HIPAA Questions and Answers

In order to be HIPAA compliant, organisations must know what is considered Protected Health Information (PHI) under HIPAA. This is essential because anything that does…

It may seem obvious who HIPAA applies to – anyone with access to health information – but it is not as simple as one might…

One of the main aims Health Information Portability and Accountability Act of 1996 is to safeguard patient privacy, but who can violate HIPAA? The Act…

The complicated nature of healthcare legislation can make it hard to interpret when HIPAA does apply to employers. This is, in part, due to the…

Whether accidental or intentional, what happens if HIPAA is violated? Can employees be fired for violating HIPAA? What penalties are there for covered entities? These…

Ideally, there should be no need to promote HIPAA awareness, as employees would always be aware of HIPAA and acting in a HIPAA-compliant manner. However,…

It may be one of the most popular cloud-based document management services on the market, but is SharePoint HIPAA compliant?  Developed by Microsoft, SharePoint is…

HIPAA is long and complex, with many different stipulations and requirements. Here, we examine just one part of the HIPAA compliance requirements, answering the question:…

First introduced in 1996 to allow workers to maintain health insurance cover as they moved from one job to another, the Health Insurance Portability and…

Can employees be fired if they accidentally commit a HIPPA violation? The answer to this question will depend on a range of factors, not least…

For HIPAA entities it can be tricky to determine how regularly HIPAA training should be conducted as the Privacy Rule states that it need only…

It has been 26 years since it was enacted, but is HIPAA still in effect? Yes, it is, but it is now quite different from…

Although Title II of the Health Insurance Portability and Accountability Act (HIPAA) stipulates HIPAA training is mandatory “for all members of the workforce”, the Privacy…

The rules regarding HIPAA compliance and patient telephone calls have been clarified with a Declaratory Ruling and Order issued by the Federal Communication Commission (FCC)….

When it come to HIPAA training and how often it should be scheduled both the HIPAA Privacy Rule and HIPAA Security Rule have training provisions…

Hospital must adhere with the HIPAA Privacy, Security, and Breach Notifications Rules and put in place security measure to stop HIPAA breaches. However, even with…

The HHS’ Civil Rights Office has publicly acknowledged its 18th HIPAA financial penalty of the year, with the 12th fine under its HIPAA Right of…

At the time that the HITECH ACT was passed, 2009, it was referred to as “the most important piece of healthcare legislation to be passed…

What are the civil penalties for knowingly breaching HIPAA laws? What is the highest possible financial penalty for a HIPAA violation and when are fines…

The HIPAA regulations for SMS do not specifically rule out the implementation of a “Short Message Service” to share Protected Health Information (PHI), but they…

The Healthcare Insurance Portability and Accountability Act states that a person (or persons) within a Covered Entity or Business Associate must be given the duties…

HIPAA states that covered entities must conduct training for staff to ensure HIPAA Rules and regulations are fully comprehended. As part of this HIPAA training,…

A HIPAA business associate agreement (BAA) is contract between a HIPAA-covered entity and a vendor that is providing a service to that covered entity. They…

Breaches of HIPAA often occur due to a lack of comprehension of HIPAA requirements, particularly in relation to healthcare workers breaching the data privacy legislation….

A completed HIPAA release form must be handed over by a patient before their protected health information can be disclosed to other individuals or groups,…

“HIPAA Certification” is not an officially-recognized qualification to indicate that a Covered Entity or Business Associate is HIPAA compliant. It is just a certificate indicating…

This article looks into the 10 of the most common HIPAA violations. It should be remember that, in a lot of instances, investigations have found…

On August 21, 1996 then US President Bill Clinton added his signature to the Health Insurance Portability and Accountability Act and HIPAA was passed into…

The best practices for cyber threat information sharing has been published by the Healthcare and Public Health Sector Coordinating Council (HSCC). This new information is…

The HHS has put together a Request for Information (RFI) to identify how HIPAA Rules are hindering patient information sharing and creating boundaries for healthcare…

The evolution of technology has made it easier and easier for professionals within the healthcare sector. However, in tandem with this growth so has grown…

In the context of the Health Insurance Portability and Accountability Act (HIPAA), PHI is an acronym for Protected Health Information – defined by the Privacy…

A limited data set under HIPAA is a group of identifiable healthcare data that the HIPAA Privacy Rule permits covered groups to share with certain…

Asking the question “Does HIPAA Apply to Employers” leads to a number of different answers as a result of the complicated nature of the HIPAA…

Within the healthcare sector there has been a massive shift in the last 10-15 years towards sharing Private health Information digitally to many different clients…

If HIPAA rules are breached on purpose or by accident the financial implications can be massive. Even if a breach is discovered but you do…

Facebook may be considered a useful platform for connected people and corresponding. However, could it be used by healthcare organizations as the messaging service for…

A HIPAA breach refers to the capture, viewing, use or sharing of Private Health Information in a manner not adhering with the HIPAA ACT ,…

The question ‘is Google Forms HIPAA compliant and suitable for use by healthcare organizations?’ is extremely important as this is a very popular survey administration…

In most instances, emergency notification systems for business would not be implemented in order to share Protected Health Information (PHI); but if there was an…

Calendly is a tool that is popularly used by many businesses for managing meeting and appointment schedules. Can Calendly be used by healthcare organizations? Does…

