Have you ever asked your healthcare provider to send you medical records by email? Most likely, you’ve received the reply: “We can’t do that. We can only fax them to you or provide you with a paper copy.” This answer is wrong. HIPAA’s right for individuals to access their health information, 45 CFR § 164.524, provides: […]
Category: Health Privacy
Posts about Health Privacy by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
HIPAA Cartoon: Notice of Privacy Practices
This HIPAA cartoon involves the notice of privacy practices (NPP) under HIPAA. HIPAA has a set of detailed requirements for the NPP. See 45 CFR 164.520 for the text of HIPAA’s requirement for NPPs. The biggest challenge regarding privacy notices is that hardly anyone actually reads the notice, and notices are often a chore to read. There is […]
HIPAA Cartoon: Breach of Confidentiality
This HIPAA cartoon involves confidentiality. There are countless cases of misdirected PHI that is emailed or faxed to the wrong people. I recently created a new short course on HIPAA Confidentiality. You can learn more about it here. HIPAA Resources HIPAA Training Courses HIPAA Training Guide HIPAA Training Requirements FAQ HIPAA Whiteboard HIPAA Resources
Cartoon: HIPAA Protected Health Information
Here’s a new HIPAA cartoon. This cartoon is about protected health information (PHI). In the HIPAA regulations, the definition of PHI is quite complicated, as it is splintered into at least three separate parts that appear in HIPAA’s definitions section. Pursuant to HIPAA, 45 CFR 160.103: Health information means any information, including genetic information, whether oral or recorded […]
HIPAA Whiteboard and HIPAA Interactive Whiteboard
Recently, I created two new HIPAA training resources. HIPAA Whiteboard I created a 1-page visual summary of HIPAA, which I call the HIPAA Whiteboard. The idea was to summarize HIPAA in a concise and visually-engaging way. You can download a PDF handout version here. We’ve been licensing it to many organizations for training and awareness purposes. […]
HIPAA Enforcement 2017: Another Big Year for HIPAA Enforcement
At the end of 2017, the OCR logged just under $20 million in fines for HIPAA violations from 10 enforcement actions with monetary penalties. In 2016, the total in penalties was roughly the same amount but from 15 organizations. Here is an overview of the resolution agreements and enforcement actions with civil monetary penalties from […]
Privacy and Security in Health Tech: Improving Transparency About Practices
Many app developers overlook privacy and security by failing to do one of the most basic first steps of data protection – informing consumers of their practices. For example, in a study published in 2016 in the Journal of the American Medical Association, 80% of diabetes apps surveyed didn’t have a notice informing consumers about privacy […]
HIPAA Cartoon on Snooping
This cartoon is about snooping, one of the most common HIPAA violations. HIPAA prohibits accessing information that people don’t need to do their jobs. It can be easy to look at electronic medical records, and people who snoop in this way might not perceive it as wrong. But the cartoon invites people to imagine how […]
HIPAA’s Failure to Provide Enough Patient Control Over Medical Records
A Not-So-Far-Fetched Seinfeld Episode In a Seinfeld episode called “The Package” from 1996 (click here to see the scene), airing just months after HIPAA was passed, Elaine goes to see a doctor for a rash.
Healthcare’s Ransomware Epidemic
Ransomware has been sickening healthcare institutions. It has become a plague.