HIPAA Updates

The Health Insurance Portability and Accountability Act (HIPAA) is not technology specific, so HIPAA updates are made frequently via guidance notices issued by HHS´ Office for Civil Rights to account for advances in technology and changes to working practices. In the two decades since the legislation was introduced there have been several major HIPAA updates.

The most notable HIPAA updates were the introduction of the HIPAA Privacy Rule and Security Rule in 2003, the HIPAA Enforcement Rule in 2006, the incorporation of HITECH Act requirements in 2009 and the HIPAA Omnibus Final Rule in 2013.

HIPAA Continuity of Care

Under HIPAA, continuity of care is not always as straightforward as it could be due to seemingly contradictory guidance issued...

The HIPAA Definition of Covered Entities Explained

The HIPAA definition of Covered Entities is generally explained as health plans, health care clearinghouses, and health care providers that...

HHS Proposes New Rule to Implement HIPAA Standards for Healthcare Attachments and Electronic Signatures

The Secretary of the Department of Health and Human Services (HHS) has proposed a new rule that will require the...

OCR Confirms Use of Website and Other Tracking Technologies Without a BAA is a HIPAA Violation

The HHS’ Office for Civil Rights has issued a bulletin confirming that the use of third-party tracking technologies on websites,...

What is the New HIPAA Safe Harbor Law?

The new HIPAA Safe Harbor Law (HR 7898) was signed into law by President Trump in January 2021. It instructs...

Cybersecurity is Now a Patient Safety Issue, Suggests Sen. Warner In Congressional Report

Senator Mark Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, has recently published a white paper – Cybersecurity...

Get the FREE
HIPAA Checklist

Discover everything you need
to become HIPAA compliant

Delivered via email so please ensure you enter your email address correctly.

Your Privacy Respected

HIPAA Journal Privacy Policy

Get The HIPAA
Compliance Checklist

Free and Immediate Download

Delivered via email so please ensure you enter your email address correctly.

Your Privacy Respected

HIPAA Journal Privacy Policy

News Categories

Notices

How to Become HIPAA Compliant

How to become HIPAA compliant is one of the biggest challenges for many businesses operating in the healthcare and health…

Reader Offer: Free Annual HIPAA Risk Assessment

Free Expert HIPAA Risk Assessment Your risk assessment is part of your mandatory annual HIPAA requirements. Book a complimentary session…

30 Senators Call for HIPAA Privacy Rule Update to Better Protect Women’s Privacy

A group of 30 senators is urging the Department of Health and Human Services to update the Health Insurance Portability...

OCR Issues Guidance for Providers and Individuals Following Supreme Court Decision on Roe v. Wade

President Biden and U.S. Department of Health and Human Services (HHS) Secretary Xavier Becerra recently called on HHS agencies to...

OCR Issues Guidance on Audio-Only Telehealth for When the COVID Public Health Emergency Ends

Start preparing now and get your telehealth services HIPAA compliant as when the COVID-19 Public Health Emergency (PHE) ends, the...

Healthcare Groups Provide Feedback on HITECH Recognized Security Practices

Earlier this year, the HHS’ Office for Civil Rights issued a request for information (RFI) on how the financial penalties...

NIST Publishes Guidance for First Responders on the Use of Biometric Authentication for Mobile Devices

The National Institute of Standards and Technology (NIST) has published a new report on the use of biometric authentication on...

NIST Seeks Comment on Planned Updates to HIPAA Security Rule Implementation Guidance

The National Institute of Standards and Technology (NIST) is planning on revising and updating its guidance on implementing the HIPAA...

Get the FREE
HIPAA Checklist

Discover everything you need
to become HIPAA compliant

Delivered via email so please ensure you enter your email address correctly.

Your Privacy Respected

HIPAA Journal Privacy Policy

Get The HIPAA
Compliance Checklist

Free and Immediate Download

Delivered via email so please ensure you enter your email address correctly.

Your Privacy Respected

HIPAA Journal Privacy Policy

HIPAA Penalties Waived for Good Faith Operation of COVID-19 Community-Based Testing Sites

The HHS has issued a Notice of Enforcement Discretion covering healthcare providers and business associates that participate in the operation...

Notice of Enforcement Discretion for Business Associates to Allow PHI Disclosures for Public Health and Health Oversight Activities

On April 2, 2020, the Department of Health and Human Services announced that with immediate effect, it will be exercising...

OCR Issues Guidance on Allowable Disclosures of PHI to First Responders During the COVID-19 Crisis

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) has issued further guidance on HIPAA and...

