NIST Seeks Comments on Version 2.0 of HIPAA Security Rule Compliance Guidance

“Cyber threats and cybersecurity controls have evolved significantly over the past two decades since the HIPAA Security Rule were originally promulgated. During this same time, healthcare entities have increasingly become a prime target of hackers seeking to extort payment using ransomware, exfiltrate patient data to commit fraud, or disrupt operations in other nefarious ways,” write Alaap B. Shah and Patricia M. Wagner in The National Law Review.

“Recognizing these challenges, some security professionals have sought further clarity on the HIPAA Security Rule that they deem to be ‘long in the tooth’. Yet, regulators have not made any significant modifications – perhaps driven by the original policy considerations of the HIPAA Security Rule that: ‘the standard should be comprehensive and coordinated to address all aspects of security’; that it be “scalable, so that it can be effectively implemented by covered entities of all types and sizes’; and that it ‘not be linked to specific technologies, allowing covered entities to make use of future technology advancements.’

Read the article.




HIPAA IT Compliance Guide

“What exactly are the many ongoing effects of the federal Health Insurance Portability and Accountability Act (HIPAA) on health information technology (HIT)?” asks Lori Beerman in channelinsider’s Managed Services.

“What is HIPAA? To address the emerging role of health care technology, Congress passed HIPAA in 1996. The U.S. Department of Health & Human Services (HHS) codified the following primary HIPAA rules between 2000 and 2013 to implement and refine the law’s requirements:

  1. Privacy Rule
  2. Security Rule
  3. Final Omnibus Rule (includes Enforcement Rule)”

Read the guide.




Renown Health Pays OCR $75K for HIPAA Right of Access Failure

“The Office for Civil Rights reached a $75,000 civil monetary penalty and corrective action plan with Nevada-based Renown Health, to settle a potential violation of the HIPAA right of access standard,” writes Jessica Davis in Health IT Security’s News.

“The settlement is the fifteenth enforcement discretion brought under the OCR HIPAA Right of Access Initiative since its launch in 2019. The effort is designed to support patients in obtaining timely access to their medical records for a reasonable cost.”

“OCR launched an investigation into Renown Health in February 2019, after receiving a patient complaint that alleged the provider failed to timely respond to their request for an electronic copy of their protected health information. The patient had requested their records, including billing information, to be sent to a third-party.”

Read the article.




Webinar: HIPAA Compliance and Cybersecurity in Business

WebinarCompliancy Group will present a webinar on HIPAA compliance and cybersecurity on Wednesday, Oct. 23, 2019, at 2 p.m. Eastern time.

Enacted in 1996, the Health Insurance Portability and Accountability Act (HIPAA), established industry standards that every healthcare organization is required to adhere to. Throughout the years, HIPAA regulation has been modified, as such it is essential to keep up-to-date with the latest regulatory changes. Since its inception, HIPAA law has become part of an organization’s culture, affecting how to do business and how a practice is run. Learn the ins and outs of HIPAA compliance and cybersecurity.

Webinar presenters will discuss how HIPAA compliance and cybersecurity go hand-in-hand and will simplify HIPAA compliance. They will walk viewers through the full extent of the regulation, including the revisions and amendments that have been added over the years.

Register for the webinar.

 

 




Trump’s Medical Records: Any Privacy Law Violated?

President Trump’s former physician, Dr. Harold Bornstein, recently revealed that the president’s bodyguard and two others came to his office in February 2017 and demanded Trump’s medical records. Was there any violation of laws protecting patient privacy? Is Trump’s crew in trouble here?

A post on the website of Androvett Legal Media & Marketing addressed the issue.

“If the doctor had good reason to believe that this group was authorized by Trump and that the president wanted the records, the doctor is permitted to provide them. He could have refused and demanded an authorization that would meet standards under HIPAA, the law that protects patients’ records. He also could have contacted Trump by phone for further confirmation,” says Jeff Drummond, a Dallas lawyer with Jackson Walker LLP who specializes in medical records privacy and HIPAA (Health Insurance Portability and Accountability Act).

