HIPAA Questions and Answers

On August 21, 1996 then US President Bill Clinton added his signature to the Health Insurance Portability and Accountability Act and HIPAA was passed into…

The best practices for cyber threat information sharing has been published by the Healthcare and Public Health Sector Coordinating Council (HSCC). This new information is…

The HHS has put together a Request for Information (RFI) to identify how HIPAA Rules are hindering patient information sharing and creating boundaries for healthcare…

The evolution of technology has made it easier and easier for professionals within the healthcare sector. However, in tandem with this growth so has grown…

The term PHI a reference that normally refers to healthcare data, but what does PHI refer to, and what data is the subject of the…

A limited data set under HIPAA is a group of identifiable healthcare data that the HIPAA Privacy Rule permits covered groups to share with certain…

Asking the question “Does HIPAA Apply to Employers” leads to a number of different answers as a result of the complicated nature of the HIPAA…

Within the healthcare sector there has been a massive shift in the last 10-15 years towards sharing Private health Information digitally to many different clients…

If HIPAA rules are breached on purpose or by accident the financial implications can be massive. Even if a breach is discovered but you do…

Facebook may be considered a useful platform for connected people and corresponding. However, could it be used by healthcare organizations as the messaging service for…

A HIPAA breach refers to the capture, viewing, use or sharing of Private Health Information in a manner not adhering with the HIPAA ACT ,…

The question ‘is Google Forms HIPAA compliant and suitable for use by healthcare organizations?’ is extremely important as this is a very popular survey administration…

In most instances, emergency notification systems for business would not be implemented in order to share Protected Health Information (PHI); but if there was an…

Calendly is a tool that is popularly used by many businesses for managing meeting and appointment schedules. Can Calendly be used by healthcare organizations? Does…

Evernote is a cloud-based application that is handy for taking notes, planning projects, making to do lists, and working together in teams. Nevertheless, can healthcare…

Google Keep is a web-based note taking program that makes it possible to create notes and share them through several devices. The platform is famous,…

Return Path is an email marketing and optimization system that allows organizations to have autopilot management of their email marketing campaigns and analytics. A lot…

The latest amendments in HIPAA widen the extent of the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical…

An employee who discovers an HIPAA violation committed by the company management or by a co-employee may want to report the incident to the Department…

The General Data Protection Regulation was enforced in the EU on May 25, 2018. Businesses gathering or processing the personal information of residents in the…

If you think that a HIPAA violation occurred in your workplace, would you report it? How and to whom? If by accident you have violated…

About 750,000 businesses today use Zoom as it is a popular video and web conferencing program. Are healthcare organizations allowed to use Zoom for sharing…

Google Sheets is a service for creating, viewing and sharing spreadsheets provided by Google. Is it all right for HIPAA-covered entities to use Google Sheets…

In relation to the use of new technology, the healthcare industry is quite slow compared to other industries. It is an undeniable fact that the…

The Health Insurance Portability and Accountability Act (HIPAA) covers healthcare data privacy, but what are patient rights under HIPAA? In this post we explain the…

Can Google Docs be considered as HIPAA compliant? Is uploading of files with protected health information (PHI) to Google Docs allowed? This post will evaluate…

Healthcare organizations often ask about the HIPAA compliance of Google services. One Google product that particularly caused some misunderstandings is Google Hangouts. Can healthcare professionals…

Cloud storage services are a convenient way for people to store and share data. Though people use diverse devices from varied places, they can gain…

WebEx is an online video conferencing and collaboration platform that organizations use to facilitate communication among persons and partners from different places so that they…

Zoho is a collection of cloud-based tools and applications developed by a Pleasanton, CA-based company since 1996. Zoho products and services include the following: Zoho…

Can healthcare companies use HelloFax for sending documents with protected health information (PHI)? Does this fax service support HIPAA compliance? Regular fax machines are not…

Google Forms is a web-based tool that anybody can utilize to make surveys and obtain the opinion of people. Is it all right for healthcare…

Email is a useful and simple way of communication. Is it okay for healthcare providers to use email to send electronic protected health information (ePHI)…

Organizations that are collecting or processing the personal information of people living in the European Union must revise their retention policy to make it GDPR…

Slack is a useful communication and collaboration tool. But the HIPAA compliance of Slack before using in the healthcare industry must be clarified. . Can…

Beginning May 25, 2018, the European Union (EU) General Data Protection Regulation (GDPR) was enforced. The GDPR oversees the security of private data of individuals…

The HIPAA Risk analysis is an essential part of HIPAA compliance, however plenty of healthcare companies and business associates fail at it. Hence they are…

The implementation of the General Data Protection Regulation (GDPR) allowed EU residents to enjoy new legal rights and freedoms. Citizens have more control over their…

ProPublica published a study in 2015 which presented HIPAA social media violations involving healthcare workers in 2015. If not dealt with, there will possibly be…

In general, the General Data Protection Regulation (GDPR) is applicable to European Union citizens residing in the European Union. Does the GDPR still apply if…

As per the HIPAA password requirements, there should be steps for making, modifying and protecting passwords except if there’s another secure method that is just…

The Department of Health and Human Services’ Office for Civil Rights released its cybersecurity newsletter for August 2018 and told HIPAA-covered entities to be certain…

A patient-signed HIPAA release form should be secured before sharing the protected health information (PHI) with other people or providers, except in the event of…

Geofencing technology creates an electronic fence surrounding a specific location or area online. Going into that invisible boundary triggers the sending of push notifications to…

Entities working in the healthcare industry need access to protected health information (PHI), which is why they need to know what the HIPAA law considers…

Intercom is a messaging software-as-a-service solution that is popular among businesses that chat with their clients. There is a potential use for this software in…

Many organizations record telephone calls to maintain quality, train employees and resolve client disputes.  However with the observance of the GDPR guidelines starting May 25,…

SendGrid is a service that businesses use for sending email messages. It is a very quick and easy way to communicate marketing messages to clients….

