Latest HIPAA News

Webinar: Lessons and Examples of 2022’s HIPAA Breaches and Fines

In 2022 the Office for Civil Rights (OCR) did not slow down its enforcement actions. Over 55% of HIPAA fines in 2022 were levied against small medical practices.

Watch this recorded webinar to learn about:

  • The breaches and fines of 2022 (what caused them and who was affected).
  • How to protect yourself from committing a breach in 2023 and avoid a large fine.
  • What we expect the main HIPAA issues to be in 2023 and what to look out for.

Please fill in the form to be immediately directed to the video.

HIPAA has by now become an essential part of an organization’s culture, affecting many aspects of how business is conducted. HIPAA regulations are continuously being modified, and it is therefore essential to keep up-to-speed with the latest changes.

The post Webinar: Lessons and Examples of 2022’s HIPAA Breaches and Fines appeared first on HIPAA Journal.

National HIPAA Summit – Reader Offer Discount Code

The National HIPAA Summit is the leading forum on healthcare EDI, privacy, breach notification, confidentiality, data security, and HIPAA compliance, and the deadline for registration for the Virtual 40th National HIPAA Summit is fast approaching. The event provides a tremendous opportunity for learning through HIPAA workforce training sessions and keynote speeches from top government officials and leading industry professionals.

Reader Offer: $100 Off Registration Fee

The HIPAA Journal has a $100 discount for readers. Enter “HIPAAJournal” (not case sensitive) on the Registration Page.  This is a reader offer for the benefit of The HIPAA Journal readers. (Not a sponsored post, or an affiliate link)

Register for the Virtual 40th National HIPAA Summit Here

Attendees will gain valuable insights into health information privacy, healthcare cybersecurity, HIPAA enforcement, and a wealth of information to help them maintain HIPAA compliance and take healthcare data privacy and security to the next level.

This year, the HIPAA Summit is being co-chaired by:

  • Adam Greene, JD, MPH – Partner and Co-chair, Health Information & HIPAA Practice, Davis Wright Tremaine LLP, HIPAA Summit Distinguished Service Award Winner, Former Senior Health Information Technology and Privacy Specialist, Office for Civil Rights, HHS, Washington, DC
  • Kirk J. Nahra, JD – Partner and Co-chair of the Privacy and Cybersecurity Practice, Wilmer Hale, Adjunct Professor, American University Washington College of Law, Washington, DC
  • Iliana Peters, JD, LLM – Shareholder, Polsinelli, Former Acting Deputy Director, Health Information Privacy, Office for Civil Rights, US Department of Health and Human Services, Washington, DC
  • Robert M. Tennant, MA – Vice President, Federal Affairs, Workgroup for Electronic Data Interchange (WEDI); Former Director, HIT Policy, Medical Group Management Association; Washington, DC

Virtual 40th National HIPAA Summit – March 7-10, 2023

The Virtual 40th National HIPAA Summit runs March 7-10, 2023, and is split into several mini-summit groups. These groups cover privacy and HIPAA compliance best practices, HIPAA breach trends, and HIPAA enforcement initiatives and breach trends. This year summit groups covering post-Dobbs reproductive health information privacy, Privacy risks from website tracking technologies, current and emerging security risks, medical and wearable device cybersecurity, incident response and breach notification best practices, privacy and security in the metaverse, business associate compliance and risk management, lessons learned from healthcare ransomware attacks, and more.

Government Keynote Speakers

  • Nicholas Heesters, MEng, JD, CIPP – Senior Advisor for Cybersecurity, Office for Civil Rights, US Department of Health and Human Services, Philadelphia, PA
  • Melanie Fontes Rainer, MSME, JD – Director, Office for Civil Rights, HHS; Former Senior Advisor, Healthcare to Attorney General, CA DOJ; Former Chief of Staff, Medicare-Medicaid Coordination Office, Centers for Medicare & Medicaid Services, Washington, DC
  • Micky Tripathi, MPP, PhD – National Coordinator for Health Information Technology, US Department of Health and Human Services, Washington, DC
  • Elisa K. Jillson, JD – Counsel to the Director, Bureau of Consumer Protection, U.S. Federal Trade Commission, Washington, DC

