HIPAA Questions and Answers

Google Sheets is a service for creating, viewing and sharing spreadsheets provided by Google. Is it all right for HIPAA-covered entities to use Google Sheets…

In relation to the use of new technology, the healthcare industry is quite slow compared to other industries. It is an undeniable fact that the…

The Health Insurance Portability and Accountability Act (HIPAA) covers healthcare data privacy, but what are patient rights under HIPAA? In this post we explain the…

Can Google Docs be considered as HIPAA compliant? Is uploading of files with protected health information (PHI) to Google Docs allowed? This post will evaluate…

Healthcare organizations often ask about the HIPAA compliance of Google services. One Google product that particularly caused some misunderstandings is Google Hangouts. Can healthcare professionals…

Cloud storage services are a convenient way for people to store and share data. Though people use diverse devices from varied places, they can gain…

WebEx is an online video conferencing and collaboration platform that organizations use to facilitate communication among persons and partners from different places so that they…

Zoho is a collection of cloud-based tools and applications developed by a Pleasanton, CA-based company since 1996. Zoho products and services include the following: Zoho…

Can healthcare companies use HelloFax for sending documents with protected health information (PHI)? Does this fax service support HIPAA compliance? Regular fax machines are not…

Google Forms is a web-based tool that anybody can utilize to make surveys and obtain the opinion of people. Is it all right for healthcare…

Email is a useful and simple way of communication. Is it okay for healthcare providers to use email to send electronic protected health information (ePHI)…

Organizations that are collecting or processing the personal information of people living in the European Union must revise their retention policy to make it GDPR…

Slack is a useful communication and collaboration tool. But the HIPAA compliance of Slack before using in the healthcare industry must be clarified. . Can…

Beginning May 25, 2018, the European Union (EU) General Data Protection Regulation (GDPR) was enforced. The GDPR oversees the security of private data of individuals…

The HIPAA Risk analysis is an essential part of HIPAA compliance, however plenty of healthcare companies and business associates fail at it. Hence they are…

The implementation of the General Data Protection Regulation (GDPR) allowed EU residents to enjoy new legal rights and freedoms. Citizens have more control over their…

ProPublica published a study in 2015 which presented HIPAA social media violations involving healthcare workers in 2015. If not dealt with, there will possibly be…

In general, the General Data Protection Regulation (GDPR) is applicable to European Union citizens residing in the European Union. Does the GDPR still apply if…

As per the HIPAA password requirements, there should be steps for making, modifying and protecting passwords except if there’s another secure method that is just…

The Department of Health and Human Services’ Office for Civil Rights released its cybersecurity newsletter for August 2018 and told HIPAA-covered entities to be certain…

A patient-signed HIPAA release form should be secured before sharing the protected health information (PHI) with other people or providers, except in the event of…

Geofencing technology creates an electronic fence surrounding a specific location or area online. Going into that invisible boundary triggers the sending of push notifications to…

Entities working in the healthcare industry need access to protected health information (PHI), which is why they need to know what the HIPAA law considers…

Intercom is a messaging software-as-a-service solution that is popular among businesses that chat with their clients. There is a potential use for this software in…

Many organizations record telephone calls to maintain quality, train employees and resolve client disputes.  However with the observance of the GDPR guidelines starting May 25,…

SendGrid is a service that businesses use for sending email messages. It is a very quick and easy way to communicate marketing messages to clients….

