A recent incident involving Arkansas-based MedEvolve serves as a reminder of the consequences that arise from the mishandling of PHI and the importance of healthcare businesses ensuring that they and their business associates are HIPAA compliant. The HIPAA Violation On May 16, 2023, the HHS Office for Civil Rights announced the resolution of a HIPAA investigation...
The HIPAA Administrative Simplification provisions are in place to provide consistency in electronic communications within healthcare for Protected Health Information (PHI). These mandate the usage of standard transactions, code sets, and identifiers for the United States healthcare system. Who Must Comply? The most common organizations which must comply are healthcare clearinghouses, healthcare providers, and health...
In simple summary, a Business Associate Agreement (BAA) is a legal contract that exists between a Covered Entity and a Business Associate who comes into contact with Protected Health Information (PHI). Sometimes called a Business Associate Contract, it is critical and required to maintain HIPAA compliance. With the main bulk of PHI being stored electronically,...
It’s easy to find a news story with someone misappropriating what HIPAA is, what it means, and what it does. Most people incorrectly assume how it protects their health records and information from ‘the world at large’. It does protect private health information, and it was created to allow for easy access to one’s health...
Patient data exposed Inmediata Health Group, Corp., a provider of clearinghouse services, software, and business processing solutions to health plans, hospitals, IPAs, and independent physicians recently announced a security incident affecting some customer data. The incident was discovered in January 2019 when Inmediata found a misconfigured webpage was allowing some electronic health information to be...
The Center for Children’s Digestive Health (CCDH) a small, for-profit practice has agreed to implement a corrective action plan for their potential violations of the Health Insurance Portability Accountability Act of 1996 (HIPAA) Privacy Rule. According to the U.S. Department of Health and Human Services (HHS), the settlement includes a hefty payment of $31,000 for...
We have previously posted about HHS/OCR’s Guidance on HIPAA & Cloud Computing. The guidance is presented in question and answer form. To see the full guidance, you can go to the OCR page. Below are the 11 questions with partial answers to keep this brief but provide a good overview: Questions 1. May a...
In a clear message to healthcare organizations, The U.S. Department of Health and Human Services Office of Civil Rights (OCR), fined Women & Infants Hospital of Rhode Island (WIH) for not having updated HIPAA Business Associate Agreements. WIH provided OCR with a business associate agreement with Care New England Health System effective March 15, 2005,...
Almost all software programs have bugs in their code. The bugs may be security holes, problems displaying pages on mobile devices or inaccurately displaying results in reports to name a few. So it should be no shock that electronic health record (EHR) systems would have bugs as well. EHRs are complex software programs and are...
A married couple — both doctors who shared a medical practice — almost divorced over a HIPAA breach that blindsided them when a patient called to say that her medical records appeared in a Google search and she was filing a lawsuit. The orthopedist of a small practice didn’t want to fund the cost of...
© 2025 · HIPAA Secure Now!
Recent Comments