PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

HIPAA Cartoon on HIPAA’s Jargon

HIPAA Cartoon - TeachPrivacy HIPAA Training

HIPAA is famously impenetrable, with so many special terms and definitions.  I wrote this cartoon to capture the wonderful world of HIPAA jargon, which I hope fellow lovers of HIPAA can appreciate. I have another HIPAA cartoon here.

HIPAA Cartoon – HIPAA Compliance Program

HIPAA Training - Cartoon HIPAA Compliance

Recently, HIPAA celebrated its 20th birthday.  HHS issued a celebratory blog post.  HIPAA is 20 years old if you start counting from the date the statute was passed (1996).  If we measure HIPAA’s age from the date that the HIPAA Privacy Rule became effective (2003), then HIPAA is 13. So HIPAA could be 20 years […]

Is a Ransomware Attack a HIPAA Data Breach?

Ransomware - Security Awareness Training

As ransomware escalates and poses serious security risks for healthcare institutions, many privacy experts and legislators have called for more specific guidance from the U.S. Department of Health and Human Services (HHS). A few weeks ago, HHS responded to these calls with a detailed fact sheet to explain ransomware and provide advice.  Although most of […]

3 Types of Incidents Account for 86% of HIPAA Data Breaches

HIPAA Data Breach

A new report by Verizon, the PHI Data Breach report, analyzes 1,931 data breaches of protected health information (PHI) under HIPAA,  The incidents occurred between 1994 and 2014, with most occurring from 2004-2014.  An article from Computer World sums up the findings of the report. One interesting statistic is that 392 million PHI records were […]

Is HIPAA Enforcement Too Lax?

By Daniel J. Solove ProPublica has been running a series of lengthy articles about HHS Office for Civil Rights (OCR) enforcement that are worth reading. A Sustained and Vigorous Critique of OCR HIPAA Enforcement A ProPublica article from early in 2015 noted that HIPAA fines were quite rare. The article noted that from 2009 through […]

The Value of HIPAA Training

HIPAA Training

HIPAA expert Rebecca Herold offers a very compelling explanation of the value of HIPAA training.  She writes: Information security and privacy education is more important than ever because new gadgets and technologies enable more healthcare workers to collect and share data. In September 2015, Cancer Care Group agreed to settle HIPAA violations by paying a […]

Lessons from the Latest HIPAA Enforcement Action

HIPAA Training OCR Enforcement

by Daniel J. Solove Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) publicized its resolution agreement in its HIPAA enforcement action against St. Elizabeth’s Medical Center (SEMC).  SEMC agreed to pay $218,000. The case began with a complaint filed with OCR back in 2012 that employees […]

Patient Access to Medical Records Under HIPAA: Significant Reform Needed

by Daniel J. Solove Recently, I wrote about the challenges in accessing health information about family members.  In this post, I will explore patients’ access to their own medical records. HIPAA doesn’t handle patient access to medical records very well. There are many misunderstandings about patient access under HIPAA that make it quite difficult for […]