PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

HIPAA Cartoon on Snooping

HIPAA Snooping Cartoon by Daniel J Solove

This cartoon is about snooping, one of the most common HIPAA violations.  HIPAA prohibits accessing information that people don’t need to do their jobs.   It can be easy to look at electronic medical records, and people who snoop in this way might not perceive it as wrong.  But the cartoon invites people to imagine how […]

Read More…

Cartoon on HIPAA Training

HIPAA Training Cartoon - Train without the pain

This cartoon depicts the way many people perceive HIPAA training.  But it doesn’t have to be this way. When most people hear HIPAA training they prepare themselves to slog through a boring lecture filled with tedious legalese.   Many have been subjected to hours of training that is overly technical, not useful for their jobs and not even […]

Read More…

HIPAA Cartoon on Social Media Use

HIPAA Cartoon Social Media

Here’s a cartoon on HIPAA and social media use to jump start your week.  You can’t think enough about HIPAA these days.  HIPAA audits are back, and OCR is having a vigorous enforcement year this year, something I plan to post about soon. […]

Read More…

HIPAA Cartoon on HIPAA’s Jargon

HIPAA Cartoon - TeachPrivacy HIPAA Training

HIPAA is famously impenetrable, with so many special terms and definitions.  I wrote this cartoon to capture the wonderful world of HIPAA jargon, which I hope fellow lovers of HIPAA can appreciate. I have another HIPAA cartoon here. […]

Read More…

HIPAA Cartoon – HIPAA Compliance Program

HIPAA Training - Cartoon HIPAA Compliance

Recently, HIPAA celebrated its 20th birthday.  HHS issued a celebratory blog post.  HIPAA is 20 years old if you start counting from the date the statute was passed (1996).  If we measure HIPAA’s age from the date that the HIPAA Privacy Rule became effective (2003), then HIPAA is 13. So HIPAA could be 20 years […]

Read More…

Is a Ransomware Attack a HIPAA Data Breach?

Ransomware - Security Awareness Training

As ransomware escalates and poses serious security risks for healthcare institutions, many privacy experts and legislators have called for more specific guidance from the U.S. Department of Health and Human Services (HHS). A few weeks ago, HHS responded to these calls with a detailed fact sheet to explain ransomware and provide advice.  Although most of […]

Read More…

HIPAA’s Long Arm — and Why It’s a Good Thing

HIPAA Training

Recently, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its first HIPAA resolution agreement and monetary penalty against a business associate (BA). […]

Read More…

3 Types of Incidents Account for 86% of HIPAA Data Breaches

HIPAA Data Breach

A new report by Verizon, the PHI Data Breach report, analyzes 1,931 data breaches of protected health information (PHI) under HIPAA,  The incidents occurred between 1994 and 2014, with most occurring from 2004-2014.  An article from Computer World sums up the findings of the report. One interesting statistic is that 392 million PHI records were […]

Read More…

Is HIPAA Enforcement Too Lax?

By Daniel J. Solove ProPublica has been running a series of lengthy articles about HHS Office for Civil Rights (OCR) enforcement that are worth reading. A Sustained and Vigorous Critique of OCR HIPAA Enforcement A ProPublica article from early in 2015 noted that HIPAA fines were quite rare. The article noted that from 2009 through […]

Read More…

The Value of HIPAA Training

HIPAA Training

HIPAA expert Rebecca Herold offers a very compelling explanation of the value of HIPAA training.  She writes: Information security and privacy education is more important than ever because new gadgets and technologies enable more healthcare workers to collect and share data. In September 2015, Cancer Care Group agreed to settle HIPAA violations by paying a […]

Read More…