Telehealth Services Expanded and HIPAA Enforcement Relaxed During Coronavirus Public Health Emergency

In an effort to prevent the spread of the 2019 novel coronavirus, patients suspected of being exposed to the virus...

OCR Issues Guidance on Telehealth and HIPAA During Coronavirus Pandemic

Following on from the announcement from the HHS’ Office for Civil Rights that enforcement of HIPAA compliance in relation to...

HHS Issues Final Rule Requiring Pharmacies to Track Partially Filled Prescriptions of Schedule II Drugs

The Department of Health and Human Services has issued a final rule modifying the HIPAA National Council for Prescription Drug...

DoE and OCR Issue Updated Guidance on Sharing Student Health Records under FERPA and HIPAA

The Department of Education and the Department of Health and Human Services’ Office for Civil Rights have issued updated guidance...

HHS Increases Civil Monetary Penalties for HIPAA Violations in Line with Inflation

The U.S Department of Health and Human Services has increased the civil monetary penalties for HIPAA compliance violations in accordance...

Roger Severino Gives Update on OCR HIPAA Enforcement Priorities

Roger Severino, Director of the HHS’ Office for Civil Rights, has given an update on OCR’s HIPAA enforcement priorities at...

Sen. Rand Paul Introduces National Patient Identifier Repeal Act

Sen. Rand Paul, M.D., (R-Kentucky) has introduced a new bill that attempts to have the national patient identifier provision of...

Hurricane Dorian: Limited HIPAA Waiver Issued in Puerto Rico, Florida, Georgia, North and South Carolina

Alex Azar, Secretary of the Department of Health and Human Services (HHS), has declared a public health emergency (PHE) in...

HHS Proposes Rule Easing Restrictions on Substance Use Disorder Treatment Records

The Substance Abuse and Mental Health Services Administration (SAMHSA) has proposed a new rule that loosens restrictions on substance use...

HHS Declares Limited Waiver of HIPAA Sanctions and Penalties in Louisiana

The Secretary of the U.S. Department of Health and Human Services (HHS) has issued a limited waiver of HIPAA sanctions...

OCR Clarifies Allowable Uses and Disclosures of PHI for Care Coordination and Continuity of Care

The Department of Health and Human Services’ Office for Civil Rights has issued new HIPAA guidance for health plans on...

HHS Confirms When HIPAA Fines Can be Issued to Business Associates

Since the Department of Health and Human Services implemented the requirements of the Health Information Technology for Economic and Clinical...

Get the FREE
HIPAA Checklist

Discover everything you need
to become HIPAA compliant

Delivered via email so please ensure you enter your email address correctly.

Your Privacy Respected

HIPAA Journal Privacy Policy

Get The HIPAA
Compliance Checklist

Free and Immediate Download

Delivered via email so please ensure you enter your email address correctly.

Your Privacy Respected

HIPAA Journal Privacy Policy

HHS Extends Comment Period on Proposed Rules to Improve ePHI Interoperability

The Department of Health and Human Services has extended the deadline for submitting comments on its proposed rules to promote...

CMS Launches Review Program to Assess Compliance with the HIPAA Administrative Simplification Rules

The HHS’ Centers for Medicare and Medicaid Services (CMS) has launched a compliance review program to assess whether HIPAA covered...

ONC and CMS Propose New Rules on Patient Access and Information Blocking

On Monday, February 11, 2019, the HHS’ Office of the National Coordinator for Health Information Technology (ONC) and the Centers...

OCR Issues Request for Information on Potential Updates to HIPAA Rules to Improve Data Sharing

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a request for information (RFI) seeking...

AMIA and AHIMA Call for Changes to HIPAA to Improve Access and Portability of Health Data

The American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA) have called for changes to HIPAA...

Do HIPAA Rules Create Barriers That Prevent Information Sharing?

The HHS has drafted a Request for Information (RFI) to discover how HIPAA Rules are hampering patient information sharing and...

Hurricane Florence: OCR Issues Guidance on Appropriate Sharing of Health Information

On Wednesday, September 12, 2018, President Trump approved a request for a federal emergency declaration in the state of Virginia...

HHS Secretary Alex Azar Promises Reforms to Federal Health Privacy Rules

At a July 27 address at The Heritage Foundation, Secretary of the Department of Health and Human Services (HHS), Alex...

OCR Draws Attention to HIPAA Patch Management Requirements

Healthcare organizations have been reminded of HIPAA patch management requirements to ensure the confidentiality, integrity, and availability of ePHI is...

