Device and Media Controls - Part 1

Episode 61: Know The Rules! Device and Media Controls – Part 1

Device and Media Controls In this week’s “Know The Rules!,” I am talking about the first two elements of the HIPAA Device and Media Controls security standard, 45 CFR §164.310(d)(1). The Device and Media Controls standard requires Covered Entities (CEs) and their Business Associates (BAs) to: Implement policies and procedures that govern the receipt and […]

Minimum Necessary

Episode 60: Know The Rules! Minimum Necessary

HIPAA Privacy Rule Minimum Necessary In this week’s “Know The Rules!,” I am discussing the Privacy Rule minimum necessary standard, [45 CFR 164.502(b), 164.514(d)]. Minimum necessary applies: When using or disclosing protected health information (PHI) or when requesting PHI from another Covered Entity (CE) or Business Associate (BA), a CE or BA must make reasonable […]

Phishing

Episode 59: Know The Rules! Phishing

How To Spot Phishing In this week’s “Know The Rules!,” I present different methods Covered Entities (CEs) and Business Associates (BAs) can use to detect and avoid phishing attacks. Spam & Phishing on Social Networks Spam, phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites, like Facebook, WhatsApp, […]

Audit Controls

Episode 57: Know The Rules! Audit Controls

Understanding the Importance of Audit Controls The HIPAA Security Rule provision on Audit Controls (45 C.F.R. § 164.312(b)) requires Covered Entities (CEs) and Business Associates (BAs) to apply hardware, software, and/or procedural mechanisms that record and examine activity within information systems that contain or use electronic protected health information (ePHI). Audit controls produce audit reports […]

Anti-Kickback

Episode 55: Know The Rules! Anti-Kickback Statute

Today, I am presenting a case study of what happens when a Covered Entity (CE) and a pharmaceutical company collude to violate the Federal Anti-Kickback Statute and the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Healthcare has a Federal Anti-kickback Statute (AKS), 42 U.S.C. § 1320a-7b(b), that makes it illegal for providers to […]

Workstation Use

Episode 53: Know The Rules! Workstation Use

Workstation Use In this week’s “Know The Rules!,” I am diving into the second standard of Physical Safeguards of the Health Insurance Portability and Accountability Act (HIPAA) Security Standards: Workstation Use, 45 CFR § 164.310(b). Physical security is an important component of the HIPAA Security Rule that is often overlooked. What constitutes appropriate physical security […]

Information Access Management

Episode 52: Know The Rules! Information Access Management

What is Information Access Management? The fourth standard in the Administrative Safeguards section is Information Access Management. Covered Entities (CEs) and their Business Associates (BAs) are required to: “Implement policies and procedures for authorizing access to electronic protected health information that are consistent with the applicable requirements of subpart E of this part [the Privacy […]