Posts Categorized: HIPAA Privacy & Security

Now is a Good Time to Review Your HIPAA Policies

in HIPAA Privacy & Security

The HHS Office for Civil Rights (OCR) has announced it is increasing its investigations of breaches of unsecured protected health information (PHI) affecting fewer than 500 individuals. As a reminder, the HIPAA Breach Notification Rule requires breaches of unsecured PHI to be reported; breaches involving fewer than 500 participants must be reported to the Secretary of HHS annually.  Information regarding the reporting requirement is available here. In determining which smaller breaches to investigate, the regional offices will consider the size of breach and sensitivity of PHI involved, theft or improper disposal of unencrypted PHI, breaches involving hacking, and situations where… Continue Reading

HIPAA Privacy Update

in HIPAA Privacy & Security

Today, HHS issued guidance regarding how to de-identify protected health information [Guidance] Excerpt from the HHS Press Release: “This guidance fulfills the American Recovery and Reinvestment Act of 2009 (ARRA) mandate that HHS issue such guidance. In response to this mandate, OCR collected research and views regarding de-identification approaches, best practices for implementation and management of the current de-identification standard and potential changes to address policy concerns. OCR solicited stakeholder input from experts with practical technical and policy experience to inform the creation of guidance materials by organizing an in-person workshop consisting of multiple panel sessions, each addressing a specific… Continue Reading