OCR Director Says HIPAA-Regulated Entities Need to Improve Their Security Posture in 2022
Lisa J. Pino, Director of the Department of HEalth and Human Services’ (HHS) Office for Civil Rights [...]
HIPAA Updates
Legislation Introduced to Start the Process of Modernizing U.S. Health Data Privacy Laws
The Health Insurance Portability and Accountability Act (HIPAA) is more than 25 years old, and it was more [...]
The Deadline for Reporting Small 2021 Healthcare Data Breaches is Fast Approaching
The Breach Notification Rule of the Health Insurance Portability and Accountability Act (HIPAA) requires [...]
COVID-19 Public Health Emergency Extended for Further 90 Days
On January 27, 2020, the Secretary of the Department of Health and Human Services, Alex Azar, announced a [...]
New Jersey Companies Settle State HIPAA Investigation and Pay $425,000 Penalty
The New Jersey attorney general has been the most active enforcer of compliance with the Health Insurance [...]
5 Healthcare Providers Slapped with Financial Penalties for HIPAA Right of Access Violations
The Department of Health and Human Services’ Office for Civil Rights (OCR) launched an enforcement [...]
States Introduce Laws Covering the Collection, Use, and Sharing of Genetic Data
Most healthcare organizations in the United States are required to comply with the Health Insurance [...]
New Jersey Agrees $130,000 HIPAA Settlement with Two Printing Companies
Two printing/mailing vendors have agreed to settle an investigation by the state of New Jersey that alleged [...]
$495,000 HIPAA Settlement Reached Between New Jersey and Fertility Clinic
An investigation by the state of New Jersey into a cyberattack on a fertility clinic has uncovered multiple [...]
OCR Issues Advice on HIPAA and Vaccination Disclosures
The introduction of vaccine mandates by employers, especially in healthcare, has raised questions about HIPAA [...]
HHS Appoints New Director of the Office for Civil Rights
Lisa J. Pino, Director, Office for Civil Rights The Department of Health and Human Services has announced a [...]
FTC Confirms Health Apps and Wearable Devices Covered by FTC Health Breach Notification Rule
The HIPAA Breach Notification Rule requires HIPAA-regulated entities to report data breaches and issue [...]
OCR Imposes $80,000 Fine on Nebraska Hospital for HIPAA Right of Action Violation
Children’s Hospital & Medical Center (CHMC) has agreed to settle a HIPAA Right of Access [...]
NIST Seeks Feedback on HIPAA Security Rule Implementation Guidance
In 2008, the National Institute of Standards and Technology (NIST) released guidance for HIPAA-covered [...]
HHS Information Blocking Regulations are Now in Effect
It has been a long time coming, but the information blocking regulations of the Office of the National [...]
Comment Period on Proposed HIPAA Privacy Rule Changes Extended Until May 6, 2021
On December 10, 2020, the Department of Health and Human Services published a Notice of Proposed Rulemaking [...]
HHS Announces Limited Waiver of HIPAA Fines and Sanctions in in Texas Due to Winter Storm
Norris Cochran, the Acting Secretary of the Department of Health and Human Services, has declared a public [...]
What are the HIPAA e-Signature Requirements?
Digital signatures have been shown to increase the efficiency of many administrative processes in the [...]
HIPAA Enforcement Discretion for Good Faith Use of Online or Web-based Scheduling Applications for COVID-19 Vaccination Appointments
The Office for Civil Rights (OCR) of the Department of Health and Human Services has announced it will be [...]
HHS Announces Largest Ever Financial Penalty for HIPAA Right of Access Failure
The U.S. Department of Health and Human Services has issued its largest ever HIPAA fine for noncompliance [...]
Safe Harbor Introduced for Covered Entities That Adopt Recognized Cybersecurity Best Practices
HIPAA covered entities and their business associates have been provided with a degree of protection against [...]
What are the HIPAA Telephone Rules?
Although there are no specific HIPAA telephone rules, Covered Entities and Business Associates are required [...]
2016/2017 HIPAA Compliance Audit Findings Published by HHS’ Office for Civil Rights
The long-awaited report from the Department of Health and Human Services’ Office for Civil Rights on the [...]
HIPAA Privacy Rule Updates Proposed by HHS
They have been a long time coming, but the Department of Health and Human Services has finally revealed a [...]
OCR Settles 5 More HIPAA Right of Access Cases
In 2019, the HHS’ Office for Civil Rights launched an enforcement initiative targeting organizations that [...]
