PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

HIPAA Cartoon on HIPAA’s Jargon

HIPAA Cartoon - TeachPrivacy HIPAA Training

HIPAA is famously impenetrable, with so many special terms and definitions.  I wrote this cartoon to capture the wonderful world of HIPAA jargon, which I hope fellow lovers of HIPAA can appreciate.

I have another HIPAA cartoon here.

Continue Reading

HIPAA’s Failure to Provide Enough Patient Control Over Medical Records

HIPAA Privacy Rule

 

A Not-So-Far-Fetched Seinfeld Episode

In a Seinfeld episode called “The Package” from 1996 (click here to see the scene), airing just months after HIPAA was passed,  Elaine goes to see a doctor for a rash.

Continue Reading

HIPAA Cartoon – HIPAA Compliance Program

HIPAA Training - Cartoon HIPAA Compliance

Recently, HIPAA celebrated its 20th birthday.  HHS issued a celebratory blog post.  HIPAA is 20 years old if you start counting from the date the statute was passed (1996).  If we measure HIPAA’s age from the date that the HIPAA Privacy Rule became effective (2003), then HIPAA is 13.

So HIPAA could be 20 years old, eager to become 21 and be able to drink (right now, it just makes people want to drink) or 13 years old and about to begin being an unruly teenager.

A few years ago, I published an article in the Journal of AHIMA to celebrate HIPAA’s 10th birthday (counting from when the Privacy Rule became effective).  The article discusses HIPAA’s growth and impact, and is a quick read if you’re interested.  You can download it for free here:

HIPAA Turns 10: Analyzing the Past, Present, and Future Impact
84 Journal of AHIMA 22 (April 2013)

Continue Reading

Is a Ransomware Attack a HIPAA Data Breach?

Ransomware - Security Awareness Training

As ransomware escalates and poses serious security risks for healthcare institutions, many privacy experts and legislators have called for more specific guidance from the U.S. Department of Health and Human Services (HHS).

A few weeks ago, HHS responded to these calls with a detailed fact sheet to explain ransomware and provide advice.  Although most of the document outlines what should be obvious for an organization that already has a solid data security plan (including reliable back-ups, workforce training, and contingency plans), the major headline is HHS’s verdict on whether or not a ransomware attack qualifies as a data breach under HIPAA.

Continue Reading

HIPAA’s Long Arm — and Why It’s a Good Thing

HIPAA Training

Recently, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its first resolution agreement and monetary penalty against a business associate (BA).

Continue Reading