Webinar This Week: May 25, 2023: From Panicked to Prepared: How to Reply to a HIPAA Audit
The Department of Health and Human Services’ Office for Civil Rights (OCR) has conducted two rounds of HIPAA audits on covered entities and business associates to assess compliance with the HIPAA Rules. OCR investigates all breaches of 500 or more records to determine if they were caused by noncompliance, and may also initiate compliance reviews for smaller breaches and in response to complaints about potential HIPAA violations. If you are contacted by OCR and told you have been selected for an audit or compliance review, it is natural to be concerned but there is no need to panic if you are prepared. On April 27, 2023, Compliancy Group is hosting a webinar where attendees will learn about the ins and outs of OCR audits and how you should respond if you are selected for an audit or compliance review. Compliancy Group will take you through the steps you need to take to ensure everything is aligned and fully documented, which will allow you to respond quickly and efficiently to any document requests and will ensure you are properly prepared for an on-site inspection. During the...
Is Qualtrics HIPAA Compliant?
The issue with answering the question is Qualtrics HIPAA compliant is that, although the “experience management” platform appears to support HIPAA compliance, configuring and using the platform in a HIPAA compliant manner looks more complicated than some Covered Entities will be comfortable with. For those who struggle with fancy terminology, Qualtrics is an online platform that enables businesses to create and send surveys, obtain customer/employee feedback, and address satisfaction issues using analytics and AI-powered automation. As an engagement and response tool, Qualtrics is a very advanced option. But is Qualtrics HIPAA compliant? Certainly, Qualtrics appears to be HIPAA compliant in its role as a Business Associate to a Covered Entity. It has multiple security certifications – including self-certified compliance with the HiTRUST CSF Framework – and is willing to enter into a Business Associate Agreement with a Covered Entity if the platform is going to be used for collecting, storing, or transmitting PHI. Qualtrics doesn’t provide previews of its Business...
FTC Proposes Changes to Modernize the Health Breach Notification Rule
The Federal Trade Commission (FTC) has proposed changes to the Health Breach Notification Rule to strengthen the applicability of the Rule to health apps and other emerging direct-to-consumer technologies that collect, store, and transmit identifiable health data. There has been an explosion of health apps and connected devices that collect health data, and those apps and devices are collecting vast amounts of health data. There are also incentives for companies that collect health data to disclose that information to third parties for advertising and other purposes. The Health Insurance Portability and Accountability Act (HIPAA) requires health data to be safeguarded, places restrictions on uses and disclosures of health data, and if a data breach occurs, the HIPAA Breach Notification Rule requires notifications to be issued. While health apps and connected devices may collect health data that would be classed as Protected Health Information under HIPAA if collected by a HIPAA-regulated entity, most health apps and connected devices are not covered under HIPAA. The FTC Health...
$200,000 Penalty for Impermissible Sharing of Premom App Users’ Health Data
Easy Healthcare, the developer and distributor of the Premom Ovulation Tracker (Premom) app, has agreed to settle an FTC complaint that alleged violations of the FTC Act and Health Breach Notification Rule related to the sharing of app users’ health data with third parties without consent. The Premom app allows users to track their periods and ovulation cycles. The app allows users to upload pictures of ovulation test strips that the app analyses to predict the user’s next ovulation cycle and the app allows users to upload health data from other devices and apps. The app has been downloaded by hundreds of thousands of women, and between 2017 and 2020, the terms and conditions of use stated, “We do not, and will not, ever sell any information about users’ health to third parties, nor do we share it for advertising purposes.” During that period, the FTC alleged the Premom app transmitted the sensitive health information of app users to third-party advertisers without user consent. The FTC’s Health Breach Notification Rule ensures entities not covered by the...
Will a HIPAA Violation Show Up on a Background Check?
Whether or not a HIPAA violation will show up on a background check depends on the nature of the violation, the consequences of the violation, and the motive for the violation. While it is currently rare for a HIPAA violation to show up on a background check, this may change due to a proposed update to the Privacy Rule. There are many different types of HIPAA violations. Some have minimal impact and no long-lasting consequences – i.e., an accidental disclosure of PHI that is overheard, but nothing comes of it – whereas others can have a major impact on an organization and serious consequences for individuals affected by the violation – i.e., the deliberate misuse of login credential that exposes a PHI database. Most employee HIPAA violations are addressed according to a Covered Entity’s sanctions policy. Employees responsible for minor violations will likely be sanctioned with verbal or written warnings and additional HIPAA training. Those responsible for repeated or serious violations could be sanctioned with a suspension or termination of employment, or loss of license to...
Get the FREE
HIPAA Compliance Checklist
Delivered via email so please ensure you enter your email address correctly.
Your Privacy Respected
HIPAA Journal Privacy Policy
Get the FREE
HIPAA Compliance Checklist
Delivered via email so please ensure you enter your email address correctly.
Your Privacy Respected
HIPAA Journal Privacy Policy