House of Representatives Votes to Remove Ban on HHS Funding National Patient Identifier System
For the second successive year, the U.S House of Representatives has voted to remove the ban on the [...]
HHS Makes Changes to 42 CFR Part Substance Use Disorder Privacy Provisions
The Department of Health and Human Services Substance Abuse and Mental Health Administration (SAMHSA) has [...]
HHS Delays Enforcement of Information Sharing and Interoperability Rules
The new interoperability and data sharing rules that were announced by the HHS on March 9, 2020 were due to [...]
HHS Issues Notice of Enforcement Discretion for COVID-19 Community-Based Testing Sites
The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a Notice of [...]
OCR Announces Enforcement Discretion for Business Associate Uses and Disclosure of PHI
On April 2, 2020, the Department of Health and Human Services’ Office for Civil Rights (OCR) issued another [...]
2019 Novel Coronavirus and HIPAA Compliance
Important information on the 2019 Novel Coronavirus and HIPAA compliance, the limited HIPAA waiver announced [...]
HHS Publishes Final Interoperability, Information Blocking, and Data Sharing Rules
The U.S. Department of Health and Human Services has released its final interoperability, information [...]
$100,000 HIPAA Fine Imposed on Physician Practice for Security Rule Violations
A $100,000 HIPAA fine has been imposed on a solo physician practice for HIPAA Security Rule failures [...]
HHS Modifies Pharmacy HIPAA Transaction Requirements for Partially Filled Schedule II Drug Prescriptions
The Department of Health and Human Services (HHS) has issued a final rule modifying the pharmacy HIPAA [...]
Fee Limitations on Requests to Send Patient Records to Third Parties Lifted
Following a ruling in a federal court that went against the U.S. Department of Health and Human Services, the [...]
OCR Makes Inflation Adjustment to HIPAA Civil Monetary Penalties
The Office of the Assistant Secretary for Financial Resources (ASFR), Department of Health and Human [...]
Updated Security Risk Assessment Tool Released to Help Covered Entities with HIPAA Security Rule Compliance
The Department of Health and Human Services’ Office for Civil Rights (OCR) has released an updated version [...]
More Financial Penalties for HIPAA Right of Access Compliance Failures Expected
At the OCR/NIST HIPAA Security Conference in Washington D.C., the Director of the Department of Health and [...]
HHS Proposes Changes to Ease Restrictions on Part 2 Substance Abuse Disorder Treatment Records
A new rule has been proposed by the Substance Abuse and Mental Health Services Administration (SAMHSA) that [...]
National Association of Attorneys General Urges Congress to Align Part 2 with HIPAA
The National Association of Attorneys General (NAAG) has written to Congress demanding changes be made to [...]
OCR Publishes New HIPAA FAQ for Health Plans on Care Coordination and Continuity of Care PHI Disclosures
New HIPAA guidance for health plans has been published by the Department of Health and Human Services’ [...]
Almost 2 Million Records Exposed in May 2019 Healthcare Data Breaches
It has been another bad month for the U.S. healthcare industry. Rather than April’s record number of [...]
Medical Informatics Engineering Issued with $100,000 HIPAA Violation Penalty
The Department of Health and Human Services’ Office for Civil Rights has announced a settlement has been [...]
OCR Issues New Advice on HIPAA and Software Applications Used by Patients to Access PHI
The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued new advice on HIPAA [...]
HHS Changes Maximum Penalties for HIPAA Violations
The Department of Health and Human Services (HHS) has made changes to the maximum penalties for HIPAA [...]
CMS Starts HIPAA Simplification Rules Audits
The Centers for Medicare and Medicaid Services (CMS) Division of National Standards has recently announced [...]
Deadline Extended for Comments on HHS Health IT and ePHI Interoperability Rules
New rules were published by the Department of Health and Human Services’ Office of the National Coordinator [...]
Stricter Breach Notification Laws Proposed by D.C. Attorney General
Washington D.C. Attorney General Karl A. Racine wants to reinforce data breach notification regulations to [...]
Dental Offices May Be Fined for Slow Release of Copies of Dental Records
The Dental Board of California revealed in a recent report that some dentists in the state are not giving [...]
Biometric Information Privacy Act Proposed by Florida Lawmakers
New bills (SB 1270 /HB 1153) have been proposed by Senator Gary Farmer (D-FL) and Representative Bobby DuBose [...]
