This cartoon is about snooping, one of the most common HIPAA violations. HIPAA prohibits accessing information that people don’t need to do their jobs. It can be easy to look at electronic medical records, and people who snoop in this way might not perceive it as wrong. But the cartoon invites people to imagine how […]
This cartoon depicts the way many people perceive HIPAA training. But it doesn’t have to be this way. When most people hear HIPAA training they prepare themselves to slog through a boring lecture filled with tedious legalese. Many have been subjected to hours of training that is overly technical, not useful for their jobs and not even […]
Here’s a cartoon on HIPAA and social media use to jump start your week. You can’t think enough about HIPAA these days. HIPAA audits are back, and OCR is having a vigorous enforcement year this year, something I plan to post about soon.
HIPAA is famously impenetrable, with so many special terms and definitions. I wrote this cartoon to capture the wonderful world of HIPAA jargon, which I hope fellow lovers of HIPAA can appreciate. I have another HIPAA cartoon here.
Recently, HIPAA celebrated its 20th birthday. HHS issued a celebratory blog post. HIPAA is 20 years old if you start counting from the date the statute was passed (1996). If we measure HIPAA’s age from the date that the HIPAA Privacy Rule became effective (2003), then HIPAA is 13. So HIPAA could be 20 years […]
As ransomware escalates and poses serious security risks for healthcare institutions, many privacy experts and legislators have called for more specific guidance from the U.S. Department of Health and Human Services (HHS). A few weeks ago, HHS responded to these calls with a detailed fact sheet to explain ransomware and provide advice. Although most of […]
Recently, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its first HIPAA resolution agreement and monetary penalty against a business associate (BA).
A new report by Verizon, the PHI Data Breach report, analyzes 1,931 data breaches of protected health information (PHI) under HIPAA, The incidents occurred between 1994 and 2014, with most occurring from 2004-2014. An article from Computer World sums up the findings of the report. One interesting statistic is that 392 million PHI records were […]
By Daniel J. Solove ProPublica has been running a series of lengthy articles about HHS Office for Civil Rights (OCR) enforcement that are worth reading. A Sustained and Vigorous Critique of OCR HIPAA Enforcement A ProPublica article from early in 2015 noted that HIPAA fines were quite rare. The article noted that from 2009 through […]
HIPAA expert Rebecca Herold offers a very compelling explanation of the value of HIPAA training. She writes: Information security and privacy education is more important than ever because new gadgets and technologies enable more healthcare workers to collect and share data. In September 2015, Cancer Care Group agreed to settle HIPAA violations by paying a […]