HIPAA

An insurer agreed to a multimillion dollar HIPAA settlement in the Office for Civil Rights’ (OCR) second HIPAA settlement of the year. The agency looks to be on track to continue last year’s trend of increased activity and high-profile multimillion dollar settlements.

Q. Should we include employees’ personal mobile devices in our risk analysis?

An Illinois healthcare network is the first organization hit with a HIPAA settlement fine for violating the timely breach notification requirement, the Office for Civil Rights (OCR) announced January 9.

Q. Are we required to report cybersecurity incidents to federal agencies other than the Office for Civil Rights, such as the Department of Homeland Security?

The Office for Civil Rights (OCR) and the Office of the National Coordinator Health Information Technology released a fact sheet on disclosing protected health information (PHI) in support of public health activities conducted by state or federal public health agencies.

Q. Are we required to use encryption on all email, or only email that contains PHI?

This month's HIPAA Q&A answers our readers' questions about patient memorials, ROI requests from attorneys, state privacy laws, and more.

All of the policies and procedures in the world won’t ensure your staff are paying enough attention to privacy and security.

Check out these Briefings on HIPAA articles you may have missed last year.

Marketing is everywhere—even in healthcare. It’s an invaluable tool to attract and retain patients and a routine part of advertising new services and products but it’s also strictly regulated under HIPAA. Failure to properly train and educate staff can lead to HIPAA violations and the kind of bad press that’s difficult to put a positive spin on.