New Jersey Assembly Approves Expanded Definition of Personal Information Requiring Breach Notifications
The New Jersey Assembly unanimously approved a bill that broadens the types of personal data that call for [...]
IRS Warns About Tax-Related Phishing Scams
The IRS has launched its 2019 ‘Dirty Dozen’ campaign, which cautions taxpayers about the 12 most commonly [...]
Nevada Senator Introduces New Data Privacy Act
Nevada Senator Catherine Cortex Masto, (D-NV) recently proposed a bill called the Data Privacy Act, which [...]
New Rules on Patient Access and Information Blocking Proposed by ONC and CMS
The HHS’ Office of the National Coordinator for Health Information Technology (ONC) and the Centers for [...]
Wyoming Hospital Records Act of 1991 May be Repealed
Wyoming is contemplating repealing the Hospital Records Act of 1991. The act was created to make sure [...]
Revised Common Rule Now In Effect
The Federal Policy for the Protection of Human Subjects (45 CFR part 46), also called the Common Rule, has [...]
AMIA and AHIMA Want Adjustments to HIPAA to Improve Accessibility and Portability of Health Information
The American Medical Informatics Association (AMIA) and the American Health Information Management [...]
Greater Alignment of Federal Data Privacy Rules Needed
The American Medical Informatics Association (AMIA) is requesting the Health Insurance Portability and [...]
HHS Plans Request for Information to Discover Issues Hampering Patient Information Sharing and Care Coordination
The HHS has prepared a Request for Information (RFI) to find out how HIPAA Rules are obstructing the sharing [...]
OCR Campaign to Boost Understanding of Civil Rights Protections for Patients Undergoing Opioid Use Disorder Treatment
On October 26, 2017, U.S. President Donald Trump declared that the opioid crisis in the United States was a [...]
Changes in HIPAA Regulations and Enforcement in 2018
What changes in HIPAA regulations could be expected in 2018? Are there new HIPAA regulations expected to be [...]
Limited Waiver of HIPAA Penalties in Florida and Georgia in Aftermath of Hurricane Michael
Alex Azar, secretary of the Department of Health and Human Services (HHS) has waived HIPAA sanctions and [...]
Three Legislation Changes on HIPAA Regulations in 2018 Under Consideration by OCR
Because of the policy of two out for every new regulation, it is likely that there will be few new HIPAA [...]
How is the HITECH Act Related to HIPAA and Electronic Health and Medical Records?
The Health Insurance Portability and Accountability Act (HIPAA) was enacted in August 1996. It was updated in [...]
OCR Pubishes Guidance on Patient Data Sharing During a Public Health Emergency
Following President Trump’s declaration of a public health emergency in Virginia due to Hurricane [...]
HIPAA Violation Cases: 2013 – 2017
This page contains a summary of HIPAA violation cases which led to settlements with the Department of Health [...]
OCR Reminds Healthcare Companies the Proper Disposal of Electronic Devices and Media
The Department of Health and Human Services’ Office for Civil Rights, in the July edition of its [...]
HHS to Release Information for the Proposed Changes on Federal Health Privacy Rules
Alex Azar, Secretary of the Department of Health and Human Services (HHS), explained in an address at The [...]
New Massachusetts Bill Proposes 18 Months Complimentary Credit Monitoring Services for Data Breach Victims
A new bill has been proposed in the state of Massachusetts that aims to enhance protections for customers [...]
Patient Privacy and Security Are Most Important to Consumers According to Aetna Survey
Health insurer Aetna conducted a survey about consumers’ attitudes toward healthcare, their associations [...]
OCR Explains the Importance of Patch Management for HIPAA Compliance
OCR has reminded healthcare organizations of the importance of patch management for HIPAA compliance. Patches [...]
AHA Provides Extensive Feedback on CMS’ Hospital Inpatient Prospective Payment System Proposed Rule
The American Hospital Association (AHA) has submitted extensive comments about the HHS’ Centers for [...]
Common Rule Compliance Date Now January, 19 2019
The federal government published on June 19, 2018 the final rule for the Federal Policy for the Protection of [...]
New Data Protection Law Signed in Colorado
A new bill – HB 1128 – has been signed into law by Colorado Governor John Hickenlooper which [...]
MGMA Urges CMS to Enforce Compliance with HIPAA Administrative Simplification Rules
The Department of Health and Human Services’ Office for Civil Rights has issued many financial penalties [...]