Evernote is a cloud-based application that is handy for taking notes, planning projects, making to do lists, and working together in teams. Nevertheless, can healthcare…

Google Keep is a web-based note taking program that makes it possible to create notes and share them through several devices. The platform is famous,…

Return Path is an email marketing and optimization system that allows organizations to have autopilot management of their email marketing campaigns and analytics. A lot…

The latest amendments in HIPAA widen the extent of the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical…

An employee who discovers an HIPAA violation committed by the company management or by a co-employee may want to report the incident to the Department…

The General Data Protection Regulation was enforced in the EU on May 25, 2018. Businesses gathering or processing the personal information of residents in the…

If you think that a HIPAA violation occurred in your workplace, would you report it? How and to whom? If by accident you have violated…

About 750,000 businesses today use Zoom as it is a popular video and web conferencing program. Are healthcare organizations allowed to use Zoom for sharing…

Google Sheets is a service for creating, viewing and sharing spreadsheets provided by Google. Is it all right for HIPAA-covered entities to use Google Sheets…

In relation to the use of new technology, the healthcare industry is quite slow compared to other industries. It is an undeniable fact that the…

The Privacy Rule stipulates patient rights under HIPAA which Covered Entities must comply with if they are to meet the requirements of the Health Insurance…

Can Google Docs be considered as HIPAA compliant? Is uploading of files with protected health information (PHI) to Google Docs allowed? This post will evaluate…

Healthcare organizations often ask about the HIPAA compliance of Google services. One Google product that particularly caused some misunderstandings is Google Hangouts. Can healthcare professionals…

Cloud storage services are a convenient way for people to store and share data. Though people use diverse devices from varied places, they can gain…

WebEx is an online video conferencing and collaboration platform that organizations use to facilitate communication among persons and partners from different places so that they…

Zoho is a collection of cloud-based tools and applications developed by a Pleasanton, CA-based company since 1996. Zoho products and services include the following: Zoho…

Can healthcare companies use HelloFax for sending documents with protected health information (PHI)? Does this fax service support HIPAA compliance? Regular fax machines are not…

Google Forms is a web-based tool that anybody can utilize to make surveys and obtain the opinion of people. Is it all right for healthcare…

Email is a useful and simple way of communication. Is it okay for healthcare providers to use email to send electronic protected health information (ePHI)…

Organizations that are collecting or processing the personal information of people living in the European Union must revise their retention policy to make it GDPR…

Slack is a useful communication and collaboration tool. But the HIPAA compliance of Slack before using in the healthcare industry must be clarified. . Can…

Beginning May 25, 2018, the European Union (EU) General Data Protection Regulation (GDPR) was enforced. The GDPR oversees the security of private data of individuals…

The HIPAA Risk analysis is an essential part of HIPAA compliance, however plenty of healthcare companies and business associates fail at it. Hence they are…

The implementation of the General Data Protection Regulation (GDPR) allowed EU residents to enjoy new legal rights and freedoms. Citizens have more control over their…

ProPublica published a study in 2015 which presented HIPAA social media violations involving healthcare workers in 2015. If not dealt with, there will possibly be…

In general, the General Data Protection Regulation (GDPR) is applicable to European Union citizens residing in the European Union. Does the GDPR still apply if…

In order to comply with the HIPAA password requirements, it is best to understand what they are so you can determine whether they apply to…

The Department of Health and Human Services’ Office for Civil Rights released its cybersecurity newsletter for August 2018 and told HIPAA-covered entities to be certain…

A patient-signed HIPAA release form should be secured before sharing the protected health information (PHI) with other people or providers, except in the event of…

Geofencing technology creates an electronic fence surrounding a specific location or area online. Going into that invisible boundary triggers the sending of push notifications to…

Entities working in the healthcare industry need access to protected health information (PHI), which is why they need to know what the HIPAA law considers…

Intercom is a messaging software-as-a-service solution that is popular among businesses that chat with their clients. There is a potential use for this software in…

Many organizations record telephone calls to maintain quality, train employees and resolve client disputes.  However with the observance of the GDPR guidelines starting May 25,…

SendGrid is a service that businesses use for sending email messages. It is a very quick and easy way to communicate marketing messages to clients….

The General Data Protection Regulation (GDPR) was enforced in the European Union on May 25, 2018. Its goal is to make certain that data protection…

The General Data Protection Regulation (GDPR) allows data subjects to object to using their data in certain ways. But what specifically does it mean to…

The General Data Protection Regulation (GDPR) is a law that is going to determine how the personal data of people in the European Union (EU)…

An HIPAA audit checklist is a helpful resource for healthcare organizations and other HIPAA covered entities. It aims to determine existing risks to the integrity…

The General Data Protection Regulation is going to be enforced soon on May 25, 2018. One thing that institutions are realizing is the cost of…

The General Data Protection Regulation or GDPR is a legislation of the European Union (EU) which was approved on April 27, 2016. It is going…

The healthcare industry experiences many insider breaches every year which calls on covered entities and business associates to take steps to reduce the occurrence of…

Healthcare employees need to be aware of the HIPAA rules and regulations and the possible penalties if they break these rules. This is why covered…

Uber Health, which beta launched this March, is a platform that is used for arranging cost effective transportation for patients. About 100 healthcare organizations need…