Category Archives: HIPAA Compliance

Minimizing Risk for a Breach in Compliance

The most cost effective approach to HIPAA compliance is to lessen the possibility of a Breach through timely learning that is designed to deepen knowledge and change culture.When addressing the learning requirements of HIPAA §164.308 relative to Security and HIPAA

$125,000 – Still Another 100% Avoidable Fine

There continues to be a steady stream of large settlements with HHS-OCR with recurring theme. They have been avoidable. Of note is a recent $125,000 settlement with a small one-location pharmacy Cornell Prescription Pharmacy in Denver, CO (“The Pharmacy”). NOTE:

Role-Specific Learning and Independence Blue Cross

The recent Breach of 12,500 records at Independence Blue Cross is yet another example of where an incident could have been prevented by role-specific learning and appropriate process. In addition to the fines that are certain to follow, the fix

Slave computers and Cassidy Wolf (Miss Teen USA)

Dateline’s special broadcast regarding the hacking of the computers of Cassidy Wolf (Miss Teen USA) and her friends for the purpose of extortion was a sobering reminder about the ease of setting up slave computers. Did you know that there

Software updates and HIPAA

HHS/OCR has made it clear by the recently assessed $150,000 fine that a Breach due to the failure to maintain software via updates and patches will be dealt with harshly. Just ask Anchorage Community Mental Health Services after its AVOIDABLE

The Metric for Compliance in a Negligence Suit

The previous HIPAA Update News by addressed the Connecticut Supreme Court’s ruling in the Emily Byrne vs. Avery Center for Obstetrics and Gynecology case. That ruling is allowing a case to be heard that is using HIPAA as the

HIPAA and the right to Sue

It has been generally understood that HIPAA has not permitted individuals impacted by a Breach to sue for damages. Some Covered Entities have even relied on this “shelter from non-governmental litigation” in their risk management. However, the recent ruling in

HIPAA and the Need-to-Know

 HIPAA and the Need-to-know HIPAA prohibits the disclosure of protected health information to anyone that does not have a professional need-to-know. The need-to-know standard is applied on a person-by-person basis and NOT by departments or units. HIPAA and EBOLA in

Defense of Marriage Act and HIPAA

The U.S. Supreme Court’s ruling regarding the Defense of Marriage Act (“DOMA”) in United States v. Windsor has impacted a number of rules and regulations including HIPAA. HIPAA’s Privacy Rule allows care providers (as Covered Entities) to share information about

Remorse and repercussions

Your invited to share as appropriate. So the story goes something like this… Two thieves broke into an office and steal a laptop on May 25th from Self Regional Healthcare. The theft was caught on video and reported to the