PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Lessons from 2016, the Biggest HIPAA Enforcement Year on Record

HIPAA Enforcement

Time to call the Guinness Book of World Records because HHS has set a new world record in HIPAA enforcement.  2016 saw a considerable increase in HIPAA enforcement resolution agreements and monetary penalties.  At the end of 2016, the OCR logged over $20 million in fines for HIPAA violations from 15 enforcement actions with monetary […]

HIPAA Cartoon on Snooping

HIPAA Snooping Cartoon by Daniel J Solove

This cartoon is about snooping, one of the most common HIPAA violations.  HIPAA prohibits accessing information that people don’t need to do their jobs.   It can be easy to look at electronic medical records, and people who snoop in this way might not perceive it as wrong.  But the cartoon invites people to imagine how […]

HIPAA Cartoon on Social Media Use

HIPAA Cartoon Social Media

Here’s a cartoon on HIPAA and social media use to jump start your week.  You can’t think enough about HIPAA these days.  HIPAA audits are back, and OCR is having a vigorous enforcement year this year, something I plan to post about soon.

HIPAA Cartoon on HIPAA’s Jargon

HIPAA Cartoon - TeachPrivacy HIPAA Training

HIPAA is famously impenetrable, with so many special terms and definitions.  I wrote this cartoon to capture the wonderful world of HIPAA jargon, which I hope fellow lovers of HIPAA can appreciate. I have another HIPAA cartoon here.

HIPAA Cartoon – HIPAA Compliance Program

HIPAA Training - Cartoon HIPAA Compliance

Recently, HIPAA celebrated its 20th birthday.  HHS issued a celebratory blog post.  HIPAA is 20 years old if you start counting from the date the statute was passed (1996).  If we measure HIPAA’s age from the date that the HIPAA Privacy Rule became effective (2003), then HIPAA is 13. So HIPAA could be 20 years […]

Is a Ransomware Attack a HIPAA Data Breach?

Ransomware - Security Awareness Training

As ransomware escalates and poses serious security risks for healthcare institutions, many privacy experts and legislators have called for more specific guidance from the U.S. Department of Health and Human Services (HHS). A few weeks ago, HHS responded to these calls with a detailed fact sheet to explain ransomware and provide advice.  Although most of […]

3 Types of Incidents Account for 86% of HIPAA Data Breaches

HIPAA Data Breach

A new report by Verizon, the PHI Data Breach report, analyzes 1,931 data breaches of protected health information (PHI) under HIPAA,  The incidents occurred between 1994 and 2014, with most occurring from 2004-2014.  An article from Computer World sums up the findings of the report. One interesting statistic is that 392 million PHI records were […]

Is HIPAA Enforcement Too Lax?

By Daniel J. Solove ProPublica has been running a series of lengthy articles about HHS Office for Civil Rights (OCR) enforcement that are worth reading. A Sustained and Vigorous Critique of OCR HIPAA Enforcement A ProPublica article from early in 2015 noted that HIPAA fines were quite rare. The article noted that from 2009 through […]

The Value of HIPAA Training

HIPAA Training

HIPAA expert Rebecca Herold offers a very compelling explanation of the value of HIPAA training.  She writes: Information security and privacy education is more important than ever because new gadgets and technologies enable more healthcare workers to collect and share data. In September 2015, Cancer Care Group agreed to settle HIPAA violations by paying a […]