Keynote Speakers

  • Patrice Ettinger, JD, CIPP/US – Chief Privacy Officer, Pfizer; Past Chair, International Association of Privacy Professionals; Former Chief Privacy Officer, Avon, New York, NY
  • Sally Greenberg – Executive Director, National Consumers League; Former Senior Product Safety Counsel, Consumers Union; Former Eastern States Civil Rights Counsel, Anti-Defamation League, Washington, DC
  • Trevor Hughes, JD, CIPP – President and Chief Executive Officer, International Association of Privacy Professionals; Former Executive Director, Network Advertising Initiative and Email Sender and Provider Coalition, Boston, MA
  • Walter E. Johnson, MS, CCEP, CCEP-I, CHC, CHPC – Assistant Privacy Officer, Inova Health System; President, Health Care Compliance Association, Washington, DC
  • Deven McGraw, JD, MPH, LLM – Cofounder and Lead, Data Stewardship & Data Sharing, Invitae; Former Deputy Director, Health Information Privacy, OCR, HHS, Redwood City, CA
  • Faith Myers, JD – Chief Privacy Officer & Vice President, Global Privacy, McKesson; Chief Privacy Officer & Senior Vice President, Compliance Officer, CoverMyMeds, Smyrna, GA
  • Jules Polonetsky, JD – Chief Executive Officer, Future of Privacy Forum; Former Chief Privacy Officer, AOL and DoubleClick; Former Consumer Affairs Commissioner, New York City; Former Member, New York State Assembly; Former Legislative Aide, Congressman Charles Schumer, Washington, DC
  • Daniel J. Solove, JD – John Marshall Harlan Research Professor of Law, George Washington University Law School; Founder, TeachPrivacy; Author, Understanding Privacy; Information Privacy Law The Future of Reputation: Gossip, Rumor, and Privacy on the Internet and The Digital Person: Technology and Privacy in the Information Age, Washington, DC
  • Gerry Zack, MBA, CPA, CFE, CIA, CRMA – Chief Executive Officer, Health Care Compliance Association (HCCA) and Society of Corporate Compliance and Ethics (SCCE); Former Chair, Association of Certified Fraud Examiners (ACFE), Minneapolis, MN

On Tuesday, February 28, 2023, there is an opportunity for professional certification preconference certified cyber security architect (CCSA) training (separate registration required). This will be followed by the preconference basic training day on March 2, 2023. The pre-conference basic training day is included in the basic HIPAA Summit registration and includes 8 training sessions, followed by a HIPAA Workforce Training Faculty Q&A.

2023 HIPAA Summit – HIPAA Workforce Training Sessions

  • HIPAA Privacy Basics – Adam Greene, JD, MPH
  • Breach Notification Rule and HIPAA Enforcement Rule Basics – Iliana Peters, JD, LLM
  • HIPAA Workforce Training 3: HIPAA Security Basics – David Holtzman, JD, CIPP/US/G
  • How to Achieve the Right Balance of Data Privacy and IT Security – Pamela Hrubey, DrPH, CIPM, CIPP/US, CCEP
  • Business Associate Basics – John Haskell, JD
  • Basics of State Privacy and Security Laws and Relationship to Federal Regulation – Sheila Sokolowski, JD
  • The Basics of Information Blocking – Jodi Daniel, JD, MPH
  • HIPAA Administrative Transactions Basics – Robert M. Tennant, MA

The full schedule for the event can be downloaded here – HIPAA Summit Schedule (PDF). The event will be live-streamed, and an archive of the webcast will be made available to registered individuals for several months after the event for workforce training purposes.


Reader Offer: $100 discount

The HIPAA Journal has a $100 discount for readers simply enter “HIPAAJournal” (not case sensitive) on the Registration Page.

Register for the Virtual 40th National HIPAA Summit Here

This is a reader offer for the benefit of The HIPAA Journal readers. This is not a sponsored post, this is not an affiliate link, The HIPAA Journal has no financial arrangement with The HIPAA Summit.

The post National HIPAA Summit – Reader Offer Discount Code appeared first on HIPAA Journal.

Editorial: Benefits of HIPAA for Healthcare Organizations

One of the problems with developing legislation for the entire healthcare industry is rules must be written for organizations of different sizes, with vastly different business models, budgets, staffing levels, and capabilities. Rules need to be written that are sufficiently flexible to accommodate this variety and be appropriate for all organizations and their unique operating structures.

One of the challenges with developing HIPAA was to create rules that would correct inefficiencies and get the healthcare system working more harmoniously. They also needed to stand the test of time and be flexible enough to accommodate changes that could not be envisaged when the legislation was signed into law. When the Privacy and Security requirements were introduced, they needed to be specific enough to serve as a practical framework for healthcare organizations to follow yet be flexible enough to account for changes in technology and operating practices over time.

