The Consequences of Medical Record Snooping Today, I am discussing the consequences of unauthorized access or disclosure of protected health information or medical record snooping. Snooping applies to either paper or electronic records. These days most medical record snooping is carried out using the organization’s electronic health record (EHR) system. In March 2022, Fierce Healthcare analyzed …
HIPAA Breach Notification Reporting Times In a recent article I broke down the HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, into what the Department of Health and Human Services (HHS) requires Covered Entities (CEs) AND their third-party vendors, what to do in the event of a breach of unsecured protected health information (PHI). Today I am going a step deeper …
HHS is Not the Only Federal Agency Enforcing HIPAA Breach Notification Rule This week I am breaking down the HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, directly from Health and Human Services (HHS). HIPAA Breach Notification Rule requires hospitals, insurance companies, healthcare providers and their third-party vendors provide notification following a breach of unsecured protected health information (PHI). …
3 Things to Include in Your HIPAA Compliance Officer Job Description Today, I am discussing what 3 things your HIPAA Compliance Officer job description should include. First, I need to share some background with you, the Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires Covered Entities and their third-party vendors to formally designate a Compliance Officer. …
Social Media Policy – Do You Have One? Your social media policy should define and control your organization’s use of social media. Remember: There is no one size fits all solution, so what we recommend is to review a variety of approaches in order to determine what may work well for you. Here are some …
Social Media – The Good, The Bad, and The Ugly … Without guidance from Health and Human Services, it can be difficult to know how to navigate the healthcare social media rules. Providers, agencies, and brands need to create informative, engaging social content. At the same time, you need to follow industry rules and regulations. …
When Things Get Really Ugly … Here is an example of what NOT to do on social media!! This post was made in a PUBLIC Facebook group for medical billers. When I saw it … That’s right it did make my blood boil. I immediately sent a private message to the …
Why Does It Matter? The Administrative Safeguards of the HIPAA Security Rule requires Covered Entities (CEs) and Business Associates(BAs) to: Implement procedures for creating, changing and safeguarding passwords [For details see: Security Awareness and Training, §164.308(a)(5)]. Make sure you create and regularly use strong passwords (i.e. usually 10 characters or more and includes uppercase and lowercase letters, numbers, and special characters …
HIPAA Security Incident vs BreachWhat’s the Difference? Today I am breaking down the difference between a HIPAA security incident vs breach. First, allow me to set the stage with definitions to provide some clarification. What are HIPAA Security Incidents? The HIPAA Security Rule defines security incidents as attempted or successful unauthorized access, use, disclosure, modification, or destruction of information …
HIPAA Security Incident vs Breach What’s the Difference? Read More »
Why You Need A Current HIPAA Risk Analysis Conducting a HIPAA risk analysis is the first step in identifying the risks in your organization. The Department of Health and Human Services (HHS) requires healthcare organizations and their third-party vendors that create, receive, maintain or transmit identify risks and vulnerabilities that effects electronic protected health information (e-PHI). Once the …