HIPAA

HIPAA authorization is an important part of safeguarding sensitive patient health information. It is necessary when Personal Health Information (PHI) is utilized or shared for actions that are prohibited under the HIPAA Privacy Rule. As a covered entity, if you fail to comply with this component of HIPAA, you are subject to penalties.  What is…

According to the HIPAA Privacy Rule, HIPAA-compliant covered entities and their business associates can release and utilize protected health information (PHI) for purposes of treatment, payment, or healthcare operations without an individual’s consent. However, in all situations, when such private information has to be revealed, it should be in accordance with the HIPAA minimum necessary…

The HHS Office of Civil Rights (OCR) provides direction to healthcare entities to implement safeguards for the privacy and security of patients’ protected health information (ePHI) and ensure HIPAA compliance. However, the first crucial step in this direction is to conduct a HIPAA risk assessment, which identifies critical risks and security loopholes. Risk assessment helps…

Every organization should be able to recover quickly from any disaster that stops day-to-day operations. It goes without saying that without a recovery plan in place to handle disasters, organizations not only lose sensitive data but also cause irreparable reputational damage. The same applies to the healthcare industry. To ensure moderation and consistency, HIPAA has…

Your cloud service provider is HIPAA compliant. But that doesn’t mean you are too!  As a Covered Entity or a Business Associate who uses a HIPAA-compliant cloud to create, receive, maintain, and send protected health information (PHI), your compliance efforts don’t and mustn’t end there. While using a compliant cloud service provider is a must,…