This was vital as the process of updating legislation is simply too slow to allow for regular changes to be made. The HHS needs to issue a request for information to find out what needs to change, process the feedback, then a notice of proposed rulemaking, review the comments on the proposed changes, pen the final rule, issue that rule, and provide sufficient time for healthcare organizations to comply with the changes. That process spans several years, yet working practices evolve and new technology is constantly being introduced.

The way that HIPAA needed to be written has naturally led to the legislation receiving a lot of criticism. HIPAA has been criticized for having too many requirements and also not enough in certain areas, and for being too inflexible and difficult to interpret, and challenging to comply with. Despite the challenges of compliance and the gaps in HIPAA, the legislation has provided many benefits for healthcare organizations, healthcare professionals, patients, and health plan members. The legislation is far from perfect and HIPAA is in desperate need of updating – new HIPAA regulations will soon be introduced – but in its current form, the benefits of this important legislative act far outweigh any disadvantages.

In this article – and the next two in the series – I will explain the benefits of HIPAA and how the proposed Privacy Rule changes will help to address some of the current pain points and should significantly improve HIPAA for healthcare organizations, their employees, patients and members. You can read about the benefits of HIPAA for healthcare professionals here.

How HIPAA has Benefited Healthcare Organizations

HIPAA was signed into law more than 25 years ago in 1996 before many current healthcare workers had even been born. For those in the industry old enough to remember, at that time there was a desperate need to improve efficiency in the healthcare industry, as a huge amount of time and effort was wasted on inefficient manual processes, the cost of which was driving up the cost of healthcare at an unsustainable level.

HIPAA improved efficiency by standardizing healthcare transactions across the industry, including requiring all healthcare organizations to use the same standard code sets and follow standard administrative practices. Not only did the standards introduced by the HIPAA Administrative Simplification Rules help to eliminate waste and reduce the administrative burden on healthcare organizations, they have also helped to improve patient safety by reducing the potential for medical errors by making it easier to match records with the right patients. Before the introduction of HIPAA, healthcare fraud was rife and was costing the healthcare industry around $7 billion a year. The standardization of healthcare transactions has helped to reduce significantly reduce fraud.

The introduction of the HIPAA Privacy, Security, and Breach Notification Rules brought many benefits to healthcare organizations, but also some of the biggest pain points for HIPAA-covered entities. These updates required considerable changes to working practices and came with a significant administrative burden. HIPAA set clear – and sometimes not so clear – rules on how health information can be used and disclosed, how health information must be handled, and the policies and procedures that need to be implemented to ensure the confidentiality, integrity, and availability of protected health information. The HIPAA Privacy Rule has empowered patients to take a much more active role in their healthcare, allowing them to check their medical records for errors and get any errors corrected, which has helped to reduce the risk of medical errors and improve patient outcomes, which naturally has many benefits for healthcare organizations. By having standard rules in place, patients have the same rights no matter where they obtain care, and the safeguards to ensure the confidentiality of health information have helped to build trust between patients and their healthcare providers.

The HIPAA Security Rule set standards for all covered entities to follow to ensure the confidentiality, integrity, and availability of electronic health information and helped healthcare providers successfully transition from paper records and charts to electronic health records and encouraged the adoption of new technologies for improving efficiency and the quality of care in a safe and secure way. The HIPAA Security Rule was not meant to be a comprehensive checklist of every security measure that should be considered or implemented, rather it is a set of minimum standards for security that must be achieved. By adopting those standards, healthcare organizations have prevented many data breaches and avoided the considerable costs of those breaches. Many of the data breaches now being reported are due to employee errors and non-compliance with the HIPAA Security Rule.

The HIPAA Breach Notification Rule provides important benefits to patients, but there are also benefits for healthcare organizations. Compliance with this aspect of HIPAA ensures transparency about unauthorized access and disclosures of protected health information and promptly notifying patients about data breaches – which are often out of the control of healthcare organizations –can improve trust in healthcare organizations and reduce the reputational damage caused by data breaches. Importantly, HIPAA lacks a private cause of action, which helps HIPAA-covered entities avoid the considerable legal costs of defending lawsuits from patients who believe their privacy has been violated.