OCR Issues Guidance on Individual Authorization of Uses and Disclosures of PHI for Research

The Department of Health and Human Services’ Office for Civil Rights has issued new guidance for HIPAA-covered entities to streamline...

OCR Reminds Covered Entities Not to Overlook Physical Security Controls

The Department of Health and Human Services’ Office for Civil Rights (OCR) has reminded HIPAA-covered entities that HIPAA not only...

CMS Urged to Aggressively Enforce Compliance with HIPAA Administrative Simplifications

The Department of Health and Human Services’ Office for Civil Rights is the primary enforcer of HIPAA Rules and has...

OCR Encourages Healthcare Organizations to Conduct a Gap Analysis

In its April 2018 cybersecurity newsletter, OCR draws attention to the benefits of performing a gap analysis in addition to...

Legislation Changes and New HIPAA Regulations in 2018

The policy of two out for every new regulation introduced means there are likely to be few, if any, new...

CMS Clarifies Position on Use of Text Messages in Healthcare

In November, the Centers for Medicare and Medicaid Services (CMS) explained in emails to healthcare providers that the use of...

OCR Launches New Tools to Help Address the Opioid Crisis

OCR has launched new tools and initiatives as part of its efforts to help address the opioid crisis in the...

HHS Seeks Volunteers for HIPAA Administrative Simplification Optimization Project Pilot

The Department of Health and Human Services is running a HIPAA Administrative Simplification Optimization Project Pilot and is currently seeking...

In What Year Was HIPAA Passed into Legislature?

The Health Insurance Portability and Accountability Act or HIPAA was passed into legislature on August 21, 1996, when Bill Clinton...

OCR Clarifies HIPAA Rules on Sharing Patient Information on Opioid Overdoses

The U.S. Department of Health and Human Services’ Office for Civil Rights has cleared confusion about HIPAA Rules on sharing...

HHS Issues Limited Waiver of HIPAA Sanctions and Penalties in California

The Secretary of the U.S. Department of Health and Human Services has issued a limited waiver of HIPAA sanctions and...

Amida Care Mailing Potentially Revealed HIV Status of its Members

The New York not-for-profit community health plan Amida Care has reported a HIPAA breach that has potentially impacted 6,231 of...

Proposed Rule for Certification of Compliance for Health Plans Withdrawn by HHS

In January 2014, the HHS proposed a new rule for certification of compliance for health plans. The rule would have...

OCR Clarifies HIPAA Rules on Disclosures to Family, Friends and Other Individuals

The recent attack in Las Vegas has prompted the Department of Health and Human Services’ Office for Civil Rights to...

HHS Issues Partial HIPAA Privacy Rule Waiver in Hurricane Maria Disaster Zone

The U.S. Department of Health and Human Services has already issued two partial waivers of HIPAA sanctions and penalties in...

Limited HIPAA Waiver Granted to Hospitals in Irma Disaster Zone

A public health emergency has been declared in areas of the U.S. Virgin Islands, Puerto Rico, and Florida affected by...

AHA Urges Congress to Reduce Regulatory Burden on Hospitals

In a recent letter to the House Ways and Means Health Subcommittee, the American Hospital Association (AHA) suggested several steps...

HHS Issues Partial Waiver of Sanctions and Penalties for Privacy Rule Violations in Hurricane Harvey Disaster Zone

During emergencies such as natural disasters, complying with all HIPAA Privacy Rule provisions can be a challenge for hospitals and...

U.S. Senate Passes Jessie’s Law to Help Prevent Drug Overdoses

West Virginia senators Joe Manchin and Shelley Moore Capito have announced that Jessie’s Law has been passed by the Senate....

OCR Data Breach Portal Update Highlights Breaches Under Investigation

Last month, the Department of Health and Human Services confirmed it was mulling over updating its data breach portal –...

OCR’s Wall of Shame Under Review by HHS

Since 2009, the Department of Health and Human Services’ Office for Civil Rights has been publishing summaries of healthcare data...

Mississippi Division of Medicaid Announces Exposure of 5,220 Individuals’ PHI

The Mississippi Division of Medicaid (DOM) has announced that 5,220 Medicaid recipients have had some of their protected health information...

DA Launches Criminal Investigation into Actions of Curious Healthcare Employee

Healthcare employees discovered to have improperly accessed the medical records of patients are likely to be terminated by their employers...

Simplified HITRUST CSF Program Helps Small Healthcare Organizations with Compliance and Risk Management

HITRUST has announced that it has updated the HITRUST CSF and has also launched a new CSF initiative specifically for...

