Breach Notification Times – Do You Know Them? Last week I broke down the HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, what the Health and Human Services (HHS) requires Covered Entities (CEs) AND their Business Associates (BAs) to do in the event of a breach of unsecured protected health information (PHI). Time Is on My Side […]
HHS is not the only game in town In this week’s installment of Know The Rules! I am breaking down the HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, directly from Health and Human Services (HHS). HIPAA Breach Notification Rule requires Covered Entities (CEs) AND their Business Associates (BAs) to provide notification following a breach […]
Join Us – Members Only! To all our readers and followers of “Know The Rules!” blog, Thank You!! Our blog began in September 2017, with the mission to bring HIPAA compliance awareness to Covered Entities (CEs) and their Business Associates (BAs). We believe we have accomplished that mission. The time has come for us to […]
Appointing Your HIPAA Compliance Officer The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires Business Associates formally designate a Compliance Officer. They will be responsible for managing the security of protected health information (PHI). Your HIPAA Compliance Officer’s job description needs to outline responsibilities for establishing and maintaining HIPAA compliant mechanisms. This is […]
Don’t Talk to the Media Today’s “Know The Rules!” No Comment – that’s what he should have said is all about knowing when it is better to say nothing at all. You know when your mother tells you not to do something and you do it anyway!! What usually happens … I don’t know about […]
Social Media Policy – Do You Have One? Your social media policy should define and control your organization’s use of social media. Remember: There is no one size fits all solution, so what we recommend is to review a variety of approaches in order to determine what may work well for you. Here are some […]
Social Media – The Good, The Bad, and The Ugly … Without guidance from Health and Human Services, it can be difficult to know how to navigate the healthcare social media rules. Providers, agencies, and brands need to create informative, engaging social content. At the same time, you need to follow industry rules and regulations. […]
When Things Get Really Ugly … Here is an example of what NOT to do on social media!! This post was made in a PUBLIC Facebook group for medical billers. When I saw it … That’s right it did make my blood boil. I immediately sent a private message to the […]
Why Does It Matter? The Administrative Safeguards of the HIPAA Security Rule requires Covered Entities (CEs) and Business Associates(BAs) to: Implement procedures for creating, changing and safeguarding passwords [For details see: Security Awareness and Training, §164.308(a)(5)]. Make sure you create and regularly use strong passwords (i.e. usually 10 characters or more and includes uppercase and lowercase letters, numbers, and special characters […]
Difference between Security Incidents vs Breaches Today, I am going to discuss the differences between security incidents vs breaches for you. First, allow me to set the stage with definitions to provide some clarification. What are Security Incidents? HIPAA defines security incidents as attempted or successful unauthorized access, use, disclosure, modification, or destruction of information […]