The General Data Protection Regulation (GDPR) was enforced in the European Union on May 25, 2018. Its goal is to make certain that data protection…

The General Data Protection Regulation (GDPR) allows data subjects to object to using their data in certain ways. But what specifically does it mean to…

The General Data Protection Regulation (GDPR) is a law that is going to determine how the personal data of people in the European Union (EU)…

An HIPAA audit checklist is a helpful resource for healthcare organizations and other HIPAA covered entities. It aims to determine existing risks to the integrity…

The General Data Protection Regulation is going to be enforced soon on May 25, 2018. One thing that institutions are realizing is the cost of…

The General Data Protection Regulation or GDPR is a legislation of the European Union (EU) which was approved on April 27, 2016. It is going…

The healthcare industry experiences many insider breaches every year which calls on covered entities and business associates to take steps to reduce the occurrence of…

Healthcare employees need to be aware of the HIPAA rules and regulations and the possible penalties if they break these rules. This is why covered…

Uber Health, which beta launched this March, is a platform that is used for arranging cost effective transportation for patients. About 100 healthcare organizations need…

WordPress is a popular content management system that anyone can use to create websites quickly. Many businesses use WordPress but is it HIPAA compliant so…

If you’re thinking of setting up a business in the healthcare industry that will likely have access to protected health information, it’s necessary to know…

Google Calendar is one of the products and services offered in Google’s G Suite, which was launched in 2006. It is a tool that is…

Google Slides is a web-based presentation editor that can be used to create slide shows, project presentations and training material. It can be used for…

Many healthcare organizations today use cloud platforms like Azure and AWS. In fact, the value of the healthcare cloud computing market was determined to be…

When covered entities “knowingly” violate HIPAA Rules, what is the financial penalty and when are fines issued? It is important to know the answers to…

Zendesk is a platform offering customer service software and support ticketing system. Over 200,000 companies use Zendesk for handling customer support, managing customer queries and…

Email is a very useful and convenient way of communication nowadays. Can healthcare organizations use email to send patients their electronic protected health information? Is…

Office 365 is Microsoft’s set of subscription products that includes the following programs: Word, Excel, OneNote, PowerPoint, Outlook, Access and Publisher.  Can healthcare organizations use…

Vendors who offer their services to healthcare organizations understand the importance of being recognized as HIPAA compliant. Hence, many service providers often ask if it…

When the management or employees in your organization violate the HIPAA rules and you happen to know about, would you report it to the Department…

eFileCabinet is a document management system (DMS) that many businesses have been using for on-site and cloud storage. Is this platform suitable for healthcare organizations…

Using the cloud as repository of ePHI has certain advantages that prompt many healthcare organizations to transition to the cloud. Here are a number of…

Many healthcare organizations are transitioning to utilizing the cloud for managing patients’ ePHI. But before any HIPAA covered entity does the same thing, it is…

Ademero is a document management software (DMS) that businesses use to monitor and manage their documents. The software likewise helps them go paperless and transition…

When HIPAA-covered entities along with their business associates stop doing business, the duty to follow HIPAA rules doesn’t stop yet. This simple fact was made…

Box is another popular cloud storage and content management service. Anyone can create a Box account and use personally for file-sharing, uploading content and inviting…

Before answering the question whether FaceTime is HIPAA compliant, it has to be acknowledged at the outset that no communications platform will be completely HIPAA…

According to the Protected Health Information Data Breach Report of Verizon, 58% of healthcare data breaches are caused by insiders. The problem is the difficulty…

Healthcare organizations can use email to send messages internally. If the email system is protected by a firewall, there’s no need to encrypt messages. But…

How many healthcare data breaches occurred in 2017 and how many of those violated HIPAA rules resulted in financial penalties? It’s difficult to get accurate…

Can HIPAA-covered entities use G Suite without violating HIPAA Rules? G Suite was developed by Google with privacy and security protection features necessary to safeguard…

Many covered entities get confused on the topic of HIPAA medical records retention and other record retention requirements. But the retention requirements of HIPAA are…

The Centers for Medicare and Medicaid Services (CMS) sent emails to healthcare providers last November 2017 to explain the prohibited use of text messages in…

Can healthcare organizations and its employees use Google Voice? Is it HIPAA compliant? Google Voice is a telephony service that provides voicemail and voicemail transcription…

People including doctors and nurses use chat platforms for communication. The question is whether these platforms are acceptable for sending PHI? A popular chat platform…

