Everything you need to know about HIPAA
10 years of HIPAA advice
More Financial Penalties for HIPAA Right of Access Compliance Failures Expected
HHS Proposes Changes to Ease Restrictions on Part 2 Substance Abuse Disorder Treatment Records
National Association of Attorneys General Urges Congress to Align Part 2 with HIPAA
9 Unsecured Medical Databases Found Containing Millions of Patient Records
HIPAA Right of Access Failure Attracts $85,000 Financial Penalty
400 Million Medical Images Found to Be Freely Accessible Over the Internet
Guidance Issued on Securing Picture Archiving and Communications Systems
Guidance on Securing Corporate-Owned Personally Enabled Devices in Healthcare
Breach Notification Rule Failure Leads to $2.175 Million HIPAA Settlement
Failure to Encrypt ePHI on Portable Devices Results in $3 Million Financial Penalty
German Telecoms Company Gets $10.6 Million Fine for Noncompliance with GDPR
German Real Estate Company Issued with €14.5 Million GDPR Fine for Unlawful Data Retention
Poland Issues €645,000 GDPR Penalty for Lack of Organizational and Technical Safeguards
Complaint Submitted to Irish DPC over Alleged Google GDPR Workaround
The HIPAA Guide is an important source of information for individuals and organizations covered by the Health Insurance Portability and Accountability Act (HIPAA), the Health Information Technology for Economic and Clinical Health (HITECH), and regulations issued by the Centers for Medicare & Medicaid Services (CMS) relating to patient privacy and data security.
The HIPAA Guide not only includes HIPAA compliance guidelines for privacy and security, but also advice about HIPAA training, conducting HIPAA risk assessments, and avoiding unintentional HIPAA violations. The unintentional HIPAA violations page is relevant because, although few HIPAA violations are intentional, the events mentioned are rarely covered in HIPAA training or risk assessments.
With regards to training, although training is required under the HIPAA Privacy and Security Rules, there is no set curriculum. The position of the Department of Health and Human Services (HHS) is that each Covered Entity should tailor compliance training to its individual needs. Therefore we provide a sample HIPAA training curriculum that Covered Entities may wish to use as a foundation for their own courses.
Possibly the most important section of the HIPAA Guide concerns risk assessments. Risk assessments are the backbone of HIPAA compliance, not just for Covered Entities, but also for Business Associates and third-party service providers. The HIPAA Guide covers all areas of risk assessments – from conducting an assessment to formulating a risk management plan. We also suggest tools to help with the process.
Many HIPAA Covered Entities and Business Associates not only have to comply with HIPAA, HITECH, and CMS regulations, but also with other privacy and data security legislation – such as the EU´s General Data Protection Regulation (GDPR) and California´s Consumer Privacy Act (CCPA). Laws in other states may also require Covered Entities to conduct gap assessments to determine their level of compliance.
Here at the HIPAA Guide, we cannot stress strongly enough the importance of complying with GDPR and other state privacy and data security laws. Although a European law, complaints have been filed against a number of large U.S. firms for breaches of GDPR that could result in substantial fines for non-compliance. We anticipate an increase in complaints both from Europe and domestically.
Updates to relevant privacy and data security laws are regularly published on HIPAA Guide in our news section. This section is conveniently broken down into HIPAA Advice, HIPAA Breaches, and Cybersecurity News for easy navigation. Visitors can also search for specific news events by keyword or tag for HIPAA compliance guidelines relevant to their industry sector.
As HIPAA Guide is a valuable and frequently-updated for source for HIPAA, HITECH and HHS updates, we recommend visitors bookmark this page and return periodically. Alternatively, in order to receive the latest news items via social media, visitors are invited to follow @HIPAAGuide on Twitter and share content of interest among colleagues and industry partners. Thank you for visiting.
Certificates of Creditable Coverage Not Needed Any More Under HIPAA
HHS’ Final Rule on Confidentiality of Alcohol and Drug Abuse Patient Records Regulations
Copyright © 2007-2018 The HIPAA Guide Site Map Privacy Policy About The HIPAA Guide