How the Proposed Updates to the HIPAA Privacy Rule will Benefit Healthcare Organizations

While the HIPAA Rules lack specificity in certain areas and incorporate flexibilities to avoid the need for regular updates, updates to HIPAA are required to accommodate changes in working practices and advances in technology, and to correct the elements that are either not achieving the purpose they were intended to or are no longer important. There has also been considerable criticism over the years that HIPAA continues to place an unnecessary administrative burden on healthcare organizations. After issuing an RFI, OCR published a Notice of Proposed Rulemaking in 2021 to update the HIPAA Privacy Rule, mostly to strengthen individuals’ rights to access their own health information and to reduce the administrative burden on healthcare organizations.

These Privacy Rule changes should help to improve information sharing, which will make patient care coordination and case management easier, including the coordination and management of care through social and community services. The updates will also facilitate family and caregiver involvement in the care of individuals that are experiencing emergencies or health crises. The restrictions of HIPAA have been clear became clear throughout the opioid and COVID-19 public health emergencies. The update helps to address this by incorporating flexibilities to permit disclosures in emergencies and threatening circumstances. These updates will help healthcare providers deliver better care and improve patient outcomes.

The amount of paperwork involved in providing healthcare also needed to be addressed. Finally, some of the time-consuming tasks that healthcare organizations still need to perform manually are being eliminated, such as the requirement for a covered entity to obtain an individual’s written acknowledgment of receipt of a direct treatment provider’s Notice of Privacy Practices and retain copies of that documentation for 6 years.

Any update to HIPAA comes with a considerable workload initially but the benefits should be felt quickly. OCR believes the efficiencies introduced by the Privacy Rule changes will help to save $3.2 billion over five years, thus limiting the increase in the cost of healthcare. The Final Rule has yet to be published in the Federal Register, but that should finally happen in 2023.

Healthcare Organizations are Still Struggling with HIPAA Compliance After 26 Years

HIPAA has been in effect for 26 years, the Privacy and Security Rules for two decades, and the Omnibus Rule and Breach Notification Rules for 14 years, yet HIPAA compliance is still proving to be a challenge for many healthcare organizations.

One of the common complaints about HIPAA that makes compliance complicated is the frequent use of terms use as reasonable… exercise reasonable diligence, implement reasonable and appropriate policies and procedures, reduce risks and vulnerabilities to a reasonable and appropriate level. There are also ‘required’ and ‘addressable’ provisions, where addressable provisions are still required elements of compliance, in some form. These flexibilities are what make HIPAA workable for such a wide range of healthcare organizations and stay relevant, but they can present significant challenges for healthcare organizations, especially smaller practices that lack the staff and resources to devote to compliance.

One of the ways that many smaller healthcare organizations have simplified compliance and ensured all the i’s are dotted and t’s are crossed is by using HIPAA compliance software. These software solutions guide healthcare organizations through compliance with all aspects of the HIPAA Rules, eliminating the guesswork and making sure that no provisions are overlooked. The software can be used to achieve compliance and maintain the compliance program, prompting risk analyses, updates, and training, and ensuring compliance efforts are fully documented to ensure painless audits and investigations.

Security Rule compliance can be particularly challenging, as the Security Rule does not provide specifics about technologies that should be used to protect healthcare data. Many healthcare organizations have simplified compliance and gone above and beyond the requirements of HIPAA by adopting a cybersecurity framework. Frameworks such as the NIST Framework for Improving Critical Infrastructure Cybersecurity and the HITRUST Cybersecurity Framework provide structure, transparency, and guidance for achieving compliance with HIPAA and other privacy and security regulations and provide clarity and consistency while reducing the burden of compliance.

In 2021, the HITECH Act received an update to encourage the adoption of recognized security practices such as those developed under section 405(d) of the Cybersecurity Act of 2015 and covered by these cybersecurity frameworks to improve cybersecurity across the healthcare industry. The update provides incentives in the form of reduced penalties and sanctions and shorter audits and investigations by OCR, which considers the adoption of recognized security practices as a mitigating factor when making determinations about HIPAA Security Rule violations and data breaches.

HIPAA is Only the First Step

The main benefits of HIPAA for healthcare organizations are improvements in efficiency through standardized working practices which eliminate waste, improve patient safety, and boost profits. HIPAA compliance fosters trust between providers and patients and health plans and their members and helps to improve patient outcomes, increase patient and client loyalty, and improve retention.

However, HIPAA is just a set of minimum standards for privacy and security, so HIPAA compliance can be viewed as only the first step. Adopting a cybersecurity framework and implementing recognized security practices will further strengthen an organization’s security posture, and thanks to the HITECH Act update, there is now an added incentive for doing this.