Healthcare organizations are not prohibited by HIPAA to use cloud services. Cloud services allow organizations to lower their IT costs. But there are rules to…

Many HIPAA covered entities do not fully understand the HIPAA Conduit Exception Rule. As a result, there are services that are misclassified as conduit when…

What is PHI? PHI is a commonly used term in healthcare, but some people do not fully understand what it means. Let’s talk about PHI…

HIPAA-covered entities are responsible for making sure that the transmission of protected health information by email is secured. The entity may choose any HIPAA compliant…

The HIPAA Security Rule requires the effective management of information access. Employees who are granted access to protected health information must have proper authorization. But…

It is a common practice today for covered entities to use cloud storage services. Is Microsoft OneDrive HIPAA compliant? Can it be used by covered…

Bill Clinton signed the Health Insurance Portability and Accountability Act or HIPAA on August 21, 1996. The HIPAA ensured the continuity of health insurance coverage…

Under certain circumstances, texting Protected Health Information (PHI) can be deemed as a violation of HIPAA. The classification as a violation is dependent upon the…

The Health Insurance Portability and Accountability Act (HIPAA) is an important piece of legislation, first introduced in 1996. But, why is HIPAA so important? How…

In 1996, the Health Insurance Portability and Accountability Act (HIPAA) was introduced. The Act contained many new rules for healthcare organizations across the states, so…

The rules regarding HIPAA compliance and patient telephone calls have been clarified with a Declaratory Ruling and Order issued by the Federal Communication Commission (FCC)….

Are Emails HIPAA Compliant? The changes made to the Health Insurance Portability and Accountability Act (HIPAA) in 2013 failed to clear much of the ambiguity…

The use of electronic or “e-signatures” has seen an increase in recent years in many sectors, including the healthcare industry. However, for some time there…

Telemedicine includes any medical professional or healthcare organization that provides a remote service to patients in their homes or in community centres. The HIPAA Privacy…

Many dental offices and dental practitioners are self-contained entities. However, HIPAA rules for dentists apply to any dental office that may send claims, eligibility requests,…

Dropbox is a popular file hosting service used by many organizations to share files. Dropbox claims that it has implemented measures that now make its…

In 1996, the Health Insurance Portability and Accountability Act of 1996 was introduced. In the two decades since, it has proven to be one of…

HIPAA compliance rules for telemedicine-which includes any medical professional or healthcare organization that provides a remote service to patients in their homes or in community…

There has been a huge rise in the number of healthcare workers and other HIPAA-covered entities relying on mobile technology in their day-to-day lives. This…

Since its implementation two decades ago, there has been much ambiguity in whether the use of SMS is HIPAA compliant. HIPAA does not explicitly prohibit…

Google Drive is becoming an increasingly attractive option for many companies to store information online. It is cheaper than installing costly hardware systems and IT…

HIPAA Simplified History Legislators originally proposed HIPAA in 1996 as a means of addressing the concerns regarding the privacy and security of patient healthcare information…

Skype has been increasingly used by business as a quick and cost-effective form of communication. However, the question remains whether Skype can be used by…

Microsoft OneDrive is a cloud storage service that has seen its popularity rise in recent years. Many healthcare organizations are already using Microsoft Office 365…

In is in the interest of HIPAA covered entities, business associates, and healthcare employees to take great care to ensure HIPAA Rules are not violated,…

In 2016, WhatsApp announced it was introducing end-to-end encryption for messages sent using its services. This added security measure allows for healthcare organizations to potentially…

The “cloud”-a network of servers used for data storage-has seen widespread use in recent years. It offers a convenient and flexible way for organisations-including healthcare…

In 1996, the Health Insurance Portability and Accountability Act was introduced into US law. In time since, it has proven to be one of the…

The Department of Health and Human Services has recently released data revealing the frequency of the most common types of HIPAA violations. The report concerned…

Many covered entities have criticised the HIPAA training requirement guidelines as being vague. This is because HIPAA applies to many different types of Covered Entity…