Will HHS Secretary Tom Price Ease HIPAA Regulations?

Tom Price was appointed as secretary of the Department of Health and Human Services on February 10, 2017, replacing Sylvia...

OCR Updates HIPAA Privacy Rule Guidance for Healthcare Professionals

The Department of Health and Human Services’ Office for Civil Rights has updated its HIPAA Privacy Rule guidance for healthcare...

Quest Diagnostics Announces 34,000-Record ePHI Breach

Madison, New Jersey-based clinical laboratory service provider Quest Diagnostics is alerting 34,000 patients that some of their electronic protected health...

Further 4,100 Cardiac Patients Notified of Breach of ePHI

A further 4,100 cardiac patients have been notified that some of their protected health information was exposed due to a...

Security Cameras Could Be Your Biggest Security Weakness

Could a networked device that’s designed to enhance security be exploited by hackers to gain access to your network? In...

ONC Issues Fact Sheet Explaining Exchange of Health Information for Public Health Activities

The U.S. Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology (ONC) and Office...

Malvertising Campaign Highlights Importance of Patching Browsers

The importance of ensuring browsers and plugins are kept up to date has been highlighted by the discovery of a...

OCR Warns Covered Entities of Risk of DDoS Attacks

There has been a surge in Distributed Denial of Service (DDoS) and Denial of Service (DOS) attacks over the past...

Lost CD Contained Social Security Numbers of 18,854 Health Plan Members

18,854 health plan members have been notified of a potential breach of their protected health information following the loss of...

Ransomware Attack Reported by East Valley Community Health Center

West Covina, CA-based East Valley Community Health Center (EVCHC) has started notifying patients that some of their electronic protected health...

21st Century Cures Bill Sails Through Senate

Last week, the House of Representatives unanimously voted in favor of the 21st Century Cures Act. Yesterday, the bill sailed...

Tampa General Hospital Settles Class Action Data Breach Lawsuit

According to figures from the Federal Trade Commission, Florida is one of the top three states for fraud and identity...

Half of IT Pros Most Concerned About Insider Threats

A considerable proportion of IT security budgets are directed to securing the network perimeter and with good reason. Hackers are...

Medical Devices Can Be Hacked Using Black Box Approach

Researchers in the UK/Belgium have discovered it is possible to hack certain medical devices even when no prior understanding of...

Glendale Adventist Medical Center Fires Nurse for Inappropriately Accessing ePHI

A nurse employed by Glendale Adventist Medical Center in Glendale, CA has been fired for inappropriately accessing the medical records...

Sagewood Retirement Community Attacked with Ransomware

Sagewood, a retirement community in Phoenix, AZ, has notified 800 current and former residents about a ransomware attack that has...

OptumHealth New Mexico Announces 2000-Record Data Breach

OptumHealth New Mexico has notified 2,006 patients of a privacy breach that was caused by one of its vendors. The...

21st Century Cures Act Unanimously Passed by House

The 21st Century Cures Act has been passed by the House of Representatives with a vote of 392-26. One Democrat...

OCR Warns Healthcare Organizations of Fake HIPAA Audit Emails

The Department of Health and Human Services’ Office for Civil Rights (OCR) has issued a warning to healthcare organizations about...

Healthcare Organizations Main Target for Hackers in 2017

Experian’s Data Breach Resolution team has released its annual data breach industry forecast for 2017. Experian has evaluated current cybersecurity...

1,745 Berkshire Medical Center Patients Impacted by Ambucor Health Solutions Breach

Berkshire Medical Center (BMC) in Pittsfield, Massachusetts has been informed that 1,745 patients of its cardiology department have been impacted...

50% of U.S. Companies Have Experienced a Ransomware Attack in the Past 12 Months

A recent survey conducted by Vanson Bourne on behalf of endpoint protection software vendor SentinelOne has cast light on the...

CHI Franciscan Health Alerts Patients to ePHI Exposure

CHI Franciscan Health has started notifying patients about the potential exposure of some of their electronic protected health information after a...

Healthcare Industry Targeted with Gatak Trojan

The healthcare industry is coming under attack by the actors behind the Gatak Trojan. Gatak, or Stegoloader as it is...

Vascular Surgical Associates Hacking Incident Reported

Vascular Surgical Associates – A group of specialty-trained vascular surgeons in Atlanta – has announced that it has been the...

