Much time is spent by organizations trying to attain "HIPAA Compliance," but what that really means is often confused.
One of the most overlooked but critical aspects of HIPAA compliance is medical equipment management and decommissioning equipment and media that..
Transferring PHI without an executed Business Associate Agreement ("BAA") has become a point of intense focus for federal regulators, and one from..
OCR has focused so much on risk analysis that there is a common misperception in the industry that a risk analysis is the primary task needed to be..
An often overlooked aspect of HIPAA compliance is the selection of a HIPAA Security Officer and HIPAA Privacy Officer. These roles are often filled by..
If you had a breach in 2017 that affected less than 500 individuals, the deadline to notify the U.S. Department of Health and Human Services (“HHS”)..
I frequently write about HIPAA enforcement by the Office for Civil Rights at the U.S. Department of Health and Human Services ("OCR"). However, there..
In the wake of two damaging hurricanes, the topic of emergency preparedness is at the top of mind for many Covered Entities and Business Associates...
One of the most common questions I hear is, “Can I send patient information to…” with a plethora of situations and organizations completing that..