The General Data Protection Regulation (GDPR) was enforced in the European Union on May 25, 2018. Its goal is to make certain that data protection…

The General Data Protection Regulation (GDPR) allows data subjects to object to using their data in certain ways. But what specifically does it mean to…

The General Data Protection Regulation (GDPR) is a law that is going to determine how the personal data of people in the European Union (EU)…

An HIPAA audit checklist is a helpful resource for healthcare organizations and other HIPAA covered entities. It aims to determine existing risks to the integrity…

The General Data Protection Regulation is going to be enforced soon on May 25, 2018. One thing that institutions are realizing is the cost of…

The General Data Protection Regulation or GDPR is a legislation of the European Union (EU) which was approved on April 27, 2016. It is going…

The healthcare industry experiences many insider breaches every year which calls on covered entities and business associates to take steps to reduce the occurrence of…

Healthcare employees need to be aware of the HIPAA rules and regulations and the possible penalties if they break these rules. This is why covered…

Uber Health, which beta launched this March, is a platform that is used for arranging cost effective transportation for patients. About 100 healthcare organizations need…

WordPress is a popular content management system that anyone can use to create websites quickly. Many businesses use WordPress but is it HIPAA compliant so…

If you’re thinking of setting up a business in the healthcare industry that will likely have access to protected health information, it’s necessary to know…

Google Calendar is one of the products and services offered in Google’s G Suite, which was launched in 2006. It is a tool that is…

Google Slides is a web-based presentation editor that can be used to create slide shows, project presentations and training material. It can be used for…

Many healthcare organizations today use cloud platforms like Azure and AWS. In fact, the value of the healthcare cloud computing market was determined to be…

When covered entities “knowingly” violate HIPAA Rules, what is the financial penalty and when are fines issued? It is important to know the answers to…

Zendesk is a platform offering customer service software and support ticketing system. Over 200,000 companies use Zendesk for handling customer support, managing customer queries and…

Email is a very useful and convenient way of communication nowadays. Can healthcare organizations use email to send patients their electronic protected health information? Is…

Office 365 is Microsoft’s set of subscription products that includes the following programs: Word, Excel, OneNote, PowerPoint, Outlook, Access and Publisher.  Can healthcare organizations use…

Vendors who offer their services to healthcare organizations understand the importance of being recognized as HIPAA compliant. Hence, many service providers often ask if it…

When the management or employees in your organization violate the HIPAA rules and you happen to know about, would you report it to the Department…

eFileCabinet is a document management system (DMS) that many businesses have been using for on-site and cloud storage. Is this platform suitable for healthcare organizations…

Using the cloud as repository of ePHI has certain advantages that prompt many healthcare organizations to transition to the cloud. Here are a number of…

Many healthcare organizations are transitioning to utilizing the cloud for managing patients’ ePHI. But before any HIPAA covered entity does the same thing, it is…

Ademero is a document management software (DMS) that businesses use to monitor and manage their documents. The software likewise helps them go paperless and transition…

When HIPAA-covered entities along with their business associates stop doing business, the duty to follow HIPAA rules doesn’t stop yet. This simple fact was made…

Box is another popular cloud storage and content management service. Anyone can create a Box account and use personally for file-sharing, uploading content and inviting…

Before answering the question whether FaceTime is HIPAA compliant, it has to be acknowledged at the outset that no communications platform will be completely HIPAA…

According to the Protected Health Information Data Breach Report of Verizon, 58% of healthcare data breaches are caused by insiders. The problem is the difficulty…

Healthcare organizations can use email to send messages internally. If the email system is protected by a firewall, there’s no need to encrypt messages. But…

How many healthcare data breaches occurred in 2017 and how many of those violated HIPAA rules resulted in financial penalties? It’s difficult to get accurate…

Can HIPAA-covered entities use G Suite without violating HIPAA Rules? G Suite was developed by Google with privacy and security protection features necessary to safeguard…

Many covered entities get confused on the topic of HIPAA medical records retention and other record retention requirements. But the retention requirements of HIPAA are…

The Centers for Medicare and Medicaid Services (CMS) sent emails to healthcare providers last November 2017 to explain the prohibited use of text messages in…

Can healthcare organizations and its employees use Google Voice? Is it HIPAA compliant? Google Voice is a telephony service that provides voicemail and voicemail transcription…

People including doctors and nurses use chat platforms for communication. The question is whether these platforms are acceptable for sending PHI? A popular chat platform…

Healthcare organizations are not prohibited by HIPAA to use cloud services. Cloud services allow organizations to lower their IT costs. But there are rules to…

Many HIPAA covered entities do not fully understand the HIPAA Conduit Exception Rule. As a result, there are services that are misclassified as conduit when…

What is PHI? PHI is a commonly used term in healthcare, but some people do not fully understand what it means. Let’s talk about PHI…

HIPAA-covered entities are responsible for making sure that the transmission of protected health information by email is secured. The entity may choose any HIPAA compliant…