The HIPAA Guide is an important source of information for individuals and organizations covered by the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH), and regulations issued by the Centers for Medicare & Medicaid Services (CMS) relating to patient privacy and data security.
The HIPAA Guide not only includes HIPAA compliance guidelines for privacy and security, but also advice about HIPAA training, conducting HIPAA risk assessments, and avoiding unintentional HIPAA violations. The unintentional HIPAA violations page is relevant because, although few HIPAA violations are intentional, the events mentioned are rarely covered in HIPAA training or risk assessments.
With regards to training, although training is required under the HIPAA Privacy and Security Rules, there is no set curriculum. The position of the Department of Health and Human Services (HHS) is that each Covered Entity should tailor compliance training to its individual needs. Therefore we provide a sample HIPAA training curriculum that Covered Entities may wish to use as a foundation for their own courses.
Possibly the most important section of the HIPAA Guide concerns risk assessments. Risk assessments are the backbone of HIPAA compliance, not just for Covered Entities, but also for Business Associates and third-party service providers. The HIPAA Guide covers all areas of risk assessments – from conducting an assessment to formulating a risk management plan. We also suggest tools to help with the process.
Many HIPAA Covered Entities and Business Associates not only have to comply with HIPAA, HITECH, and CMS regulations, but also with other privacy and data security legislation – such as the EU´s General Data Protection Regulation (GDPR) and California´s Consumer Privacy Act (CCPA). Laws in other states may also require Covered Entities to conduct gap assessments to determine their level of compliance.
Here at the HIPAA Guide, we cannot stress strongly enough the importance of complying with GDPR and other state privacy and data security laws. Although a European law, complaints have been filed against a number of large U.S. firms for breaches of GDPR that could result in substantial fines for non-compliance. We anticipate an increase in complaints both from Europe and domestically.
Updates to relevant privacy and data security laws are regularly published on HIPAA Guide in our news section. This section is conveniently broken down into HIPAA Advice, HIPAA Breaches, and Cybersecurity News for easy navigation. Visitors can also search for specific news events by keyword or tag for HIPAA compliance guidelines relevant to their industry sector.
As HIPAA Guide is a valuable and frequently-updated for source for HIPAA, HITECH and HHS updates, we recommend visitors bookmark this page and return periodically. Alternatively, in order to receive the latest news items via social media, visitors are invited to follow @HIPAAGuide on Twitter and share content of interest among colleagues and industry partners. Thank you for visiting.