New Cybersecurity Law Covering the Insurance Industry Signed in South Carolina
South Carolina Governor Henry McMaster signed into law the South Carolina Insurance Data Security Act on May [...]
GAO Reports Patients Still Pay Excessive Fees for Copies of Their Medical Records
The Government Accountability Office (GAO) recently conducted an audit which showed that patients still face [...]
OCR Recommends Risk Analysis And Gap Analysis
OCR published in its April 2018 cybersecurity newsletter the importance of performing a gap analysis. While a [...]
Study Shows Gap Between Healthcare Compliance Programs and Expectations of Regulators
Most healthcare compliance officers prioritize the compliance of their organizations with the HIPAA Privacy [...]
ONC Published a New Patient Guidebook to Encourage Patient Health Record Access
The Department of Health and Human Services’ Office of the National Coordinator for Health IT (ONC) [...]
Three Proposed Changes to HIPAA Regulations in 2018
The Trump Administration has introduced a new rule that requires two regulations to be removed for any new [...]
Can Liquid Web Be Used by Healthcare Organizations Without Violating HIPAA Rules?
Liquid Web is a hosting solution provider that has been in the business for 20 years. Is it a HIPAA compliant [...]
Can Healthcare Organizations Use Zoho Without Violating HIPAA Rules?
A Pleasanton, CA-based company has been developing Zoho, a suite of cloud-based tools and applications, since [...]
Healthcare Data Breach Statistics From 2009 to 2017
The Department of Health and Human Services’ Office for Civil Rights began publishing summaries of [...]
New Version of Colorado Data Breach Notification Bill Cuts Reporting to 30 Days
The Colorado data breach notification bill was introduced in January to protect residents against data [...]
Massachusetts Launched a New Online Data Breach Reporting Tool
The Massachusetts Attorney General’s office launched a new online data breach reporting tool. The purpose [...]
Proposed Amendments to the Iowa Breach Notification Act
Iowa Attorney General introduced a new bill that proposes changes to the Iowa Breach Notification Act. Since [...]
South Dakota Data Breach Notification Bill Introduced
There are only two U.S. states that do not have data breach legislation for the protection of their state [...]
Colorado Legislators Propose New Privacy and Data Breach Law
A bipartisan group of legislators in Colorado proposed changing its privacy and data breach notification laws [...]
Second Phase of HIPAA Compliance Audits Likely to Penalize the Noncompliant
Healthcare organizations will pay a big amount for noncompliance with HIPAA Rules. Despite the hefty [...]
HHS Issued Partial HIPAA Privacy Rule Waiver for the Third Time in 2017
The U.S. Department of Health and Human Services issued a partial waiver of HIPAA sanctions and penalties for [...]
How Can HIPAA-Covered Entities Lower the Security Risks of Mobile Device Usage?
Healthcare organizations need to address the security risks associated with the use of mobile devices and [...]
Cottage Health To Pay $2 Million For Failure to Protect Patients’ Privacy and PHI
Santa Barbara-based Cottage Health has agreed to pay $2 million as a financial penalty for a breach case with [...]
HIV Status of its Members May Possibly Revealed in Amida Care Breach
The New York based not-for-profit community health plan provider Amida Care has reported a HIPAA breach that [...]
Clinical Worker Receives Five-Year Prison Sentence for Stealing PHI
A clinic employee has failed to get his 5-year jail term reduced. The man stole the protected health [...]
Clarification on HIPAA Rules on Sharing Patient Information on Opioid Overdoses Issued by OCR
The confusion about HIPAA Rules on sharing patient information on opioid overdoses has been clarified by the [...]
Sharing of EHR Passwords is Common: Report
According to the released results of a recent survey, the practice of sharing EHR passwords is commonplace, [...]
What is the HIPAA breach notification rule?
Despite the Health Insurance Portability and Accountability Act of 1996 being one of the most vital pieces of [...]
McGraw leaves Department of Health and Human Services’ Office for Civil Rights (OCR)
Deven McGraw, the Deputy Director for Health Information Privacy at the Department of Health and Human [...]
Is Dropbox HIPAA compliant?
Dropbox is a widely-used file hosting service used by many groups to share files, but is Dropbox HIPAA [...]
HIPAA Compliant Business Associates can be Found Easily Using New Tool
Healthcare groups are only authorized to use business associates that agree to adhere with HIPAA Rules and [...]
