General

OCR has been made aware of postcards being sent to health care organizations disguised as official OCR communications, claiming to be notices of a mandatory HIPAA compliance risk assessment.  The postcards have a Washington, D.C. return address, and the sender uses the title “Secretary of Compliance, HIPAA Compliance Division.” The postcard is addressed to the health care organization’s HIPAA compliance officer and prompts recipients to visit a URL, call, or email to take immediate action on a HIPAA Risk Assessment.  The link directs individuals to a non-governmental website marketing consulting services. The postcard below is not from HHS/OCR.  HIPAA-covered entities and [...]

This past week the Certification Commission for Health Information Technology (CCHIT) announced that it will be ending its service to the health IT community. The CCHIT organization spearheaded the creation of testing and certifications for health IT professionals. The organization decided to close down their operations due to the unforeseeable timing of new legislation and requirements in the future. For further explanation, read here. CCHIT announced that all of their staff are involved in the transition and work will be done on November 14, 2014. The HIMSS Foundation will be receiving all of the remaining assets of the CCHIT.

Today, the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) issued additional guidance reminding covered health care providers that the HIPAA Privacy Rule does not permit them to give media and film crews access to facilities where patients’ protected health information (PHI) will be accessible without the patients’ prior authorization. The guidance explains that even during the current COVID-19 public health emergency, covered health care providers are still required to obtain a valid HIPAA authorization from each patient whose PHI will be accessible to the media before the media is given access to that PHI.  The [...]

Are you developing a Mobile Health App? Please look to this Mobile Health Apps Interactive Tool for the scoop on what laws you’ll need to abide by! The United States Federal Trade Commission (FTC) decided to pioneer the mobile health app service sphere. This new web-based tool has been designed to aidcreators of mobile health apps in their continued understanding of which federal laws will apply to them. The FTC built the interactive tool in team with the Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR), the HHS Office of National Coordinator for Health Information Technology (ONC), and the Food and [...]

There are rare occasions in the health care industry when the encryption of protected patient health information isn’t enough to maintain its security. While these instances are thankfully few and far between, there are times when just encrypting the data isn’t enough to protect patient information. These times can be nightmares for healthcare entities, but if they are informed about when encryption might not be enough, they will be better prepared to handle breaches if they occur. Encryption can be an excellent tool for guarding patient information, but there are times that it is not enough. Those include when a data [...]

We would like to inform you about the newly initiated program by LinkedIn which allows you to add CERTIFIED HIPAA SECURITY EXPERT (CHSE) certification details in your profile under the certifications category. Members with a certification on their profile get contacted on LinkedIn 6x more often – leading to more opportunities no matter in terms of jobs or as a service provider. Please find below the following steps to add your CHSE certification to your profile with one click: URL to add CERTIFIED HIPAA SECURITY EXPERT (CHSE) to your LinkedIn profile (click the following link to start the process): https://lnkd.in/b5YDH5j&trk=email_url As [...]

The HIT Policy Committee’s Privacy and Security Tiger Team will be holding a virtual, public hearing to explore practical ways to provide patients with greater transparency about the uses and disclosures of their digital, identifiable health information. Such exploration also may facilitate implementation by the Office for Civil Rights of the HITECH requirement that a patient’s right under the HIPAA Privacy Rule to an “accounting” of disclosures include disclosures for “treatment, payment and operations” when such disclosures are made through “an electronic health record.” The Privacy Committee of the National Committee on Vital and Health Statistics’ Subcommittee on Privacy, Confidentiality and Security and [...]