HIPAA is famously impenetrable, with so many special terms and definitions. I wrote this cartoon to capture the wonderful world of HIPAA jargon, which I hope fellow lovers of HIPAA can appreciate.
I have another HIPAA cartoon here.
Recently, HIPAA celebrated its 20th birthday. HHS issued a celebratory blog post. HIPAA is 20 years old if you start counting from the date the statute was passed (1996). If we measure HIPAA’s age from the date that the HIPAA Privacy Rule became effective (2003), then HIPAA is 13.
So HIPAA could be 20 years old, eager to become 21 and be able to drink (right now, it just makes people want to drink) or 13 years old and about to begin being an unruly teenager.
A few years ago, I published an article in the Journal of AHIMA to celebrate HIPAA’s 10th birthday (counting from when the Privacy Rule became effective). The article discusses HIPAA’s growth and impact, and is a quick read if you’re interested. You can download it for free here:
HIPAA Turns 10: Analyzing the Past, Present, and Future Impact
84 Journal of AHIMA 22 (April 2013)
As ransomware escalates and poses serious security risks for healthcare institutions, many privacy experts and legislators have called for more specific guidance from the U.S. Department of Health and Human Services (HHS).
A few weeks ago, HHS responded to these calls with a detailed fact sheet to explain ransomware and provide advice. Although most of the document outlines what should be obvious for an organization that already has a solid data security plan (including reliable back-ups, workforce training, and contingency plans), the major headline is HHS’s verdict on whether or not a ransomware attack qualifies as a data breach under HIPAA.
Recently, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its first resolution agreement and monetary penalty against a business associate (BA).