How many HIPAA Violations in 2016?
The Department of Health and Human Services’ Office for Civil Rights (OCR) has increased its enforcement [...]
Telemedicine HIPAA requirements
The Telemedicene HIPAA requirements affect any medical sector employee or healthcare organization that [...]
Limited Waiver of HIPAA Sanctions issues by HSS in aftermath of Californian Wildfires
A limited waiver of HIPAA sanctions and penalties was issued by the Secretary of the U.S. Department of [...]
What is HIPAA compliant texting?
The answer to the question “What is HIPAA compliant texting” is generally unclear. Although HIPAA does [...]
What are the HIPAA email compliance requirements?
There has been much debate about HIPAA email compliance requirements since amendments were made to the Health [...]
HIV Status of Amida Care Members Potentially Revealed Due to Mailing Error
Amida Care, the New York not-for-profit community health plan, has announced that it has experienced HIPAA [...]
HIPAA Encryption Requirements
HIPAA encryption requirements have proved a source of much confusion. This is due to the technical safeguards [...]
What are the HIPAA Requirements for Mobile Devices?
Healthcare organizations and other HIPAA-covered entities have embraced mobile technology and are permitting [...]
HHS Withdraws Proposed Certification Rule After Concerns Raised
The United States Department of Health and Human Services (HHS) proposed a new rule for certification of [...]
Why was HIPAA Created?
The Healthcare Insurance Portability and Accountability Act (HIPAA) was signed into law on August 21, 1996 [...]
What are the rules for HIPAA Compliant Telemedicine?
The rule for HIPAA Compliant Telemedicine in call centers is something every company, providing an answering [...]
What are the HIPAA Rules Regarding Text Messaging?
Labeling text messaging as a HIPAA violation is not strictly correct. Whether text messages are a violation [...]
What are the Penalties for HIPAA Violations?
The Department of Health and Human Services’ Office for Civil Rights (OCR) and state attorneys general can [...]
Initiative to Help Small Healthcare Providers with HIPAA Compliance Launched by HITRUST/AMA
A new initiative – that will assist small healthcare providers with HIPAA compliance, cybersecurity and [...]
New Proposals from AHA Aim to Reduce Regulatory Burdens
In a recent correspondence with the House Ways and Means Health Subcommittee, the American Hospital [...]
Hurricane Maria Disaster Zone Has Partial HIPAA Privacy Rule Waiver Imposed
The U.S. Department of Health and Human Services (HHS) has already imposed two partial waivers of HIPAA [...]
How the Compliancy Group Can Help Covered Entities Pass a HIPAA Audit
The second round of HIPAA compliance audits by the Department of Health and Human Services’ Office for [...]
OCR Encourage Patients to Get Copies of Their Health Data
The Department of Health and Human Services’ Office for Civil Rights has introduced a new campaign to [...]
Hospitals Within the Irma Disaster Zone Granted Limited HIPAA Waiver
A public health crisis was declared in some parts of the U.S. Virgin Islands, Florida and Puerto Rico, which [...]
OCR Tells Covered Entities to Prepare for Hurricanes and Other Natural Disasters
Hospitals in the states of Louisiana and Texas needed to make sure medical services are provided through the [...]
A Review of HIPAA Settlement Cases for Big Breaches in 2017
The Director of the Department of Health and Human Services’ Office for Civil Rights (OCR), Roger Severino, [...]
AHA Wrote Congress to Lessen Regulatory Pressure on Hospitals
The American Hospital Association (AHA) sent a letter to the House Ways and Means Health Subcommittee and [...]
HHS Declares in Hurricane Harvey Disaster Zone the Partial Waiver of Sanctions and Penalties for HIPAA Privacy Rule Violations
During emergency situations for example natural disasters, HIPAA Privacy Rule compliance can be a difficult [...]
FTC Published the Basics of Preventing Data Breaches
Next generation firewalls, intrusion detection systems, insider threat control solutions as well as data [...]
HIPAA-Covered Entities Violate the Breach Notification Rule When Delaying Breach Notifications
Under the HIPAA Breach Notification Rule (45 CFR §§ 164.400-414), covered entities need to notify the [...]
Protenus’ Insight on 2017 Breach Barometer Mid-Year Report
Protenus, together with Databreaches.net, made its Breach Barometer mid-year report. It discusses all [...]
Copyright © 2007-2022 The HIPAA Guide Site Map Privacy Policy About The HIPAA Guide