Breach Notification Times

Ep. 85: Know The Rules! Breach Notification Times

Breach Notification Times – Do You Know Them? Last week I broke down the HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, what the Health and Human Services (HHS) requires Covered Entities (CEs) AND their Business Associates (BAs) to do in the event of a breach of unsecured protected health information (PHI). Time Is on My Side […]

HIPAA Breach Notification Rule

Ep. 84: Know The Rules! HIPAA Breach Notification Rule

HHS is not the only game in town In this week’s installment of Know The Rules! I am breaking down the HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, directly from Health and Human Services (HHS). HIPAA Breach Notification Rule requires Covered Entities (CEs) AND their Business Associates (BAs) to provide notification following a breach […]

HIPAA Compliance Officer

Ep. 82: Know The Rules! HIPAA Compliance Officer

Appointing Your HIPAA Compliance Officer The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires Business Associates formally designate a Compliance Officer. They will be responsible for managing the security of protected health information (PHI). Your HIPAA Compliance Officer’s job description needs to outline responsibilities for establishing and maintaining HIPAA compliant mechanisms. This is […]

The Good, The Bad, and The Ugly

Ep. 79: Know The Rules! Social Media – The Good, The Bad, and The Ugly

Social Media – The Good, The Bad, and The Ugly … Without guidance from Health and Human Services, it can be difficult to know how to navigate the healthcare social media rules. Providers, agencies, and brands need to create informative, engaging social content. At the same time, you need to follow industry rules and regulations. […]

Ep. 77: Know The Rules! Passwords and Passphrases

Why Does It Matter? The Administrative Safeguards of the HIPAA Security Rule requires Covered Entities (CEs) and Business Associates(BAs) to: Implement procedures for creating, changing and safeguarding passwords [For details see: Security Awareness and Training, §164.308(a)(5)]. Make sure you create and regularly use strong passwords (i.e. usually 10 characters or more and includes uppercase and lowercase letters, numbers, and special characters […]

Security Incidents vs Breaches

Ep. 76: Know The Rules! Security Incidents vs Breaches

Difference between Security Incidents vs Breaches Today, I am going to discuss the differences between security incidents vs breaches for you. First, allow me to set the stage with definitions to provide some clarification. What are Security Incidents? HIPAA defines security incidents as attempted or successful unauthorized access, use, disclosure, modification, or destruction of information […]