A thornier lapse may have been committed by the doctor when he revealed to the New York Times that Trump was taking a drug that promotes hair growth.

“That would almost certainly be a violation of Trump’s medical privacy rights, and a violation of HIPAA,” Drummond said. “With that background, I think it would be fairly easy for Trump to sue the doctor to give up all copies of his records.

“HIPAA rules allow disclosures of medical records to the patient, the patient’s personal representative and those who are ‘involved in the care’ of the patient. It seems unlikely a law was violated by Trump’s emissaries taking his records with his permission.”

 

 




HIPAA Compliance Checklist Webinar

Compliancy Group will present a webinar on HIPAA compliance. The event will be Tuesday, Oct. 17, at 2 p.m. EDT.

“Through the years of helping the Healthcare industry become HIPAA compliant and pass their HIPAA audits, we continually run into the same HIPAA compliance issues and questions,” the company says on its website. “In this webinar we will run through a HIPAA compliance checklist of what needs to be done for your organization to meet the Federal Requirements. All attendees will receive a FREE personal walk through of their organization and to answer all their questions, concerns and to focus you on what your organization needs.”

Questions discussed include:

  • What do I need to do to become HIPAA compliant?
  • I’ve done my Security Risk Assessment, now what?
  • Is there a such thing as overkill when it comes to HIPAA?
  • Can you automate HIPAA compliance completely?
  • Is group or individual training sufficient?

Register for the webinar.

 

Join Our LinkedIn Group

 




HIPAA 101: The 30-Minute Guide to Understanding Compliance

RegulationCompliancy Group will present a free webinar on HIPAA compliance, titled “The 30-Minute Guide to Understanding Compliance.”

The event will be Tuesday, June 27, at 2 p.m. EDT.

In this webinar, the goal is to break down HIPAA compliance by walking you through the Regulation since the moment it was enacted in 1996, Compliancy Group says on its website.

“Through the years HIPAA regulation has undergone significant change, and the need to understand the Regulation has as well.

“Though it was once just another regulation, HIPAA has become a cultural issue for health care organizations of all kinds, affecting how to run a practice and the means of doing business. Join us through this timeline of HIPAA compliance and a how it pertains to you as a Covered Entity or Business Associate,” the site adds.

Register for the webinar.

 

Join Our LinkedIn Group

 




Managing HIPAA Data Breaches

Computer - cybersecurity -privacyCompliancy Group will present a complimentary webinar designed to give individuals and entities operating in the health care sector the skills they need to be prepared to identify, respond and manage data breaches in a timely, efficient and compliant manner.

The event will be Wednesday, June 15, beginning at 2 p.m.

“Data breaches are becoming more and more common among health care providers, payers and their vendors,” the company says on its website. “Some estimates indicate that one-third of all Americans had their health information breached in 2015 alone, and data breach costs are approaching $250 per affected individual – not including the million dollar penalties with government regulators have recently issued.

This webinar will give listeners the tools they need to develop a data breach plan to protect their organization.

Register for the webinar.

 

 




Actiance Announces Compliance Platform for Healthcare, Pharmaceutical Industries

Actiance, a provider in communications compliance, archiving, and analytics, has announced the Actiance Platform for the healthcare and pharmaceutical industries.

“Actiance’s next-generation, cloud-based, unified platform addresses new and existing regulatory retention and security and privacy requirements, while reducing the risk and expense of costly eDiscovery and compliance activities,” the company said in a release. “With the Actiance Platform for the healthcare and pharmaceutical industries, organizations can embrace new communications channels while protecting data and ensuring compliance.”