Privacy Breach Reported by Wentworth-Douglass Hospital

Wentworth-Douglass Hospital in Dover, New Hampshire has started alerting patients to a privacy breach experienced by one of its vendors,...

New Attack Vector Used to Spread Locky Ransomware

This year, hospitals throughout the United States have been targeted by cybercriminals using ransomware. The malicious file-encrypting software is used...

UMass to Pay OCR $650K to Resolve HIPAA Violations

The Department of Health and Human Services’ Office for Civil Rights (OCR) has agreed to a $650,000 settlement with University...

Chiropractic Clinics Alert Patients to Billing Vendor Breach

Two providers of chiropractic services in California have started notifying their patients of a security breach affecting their billing software...

Briar Hill Management Notifies 2,000 Individuals of February Laptop Loss

Briar Hill Management, a Ridgeland, MS-based provider of management services for skilled nursing facilities in Mississippi, has lost a laptop...

MIFA Shares Industry Wisdom on Medical Identity Theft and Fraud

Last year, more than 113 million healthcare records were exposed or stolen as a result of healthcare data breaches. With...

Lack of Ransomware Protections Could Violate FTC Act

The Department of Health and Human Services’ Office for Civil Rights has recently issued guidance for HIPAA covered entities on...

Another Employee is Fired for Emailing PHI to a Personal Account

Today, a breach notice has appeared – dated August 18 – on the Department of Health and Human Services’ Office...

OCR Phase 2 HIPAA Audits: Documentation Requests Issued

The Department of Health and Human Services’ Office for Civil Rights (OCR) has now selected covered entities from its pool...

Congressmen Call for Different HIPAA Rules for Malware and Ransomware Attacks

Ted Lieu, D-Calif. and Will Hurd, R-Texas., have written to OCR Deputy Director for Health Information Privacy Deven McGraw raising...

OCR Clears Up Confusion About the Charging of Flat Fees for Copies of PHI

Earlier this year the Office for Civil Rights issued guidance for healthcare providers and health plans on the general right...

Deven McGraw Offers Advice on the Upcoming HIPAA Compliance Audits

Deven McGraw – deputy director of health information privacy at the Office for Civil Rights (OCR) – has offered some...

OCR Publishes New HIPAA Audit Protocol

The Department of Health and Human Services Office for Civil Rights (OCR) has published a new HIPAA audit protocol for...

Phase 2 HIPAA Compliance Audits Commence

The Department of Health and Human Services’ Office for Civil Rights has announced that the phase 2 HIPAA compliance audits have...

Deven McGraw Gives Update on OCR HIPAA Compliance Audits

Office for Civil Rights deputy director of health information privacy, Deven McGraw, has provided an update on the OCR’s planned...

OCR Clarifies Patients’ Access Rights to PHI and Allowable Charges

The Health Insurance Portability and Accountability Act’s Privacy Rule gives healthcare patients the right to obtain a copy of their...

OCR Website Receives Long Awaited Upgrade

The Department of Health and Human Services’ Office for Civil Rights website has been redesigned and upgraded, and features a...

HIPAA Privacy Rule Updated to Permit NICS Reports

The Department of Health and Human Services has issued a final rule permitting certain covered entities to disclose specific elements...

Repeat HIPAA Violators Revealed: Database of Offenders Created

ProPublica has created a database of healthcare organizations that have violated patient privacy to make it easier for consumers to...

HIPAA Updates

Get the FREEHIPAA Checklist

Discover everything you need to become HIPAA compliant

Get The HIPAACompliance Checklist

Free and Immediate Download

News Categories

Notices

Get the FREEHIPAA Checklist

Discover everything you need to become HIPAA compliant

Get The HIPAACompliance Checklist

Free and Immediate Download

Get the FREEHIPAA Checklist

Discover everything you need to become HIPAA compliant

Get The HIPAACompliance Checklist

Free and Immediate Download

Please Enter Your Email To GetThe Free HIPAA Checklist

HIPAA Training

Please Enter Your Email To GetThe Free HIPAA Checklist

Get the FREE
HIPAA Checklist

Discover everything you need
to become HIPAA compliant

Get The HIPAA
Compliance Checklist

Get the FREE
HIPAA Checklist

Discover everything you need
to become HIPAA compliant

Get The HIPAA
Compliance Checklist

Get the FREE
HIPAA Checklist

Discover everything you need
to become HIPAA compliant

Get The HIPAA
Compliance Checklist

Please Enter Your Email To Get
The Free HIPAA Checklist

Please Enter Your Email To Get
The Free HIPAA Checklist