HIPAA Spoken Here

Helpful tips and straight talk about HIPAA compliance

Free Tools to Help with the HIPAA Risk Analysis

The results are in from the early HIPAA audits by Health and Human Services (HHS). Want to know what was the major weakness found by the government’s auditors? The compliance deficiency all-to-common among healthcare practices? It was, according to HHS, “the lack of a thorough risk analysis.”Time after time, auditors would ask to see evidence that the covered entity had performed a risk analysis. And time after time, much to their dismay, the answer they heard was, “A what?” Probably because that response was so widespread, HHS has since developed some excellent materials aimed at helping healthcare providers understand why […] Read more »

Healthcare Providers: Why a Computer’s Audit Trail Is Important

I’m going to talk a little bit today about audit trails — sometimes called “audit logs” — and the vital role they can play in your ongoing efforts to keep Protected Health Information (PHI) safe, your workforce honest, and hackers at bay. What is an audit trail? According to Fundamentals of Law for Health Informatics and Information Management, an audit trail is basically a “record that shows who has accessed a computer system, when it was accessed, and what operations were performed.” As that definition makes clear, one of the main functions of an audit trail is access management. But […]

Read more »

The Newest Standard for Notifying Patients of a PHI Breach

Before the HIPAA Omnibus Rule went into effect last year, the standard for determining whether or not patients needed to be notified in the event of a breach of Protected Health Information (PHI) was pretty subjective.  If, for instance, a computer with PHI  of 3000+ patients was stolen from a small practice, it was the responsibility of the practice’s Privacy Officer to assess whether the theft was likely to result in harm to any patient’s reputation or bank account. If the answer was “yes,” then the breach had to be reported and the patients notified. The trouble with that standard […]

Read more »

The Truth about HIPAA Compliant Email

In a previous blog I talked about the importance of email security in today’s healthcare practices. I focused mainly on the advantages of using secure HIPAA compliant email in communications with patients, and how that kind of communication can earn a doctor or dentist a high rating on social media and, quite possibly, a better bottom line. Patient endorsements are great, but – truth is — the advantages of HIPAA compliant email are more far-reaching than that. In many ways, secure email can play a vital role in running a practice. This short post will point out a few. One […]

Read more »

Is Texting PHI (Protected Health Information) Allowed by HIPAA?

The answer to that question is more complicated than a simple yes or no. “It depends,” says it best. The reason lies in the law itself. The lawmakers who crafted the HIPAA legislation went to great lengths, it seems to me, to make the mandate non-prescriptive.  HIPAA compliance doesn’t expressly require the use or avoidance of any specific modes of communication. In fact, the law doesn’t even mention texting PHI! What HIPAA does say is that with any means of communication, appropriate safeguards must be in place to ensure the privacy and security of Protected Health Information (PHI).  Whether or […]

Read more »

HIPAA Risk Assessment: Lessons from General Motors

For healthcare providers who’ve been putting off doing a risk assessment and developing a mitigation plan, Mary Barra, the CEO of General Motors, could make a compelling case against that kind of procrastination. If ten years earlier GM had identified the ignition switch in last year’s headlines as a potentially deadly defect and taken steps then to fix it, it could have saved at least 13 lives, prevented the company from having to pay $35 million in government fines and untold millions more from civil lawsuits, made the recall of 2.6 million vehicles unnecessary, and spared the CEO from having […]

Read more »

HIPAA Privacy Rule. HIPAA Security Rule. What’s the Difference?

Eavesdrop on a conversation about HIPAA compliance and most likely you’ll hear the words “privacy” and “security” — sometimes separately, often together, and usually in the context of safeguarding patient information. “So, what exactly is the difference between ‘privacy’ and ‘security’ in relation to HIPAA compliance?” you ask. With today’s HIPAA Quick Tip I’ll try to clear that up. And at the end of this post, you can test your understanding of that distinction with a one-question quiz. (I’m joking. Sort of. You’ll see.) The HIPAA’s Privacy Rule refers to the broad requirements to protect the confidentiality of Protected Health […]

Read more »

9 Safeguards for a HIPAA Compliant Fax

Before there was widespread access to email and the Internet, fax machines in healthcare practices were a common and accepted way to expeditiously share patient information with other providers. Convenient, affordable, easy to use, it’s no wonder fax machines are still whirring in a lot of offices. Maybe even yours. But with all the regulations now in place to ensure the privacy and security of Protected Health Information (PHI), many practices are wondering: Is information sent via fax HIPAA compliant? In today’s blog I’ll answer that question, provide guidelines for a HIPAA compliant fax for those of you who aren’t […]

Read more »

How Falling Prey to a Phishing Expedition Puts PHI at Risk

Phishing has become so commonplace, the word has made its way into the dictionary: Phish — to try to obtain financial or other confidential information from Internet users, typically by sending an e-mail that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake website that replicates the real one. In today’s HIPAA Quick Tip, I’ll show you a little trick that could save you and your staff from taking the bait from someone phishing for information. With regulations about data security getting stricter, hackers have stepped up their game. […]

Read more »

Recent Changes in the Notice of Privacy Practices: What You Need to Know

If there’s one aspect of HIPAA compliance it seems every office implements, it’s the Notice of Privacy Practices (NPP) — the document that informs patients of the permitted uses and disclosures of their Protected Health Information (PHI) and also spells out their rights as patients regarding their own access to their PHI. I can vouch for the widespread use of NPPs from my own experience as a healthcare consumer. At every first-time visit to a doctor’s or dentist’s office in recent memory, I’ve been handed a clipboard with a lengthy, legal-sounding NPP to read, along with a pen to sign […]

Read more »