The release continues:

Similar to financial services, the healthcare and pharmaceutical industries are highly regulated and highly litigious. The introduction of new regulations, constant changes to existing protocols, and the explosion of collaboration technology has necessitated healthcare and pharmaceutical companies to update their information management strategies. Regulations, including the 2009 American Recovery and Reinvestment Act (ARRA), the 2013 HIPAA Omnibus Final Rule, the Affordable Care Act (ACA), and the Physician Payment Sunshine Act final rule (42 CFR Parts 402 and 403), govern processes like Electronic Health Record (EHR) adoption, Centers for Medicare and Medicaid Services (CMS) reimbursement, and document retention and management for everything from drug research and development to sales and marketing. Innovations, such as telemedicine and doctor-patient chat, led to laws for Protected Health Information (PHI) and Electronically Stored Information (ESI).

“Patients are taking greater control of healthcare decisions and increasingly demand real-time communications across new channels such as Skype and social media. However, due to regulatory and legal requirements associated with health-related data, the healthcare industry has been slow to respond. With the strain of new channels and huge increase in health data, existing record retention systems originally designed for email capture are reaching their breaking points,” Kailash Ambwani, CEO, Actiance. “The Actiance Platform empowers healthcare and pharmaceutical organizations to meet the needs of today’s patients without worrying about regulatory compliance. This solution is another step in the right direction as healthcare decision makers grapple with the growing demand for infrastructure that meets their needs and increased regulations.”

As new communications channels and networks become available to the healthcare and pharmaceutical industries, records management responsibilities become even more critical. Implementing new communications and social channels without the necessary safeguards and processes exposes firms to non-compliance with industry regulations, potential litigation, and an increased threat of security breaches and data leakage. Organizations risk steep fines and reputational damage without the proper processes, procedures, and technology in place to help manage these complex requirements.

The Actiance Platform for the healthcare and pharmaceutical industries provides:
A single point of control and security for regulated structured and unstructured content, with context, from a variety of sources, in real-time;
The ability to automatically meet regulatory compliance, data security, retention and disposition requirements for more than 70 communications channels;
Cost-effective and quick responses to eDiscovery requests, without impacting employees;
Access to employee identities and profiles maintained across enterprise and public social channels, including first-degree connections;
Increased employee productivity through automated capture, policy management, and archiving of various communications channels in one data repository;
Effective early case assessment with access to the complete archive of all relevant communications;
Automatic classification and tagging of Title 21 CFR Part 11 records based on custom lexicons; and,
Ensured compliance with FDA social media use guidelines by pharmaceutical sales and marketing departments

To learn more about the Actiance Platform, download our healthcare and pharmaceutical white papers.

Additional Information
Stay up to date with Actiance: http://www.actiance.com/blog
Become a fan of Actiance: http://www.facebook.com/actiance
Follow Actiance on Twitter: http://www.twitter.com/actiance

About Actiance
Actiance is the leader in communications compliance, archiving, and analytics. We provide compliance across the broadest set of communications and social channels with insights on what’s being captured. Actiance customers manage over 500 million daily conversations across 70 channels and growing. Customers include the top 10 U.S., top 5 Canadian and top 8 European and top 3 Asian banks. The Actiance advantage is customers stay ahead of compliance and uncover patterns and relationships hidden within their data. Learn more at www.actiance.com.

Actiance headquarters are in Redwood City, California. For more information, visit http://www.actiance.com or call 1-888-349-3223.




HIPAA Compliance for Business Associates: How to Gain and Retain Clients

HIPAACompliance Group will present a complimentary webinar on HIPA compliancy for business associates Thursday, April 21, beginning at 2 p.m. Eastern time.

HIPAA compliance for business associates has become critical, especially when they deal with medical professionals, Compliancy Group says on its website. This webinar will explain the law, what business associates need to know and do to be compliant, and how to differentiate a firm to acquire new and maintain current clients.

The webinar will cover:

  • The steps on how to become HIPAA compliant as a Business Associate
  • What an effective BAA should include
  • How to help existing and new healthcare clients with compliance
  • Why it is important to differentiate yourself as HIPAA compliant

Register for the webinar.