Steve Alder, Editor-in-Chief, HIPAA Journal

The post Editorial: Benefits of HIPAA for Healthcare Organizations appeared first on HIPAA Journal.

Captify Health Suffers 3-Year Breach of its Your Patient Advisor Website

Captify Health has recently started notifying users of its Your Patient Advisor online service that their sensitive information has been exposed and obtained by unauthorized individuals. In some cases, credit card information was stolen and misused. Captify Health prepares patients for their colonoscopy procedures by providing the colonoscopy preparation products recommended by doctors through its Your Patient Advisor service. As an online retailer, Captify Health collects customer information and processes debit/credit card payments through the website.

An external investigation into credit card fraud pointed to Captify Health as the source of a data breach. Captify Health was informed in March 2021 about the potential breach and conducted an internal investigation, with assistance provided by a third-party digital forensics firm. Malicious code was identified on the website which was transmitting the data of its customers to a third-party server. That information included full names, addresses, birth dates, payment card numbers, expiration dates, and security codes.

The forensic investigation revealed the initial breach of its website occurred on May 26, 2019, and lasted until April 20, 2021. During those 3 years, 244,296 individuals had used its service and potentially had their sensitive information stolen. According to the breach notification letters, sent via the Californian law firm Lewis Brisbois Bisgaard & Smith, there was an extensive investigation into a potential breach and it was determined on October 13, 2022, that malicious code had been added to its website. The affected individuals were then identified and contact information was verified, and breach notification letters were sent on December 16, 2022.

Captify Health said in its notification letters that “out of an abundance of caution, we have taken steps to ensure our platform is safe and secure for all purchases.” It is unclear how many individuals affected by the breach have experienced misuse of their credit card information. Captify Health has recommended customers carefully review their account statements for signs of fraudulent activity.

Retailers are often targeted to gain access to payment card information, as happened with the attack on the retailer Target, which resulted in the theft of the credit card details of 40 million customers via malware on its point-of-sale system. What stands out in the Captify Health breach is the length of time it took to identify the breach – almost three years; the time taken to investigate the potential breach and confirm a data breach had occurred – 19 months; and the time it took to issue notifications to affected individuals – more than two months (64 days) after confirming malicious code was confirmed as being present on its website, and 21 months after Captify Health was first notified about fraudulent credit card use.

The incident was reported to the Maine Attorney General on December 16, 2022, but it is not yet showing on the HHS’ Office for Civil Rights breach portal. Captify Health states in its website privacy policy that it is in full compliance with the HIPAA regulations and signs business associate agreements with doctors that use its service, which indicates the company is a business associate under HIPAA. A breach such as this has significant potential to cause serious reputational damage and puts Captify Health at risk of regulatory fines.

The post Captify Health Suffers 3-Year Breach of its Your Patient Advisor Website appeared first on HIPAA Journal.

Webinar Today: 3/23: Lessons and Examples from 2022 Breaches and HIPAA Fines

Healthcare data breaches continued to be reported at an astonishing rate in 2022, with data breaches of 500 or more records being reported at a rate of almost two per day. Healthcare providers and other healthcare entities continue to be targeted by cybercriminals and nation-state actors, and attacks have increased in both volume and sophistication. Cyberattacks on large healthcare providers continue to occur in high numbers, but 2022 has also seen an increase in attacks on small and medium-sized healthcare organizations and business associates of HIPAA-covered entities. For healthcare organizations, it is no longer a case of if a data breach will occur but when it will happen.

When data breaches occur, the HHS’ Office for Civil Rights (OCR) investigates and HIPAA-regulated entities must be able to demonstrate they are in compliance with the HIPAA Rules. High numbers of data breaches mean OCR investigates more HIPAA-regulated entities, so it is no surprise that there were many HIPAA enforcement actions in 2022. In fact, more HIPAA fines were imposed in 2022 than in any other year since OCR was given the authority to enforce HIPAA compliance.

One interesting HIPAA enforcement trend that has continued in 2022 is an increasing number of enforcement actions against small healthcare practices. In 2022, 55% of civil monetary penalties and settlements were to resolve compliance failures at small healthcare practices, with OCR continuing to focus on HIPAA Right of Access violations and missing HIPAA documentation, especially risk assessment documentation. The data breaches and HIPAA enforcement actions

Compliancy Group is hosting a webinar where attendees can learn more about the 2022 healthcare data breaches, HIPAA enforcement trends, and the lessons that can be learned from these data breaches and HIPAA fines. During the webinar you will find out about:

  • 2022 data breach trends – How they occurred, who they affected, and the lessons that can be learned from those data breaches
  • 2022 HIPAA enforcement trends – What OCR is now focused on and what to expect in 2023
  • How to protect against data breaches and civil monetary penalties
  • Compliancy Group’s HIPAA compliance experts will be on hand and will give you the inside scoop and will provide predictions for the coming year and what you should look out for.

