Ransomware attacks in the healthcare industry have become increasingly common in recent years, threatening patient care, disrupting daily operations, and possibly compromising protected health information (PHI). Under HIPAA rules, organizations…
Category: HIPAA & Compliance
What is the False Claims Act in Healthcare?
What is the relationship between the healthcare industry and the False Claims Act? Turns out, it is pretty intimate! In this Article … The False Claims Act – some background…
A Proposed HIPAA Rule Change for 2023
A proposed HIPAA Rule change for 2023 was an early Christmas gift from the Health and Human Services Department (HHS)! On December 21, 2022, HHS released a proposed rule covering…
Is Zoom HIPAA Compliant?
The Health Insurance Portability and Accountability Act (HIPAA) is the federal law that required the creation of national standards to protect sensitive patient health information. And the question “Is Zoom…
Mastering the OIG Exclusion List
In this Article … What is the OIG Exclusion list? Who is on the OIG Exclusion list? What does it mean if an employee is on the OIG Exclusion List?…
What Methods are Acceptable for Destruction of PHI?
The Health Insurance Portability and Accountability Act (HIPAA) sets strict standards for the destruction of protected health information (PHI). PHI is any patient health information that can be used to…
Understanding the Penalties for HIPAA Non-Compliance
Penalties for HIPAA non-compliance can be severe, and both healthcare providers and business associates need to be aware of the risks that come with violating HIPAA Rules. This article provides…
Critical Access Hospital Compliance Plan
Is there anything particularly special about a Critical Access Hospital Compliance Plan? Not really; the same Office of Inspector General Guidance for Hospital Compliance Plans applies to critical access hospitals…
Hospital Compliance Program – Board Concerns
Hospitals commonly have a Hospital Compliance Program. Members of the Board of Directors read about problems or actual misconduct at other institutions. They want to know what the CEO is…
What is a Corporate Integrity Agreement?
It seems these days the Office of Inspector General (OIG) of the Health and Human Services (HHS) Department is always busy with settlements or enforcements with healthcare providers. When the…
HIPAA Privacy Rules – Scope and Protection
In 2023 we will observe the twentieth anniversary of the publication of the HIPAA Privacy Rules. The HIPAA Privacy Rule, just like the HIPAA Security Rule, and the Breach Notification Rule,…
Risk Assessment for a Breach of PHI
When should you do a risk assessment for a breach of PHI? The short answer is any time you have a confirmed unauthorized disclosure of protected health information (PHI). The…
The Hospital Compliance Officer: what you need to know
This year has not resulted in a slowdown in the need for a competent Hospital Compliance Officer. In fact, if anything, it has increased the demand for such a person…
Healthcare Compliance Program Policies and Procedures
Healthcare compliance program policies and procedures – that is the subject your boss has just asked you about. You realize while you have heard about this topic, you aren’t really…
Is Office 365 HIPAA Compliant?
Is Office 365 HIPAA compliant? A critical question, considering the worldwide usage of this program/application. “Office”, which is created by Microsoft, holds several tools for your business. These tools include…
HIPAA Encryption – Required or Not?
Does HIPAA require encryption? Well … encryption is not yet required to be HIPAA-compliant, but it is recommended. You must ensure that your ePHI (electronic Protected Health Information) is protected…
Independent Review Organization – Required by Your CIA
An Independent Review Organization (IRO) is an essential component of a Corporate Integrity Agreement executed with a healthcare organization. Every year, many healthcare organizations and providers enter into a Corporate…
HIPAA Security Standards – what are the 3 “big ones”?
HIPAA outlines the protection of protected health information (PHI). Part of HIPAA is the HIPAA Security Rule, or HIPAA Security Standards, which requires healthcare providers to protect electronic PHI (ePHI)….
Corporate Integrity Agreements in Healthcare Explained in 3 Minutes
Corporate integrity agreements in healthcare (CIA) serve as binding contracts between an organization and the Office of the Inspector General (OIG). The organization accepts all the terms and conditions that…
HIPAA Text Messaging – How Compliant is it?
Since so many people use text messaging, healthcare organizations may ask, “Is texting HIPAA compliant? And if so, how can I ensure I’m doing it right?” Although the government has…