
Breach Determination, Notification & Mitigation
Determination – Is it a Breach? In the event of a suspected breach caused by unauthorized access, or any other number of causes of a suspected breach, there are steps covered entities must take to determine if each incident is a breach. Prior to the HIPAA Final Omnibus Rule, covered entities were required to determine […]

Health Information Exchange
HIE has been mentioned in articles, podcasts, trainings, and for some us, as a topic of everyday conversation. In this article we will provide answers to some common questions about HIE: What is HIE? Is HIE a Meaningful Use requirement? What are the benefits of HIE? What is HIE? Health Information Exchange (HIE) is the […]

First HIPAA Settlement Based on Untimely Reporting Involved Hard Copy PHI
Occasionally we answer questions regarding what constitutes a reportable breach. Questions such as: Isn’t it only a reportable breach if the incident involves electronic protected health information (ePHI)? What about paper? Should these types of incidents be handled internally and not require reporting? Based on a recent U.S. Department of Health and Human Services (HHS) […]

Guidance on Privacy Rule and Mental Health Information
Recently, the OCR released guidance on HIPAA Privacy Rule and Sharing Information Related to Mental Health. The guidance addresses when it is appropriate for a health care provider to share PHI of a patient being treated for a mental health condition. Communication with Family, Friends, or Others HIPAA allows a health care provider to […]

Failure to Manage Security Risk Lead to $2.14 Million HIPAA Settlement
Imagine your organization potentially discloses electronic protected health information (ePHI) of thousands of individuals. Do you have safeguards in place to reduce or prevent the risk of compromise to patients’ health information? The Office for Civil Rights (OCR) announced St. Joseph Health agreed to settlement in the amount of $2,140,500 and adopt a comprehensive […]

Failure to Comply with HIPAA Rules Results in a Costly Civil Monetary Penalty
Imagine your practice filed a breach report with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR – a few years ago – regarding the loss of a smartphone that contained unsecured electronic protected health information (ePHI) for several individuals. As part of the process, you provided notification and included mitigation […]