Compliancy Group first hosted this webinar on January 18, but due to the immense popularity of the webinar, it is being run again this month, so if you missed it the first time around you have another chance to attend.

Webinar Details:

Lessons and Examples of 2022 Breaches and Fines

Host: Compliancy Group

Speaker: Liam Degnam, Compliancy Group’s Director of Strategic Initiatives

Date: Thursday, March 23rd, 2023

Time: 11:00 a.m. PT ¦ 12:00 p.m. MT ¦ 1:00 pm CT ¦ 2:00 pm ET

Register for the webinar using the form below and remember to add the date in your diary. This is a webinar you will not want to miss!

The post Webinar Today: 3/23: Lessons and Examples from 2022 Breaches and HIPAA Fines appeared first on HIPAA Journal.

Webinar Today: 12/6/2022: How to Complete Your 2022 Risk Assessment

The Health Insurance Portability and Accountability Act (HIPAA) requires HIPAA-covered entities and their business associates to complete a risk assessment. The purpose of the risk assessment is to identify and evaluate all risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information (ePHI). An annual risk assessment is also required by MACRA/MIPS.

Only by conducting a risk assessment is it possible to identify all risks to ePHI, evaluate them, prioritize them, and then subject them to the risk management process. Despite the importance of this element of HIPAA compliance, it is one of the most commonly cited HIPAA violations by the HHS’ Office for Civil Rights in its enforcement activities and HIPAA audits.

The risk assessment should not be viewed as a HIPAA compliance checkbox item to avoid financial penalties. Conducting a comprehensive HIPAA risk assessment will identify vulnerabilities before they are found and exploited by threat actors. Completing an annual HIPAA risk assessment will help HIPAA-regulated entities prevent costly data breaches as well as avoid regulatory fines.

To help you complete your 2022 HIPAA risk assessment and ensure you are fully compliant, Compliancy Group is hosting a webinar that provides an overview of everything you need to know about completing your 2022 risk assessment. Previous webinars have already helped many HIPAA-regulated entities ensure compliance with this important HIPAA requirement.

The 2022 deadline is approaching so covered entities must conduct their HIPAA risk assessment by the end of the year. Due to popular demand and the importance of the subject matter, this webinar is now being run again in December.

Mark the date in your calendar and register for the webinar using the form below.

2022 Deadline Approaching Fast

How to Complete your 2022 HIPAA Risk Assessment

December 7th @ 2:00 pm ET ¦ 1:00 pm CT ¦ 12:00 pm MT ¦ 11:00 am PT


The post Webinar Today: 12/6/2022: How to Complete Your 2022 Risk Assessment appeared first on HIPAA Journal.

Webinar Today: Aug 17, 2022: Do I Need to be HIPAA Compliant?

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards to protect sensitive patient health information and to prevent that information from being disclosed without an individual’s knowledge or consent. HIPAA applies to healthcare providers, health plans, and healthcare clearinghouses, which are classed as HIPAA-covered entities.

There is a misconception that only HIPAA-covered entities need to ensure they are compliant with the HIPAA Privacy, Security, Breach Notification, and Omnibus Rules; however, HIPAA also applies to business associates of HIPAA-covered entities. A business associate is any third party that provides products or services to HIPAA-covered entities that involves contact with protected health information (PHI) in any form.

Achieving and maintaining HIPAA compliance is vital for all HIPAA-covered entities and business associates. The HHS’ Office for Civil Rights and state Attorneys General have the authority to impose financial penalties and other sanctions if non-compliance with the HIPAA Rules is discovered, and many organizations have discovered to their cost that compliance with the HIPAA Rules is not optional.

If you work in healthcare in any capacity, it is almost certain that you need to be HIPAA compliant. If you are in any doubt, Compliancy Group is hosting a webinar on August 17, 2022, to answer the question, do I need to be HIPAA compliant?

Do I Need to be HIPAA Compliant?

August 17th @ 2:00 pm ET ¦ 11:00 am PT

Host: Compliancy Group


The post Webinar Today: Aug 17, 2022: Do I Need to be HIPAA Compliant? appeared first on HIPAA Journal.