 

 




HIPAA Compliance Tune-up for 2016

The Compliancy Group will present a free webinar focused on mitigation strategies Covered Entities and BA’s alike can take to minimize the risk of data breach or actions prompting an OCR Audit. The webinar will be Wednesday, March 9, beginning at 2 p.m. EST.

Healthcare IT thought leadership and practice managers continually seek ways to foster a culture of alertness when it comes to HIPAA compliance, the company said in a release. They have the dual challenge of staying on the right side of federal regulators and stopping would-be hackers. This is especially true given the potential impact a data breach can have on their organization’s reputation and bottom line. By reflecting on 2015, it becomes clear that covered entities and business associates alike will continue to prepare to mitigate the threat of cyber-attacks and the planned ramp up of OCR Phase 2 Audits.

The webinar will cover:

  • Security risks that might initiate an OCR Audit or increase risk of data breach
  • Why you should prioritize a Security Risk Analysis
  • 6 Cyber Hacking prevention tips
  • How to create a culture of a Cyber Security workforce
  • What is TLS vs. SSL encryption and why you should care

Register for the webinar.




Home Health Provider Hit With $238,900 HIPAA Penalty

Lincare, a major provider of in-home respiratory care and other services, will pay $238,900 in civil monetary penalties for violating the Health Insurance Portability and Accountability Act (HIPAA), federal authorities announced Wednesday, according to a report by Home Health Care News.

“This marks only the second time that the Office for Civil Rights (OCR) has imposed civil monetary penalties for a HIPAA violation. The penalty was challenged but now has been upheld by an administrate law judge (ALJ),” the report says.

The breach involved a Lincare branch in Wynne, Arkansas, doing business as United Medical. Faith Shaw worked as a manager there from 2005 until 2009. Shaw had stored records of 278 patients in her car, which she left behind when she moved out of her marital home in 2008. Her husband reported finding those records to the OCR.

Read the article.

 




Preparing for the Upcoming 2016 HIPAA Audits

HIPAAAs a part of its complimentary HIPAA education series, Compliancy Group will present a webinar on best practices for preparing for upcoming 2016 HIPAA audits, with lessons and examples from past breaches and fines.

The webinar will be Thursday, Jan. 28, beginning at 2 p.m. Eastern time.

“With 2016 audits looming in the headlines there is no doubt you should be prepared for the long overdue, stricter audits.” the company says on its website. “Past violations will be analyzed: causes of the incidents, gaps, and remediation. Learn from experts about how to stay out of the headlines, avoid penalties and protect your reputation.”

Register for the webinar.

 




HIPAA Compliance Quiz for Lawyers

HIPAALegal Workspace has produced  free online test to help corporate executives and counsel determine whether their firms are in compliance with the Health Insurance Portability and Accountability Act.

The click-through quiz includes topics such as encryption for all email, two-factor authentication for access to computer systems housing healthcare data, business associate agreements with all vendors, intrusion detection systems, electronic protected health information, HIPAA guidelines for off-site data backup providers, and more.

Take the quiz.

 




How to Calculate the Cost of a Data Breach

Clearwater Compliance will present a complimentary webinar featuring industry experts discussing how to assess specific security risks and build a strong business case for enhanced security.

The webinar, titled “How to Calculate the Cost of a Data Breach and How to Get the Budget for Your HIPAA-HITECH Compliance Program,” will be Dec. 3, 2015, from 11 a.m. to 12:15 Central time.

“Even with the increased enforcement of HIPAA and HITECH requirements and the increase in penalties being levied for non-compliance, the security efforts of health care organizations responsible for safeguarding protected health information (PHI) are simply not keeping pace with the growing risks of unauthorized or impermissible disclosures of PHI,” the company says on its website. “Those risks are increasing as a result of the expansion in the number of organizations handling PHI and thus statutorily-obligated to comply with HIPAA, the increase in electronic health record (EHR) adoption and the growing rewards of PHI theft.”

Register for the webinar.