Device and Media Controls In this week’s “Know The Rules!,” I am talking about the first two elements of the HIPAA Device and Media Controls security standard, 45 CFR §164.310(d)(1). The Device and Media Controls standard requires Covered Entities (CEs) and their Business Associates (BAs) to: Implement policies and procedures that govern the receipt and […]
HIPAA Privacy Rule Minimum Necessary In this week’s “Know The Rules!,” I am discussing the Privacy Rule minimum necessary standard, [45 CFR 164.502(b), 164.514(d)]. Minimum necessary applies: When using or disclosing protected health information (PHI) or when requesting PHI from another Covered Entity (CE) or Business Associate (BA), a CE or BA must make reasonable […]
How To Spot Phishing In this week’s “Know The Rules!,” I present different methods Covered Entities (CEs) and Business Associates (BAs) can use to detect and avoid phishing attacks. Spam & Phishing on Social Networks Spam, phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites, like Facebook, WhatsApp, […]
Look Out For Donation Scams After a natural disaster or tragic event, when people are reeling from the devastating impact of events, and members of the public are eager to do whatever they can to assist by making a donation. All too often when tragedy strikes, you need to be aware for scams that prey […]
Understanding the Importance of Audit Controls The HIPAA Security Rule provision on Audit Controls (45 C.F.R. § 164.312(b)) requires Covered Entities (CEs) and Business Associates (BAs) to apply hardware, software, and/or procedural mechanisms that record and examine activity within information systems that contain or use electronic protected health information (ePHI). Audit controls produce audit reports […]
What does the HIPAA Notice of Privacy Practices mean to you? The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that sets rules about who can look at and receive your protected health information (PHI). When you see a provider (known as a Covered Entity), check in to a hospital, have a […]
Today, I am presenting a case study of what happens when a Covered Entity (CE) and a pharmaceutical company collude to violate the Federal Anti-Kickback Statute and the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Healthcare has a Federal Anti-kickback Statute (AKS), 42 U.S.C. § 1320a-7b(b), that makes it illegal for providers to […]
Do I need my HIPAA Security Plan Evaluated? It is important for Covered Entities (CEs) and Business Associates (BAs) to know if their security plans and procedures continue to adequately protect their electronic protected health information (ePHI). To accomplish this, CEs and BAs must implement and monitor your Evaluation Plan. CEs and BAs must periodically […]
Workstation Use In this week’s “Know The Rules!,” I am diving into the second standard of Physical Safeguards of the Health Insurance Portability and Accountability Act (HIPAA) Security Standards: Workstation Use, 45 CFR § 164.310(b). Physical security is an important component of the HIPAA Security Rule that is often overlooked. What constitutes appropriate physical security […]
What is Information Access Management? The fourth standard in the Administrative Safeguards section is Information Access Management. Covered Entities (CEs) and their Business Associates (BAs) are required to: “Implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of subpart E of this part [the Privacy […]