how HIPAA data breaches are determined, and what they can do to keep information secure. Continue Reading
-
News
19 Aug 2016
The Role of Nurses in HIPAA Compliance, Healthcare Security
Maintaining HIPAA compliance is essential for any healthcare provider, and nurses are key tools in protecting patients’ healthcare security. Continue Reading
-
Feature
19 Aug 2016
The Role of Risk Assessments in Healthcare
Healthcare risk assessments are not only required under HIPAA regulations, but can also be a key tool for organizations as they develop stronger data security measures. Continue Reading
-
News
20 Jun 2016
How Do HIPAA Rules, Patient Privacy Apply in Emergencies?
Healthcare organizations need to understand how HIPAA rules apply in emergency situations, ensuring that patient privacy is not unnecessarily compromised. Continue Reading
-
News
17 Mar 2016
HHS Reviews HIPAA Regulations for Workplace Wellness Programs
Employers must comply with HIPAA Regulations when collecting PHI for wellness programs as part of a health plan, HHS states. Continue Reading
-
News
25 Jan 2016
What are Top HIPAA Compliance Concerns, Obstacles?
Maintaining HIPAA compliance and the exposure of patient data following a breach and are among the top challenges for HealthITSecurity.com readers. Continue Reading
-
News
18 Jan 2016
Understanding Physical Safeguards, Healthcare Data Security
Physical safeguards still present a great opportunity for healthcare organizations to ensure health data security. Continue Reading
-
News
31 Jul 2015
How Do HIPAA Regulations Affect Judicial Proceedings?
HIPAA regulations must still be followed throughout legal proceedings. Continue Reading
-
News
20 Oct 2014
HIPAA Best Practices: Acceptable Use Policies, Team Training
Creating Acceptable Use Policies (AUP) and then training your employees is essential for security at your healthcare organization. Continue Reading
-
News
06 Oct 2014
AHIMA Releases Information Governance Principles for Healthcare
AHIMA determined that there are eight core principles involving data privacy and security for healthcare organizations to consider. Continue Reading
-
News
17 Jun 2014
HIPAA Privacy Rule: Permitted PHI uses and disclosures
HealthITSecurity.com kicked off its HIPAA Privacy Rule series with a breakdown of permitted protected health information (PHI) uses and disclosures. Continue Reading