Breaking Compliance News Blog

HIPAA hazard: Doctor appears in traffic court by webcam from the OR

Posted by Margaret Scavotto, JD, CHC on 3/9/21 1:27 PM

A California doctor recently appeared in traffic court by videoconference while he was performing plastic surgery. The traffic court session was livestreamed and posted to YouTube.

The traffic court commissioner could see that a medical operation was in process, and said: “I do not feel comfortable for the welfare of a patient if you’re in the process of operating….” The trial was rescheduled.

The Medical Board of California is investigating the incident.

I’m also concerned about privacy.

Read More

Topics: HIPAA, security, privacy

Do you have a HIPAA authorization for that social media post?

Posted by Margaret Scavotto, JD, CHC on 2/16/21 10:00 AM

The pandemic has changed a lot for healthcare providers – including their social media use.

Most providers we talk to say they have increased their use of social media during COVID-19. Some providers are turning to social media to disseminate information about COVID-19 precautions, and, now, vaccine availability. We also see many providers using social media to keep the public informed, and to keep people connected during visitor restrictions. Many nursing homes are posting resident pictures and videos on Facebook or TikTok to give their loved ones a glimpse into life inside a nursing home during a lockdown. These strategies have led to creative – and often charming – social media campaigns.

For example:

I truly enjoy these posts, and I appreciate the clever social media campaigns and the connection they bring during a challenging time.

BUT – All of these social media uses bring risks.

Read More

Topics: HIPAA, Social Media, security, privacy

* Free Webinar: HIPAA Wake-Up Calls!

Posted by Margaret Scavotto, JD, CHC on 2/10/21 10:27 AM

Sign up for MPA's free webinar:

HIPAA Wake-Up Calls

Tuesday February 16th at 12 pm CST

In 2020, there were 19 HIPAA settlements totaling $13,554,900. The settlements ranged between $10,000 and $6.85 million, and affected between one and 16,649,249 patients.

Read More

Topics: HIPAA, security, compliance, breach notification, privacy, webinar

Earn 5 CEUs with MPA’s Virtual HIPAA Training!

Posted by Margaret Scavotto, JD, CHC on 2/5/21 9:00 AM

HIPAA is a lot!

MPA's e-course makes it easier to keep up with privacy, security, breach notification, and social media.

Sign up for MPA's Virtual HIPAA Training Course

*** Approved for 5 hours of NAB CEUs***

Read More

Topics: Training and Education, HIPAA, Social Media, security, breach notification, privacy, webinar

Earn 5 CEUs with MPA’s Virtual HIPAA Training!

Posted by Margaret Scavotto, JD, CHC on 2/4/21 7:45 AM

HIPAA is a lot!

MPA's e-course makes it easier to keep up with privacy, security, breach notification, and social media.

Sign up for MPA's Virtual HIPAA Training Course

*** Approved for 5 hours of NAB CEUs***

Read More

Topics: Training and Education, HIPAA, Social Media, security, breach notification, privacy, webinar

* Free Webinar: HIPAA Wake-Up Calls!

Posted by Margaret Scavotto, JD, CHC on 2/3/21 10:57 AM

Sign up for MPA's free webinar:

HIPAA Wake-Up Calls

Tuesday February 16th at 12 pm CST

In 2020, there were 19 HIPAA settlements totaling $13,554,900. The settlements ranged between $10,000 and $6.85 million, and affected between one and 16,649,249 patients.

Read More

Topics: HIPAA, security, compliance, breach notification, privacy, webinar

Earn 5 CEUs with MPA’s Virtual HIPAA Training!

Posted by Margaret Scavotto, JD, CHC on 1/21/21 10:00 AM

HIPAA is a lot!

MPA's e-course makes it easier to keep up with privacy, security, breach notification, and social media.

Sign up for MPA's Virtual HIPAA Training Course

*** Approved for 5 hours of NAB CEUs***

Read More

Topics: Training and Education, HIPAA, Social Media, security, breach notification, privacy, webinar

Healthcare Provider Ransomware Risk is Elevated – What Do We Do???

Posted by Scott Gima on 11/5/20 10:00 AM

On October 28, a joint cybersecurity advisory was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) that provided a warning of imminent ransomware attacks to U.S. hospitals and healthcare providers.

This advisory provides technical information on the methods used by the hackers so healthcare providers can better protect themselves. In particular, the advisory mentioned the hackers’ use of Ryuk and Conti ransomware.

Leading up to this advisory, Universal Health Services was a recent target of a ransomware attack in late September. UHS is a large health care provider with 26 hospitals in the U.S., Puerto Rico and the U.K. It is believed that the Ryuk ransomware was used in the attack.

I don’t know about you, but for me, a non-IT person, the technical details are way over my head. However, the user awareness best practices are relevant to anybody who uses a workstation or laptop. Here are the user awareness best practices found in the advisory (direct quote):

Read More

Topics: HIPAA, data breach, security, compliance

Free Webinar: HIPAA Security - Board of Governance Responsibility

Posted by Margaret Scavotto & Scott Gima on 9/3/20 10:32 AM

Join HIPAAtrek and MPA's Executive VP Scott Gima for a complimentary webinar:

Read More

Topics: HIPAA, security, webinar

HIPAA reminder: Is your workforce changing?

Posted by Margaret Scavotto, JD, CHC on 5/19/20 10:44 AM

Many providers are seeing changes to their workforce during the pandemic. Hospitals are recruiting additional healthcare professionals; nursing homes are relying more heavily on agency staff as employees become ill or do not show up for work. CMS has changed rules, allowing expanded types of providers to order tests and perform other tasks. An increased number of students or volunteers are also being used.

With these workforce changes, HIPAA training must continue. The HIPAA privacy and security rule remain in place during the pandemic. OCR enforcement remains active. HIPAA requires providers to train their workforce on HIPAA requirements. Workforce means “employees, volunteers, trainees, and other persons whose conduct, in the performance of work for a covered entity or business associate, is under the direct control of such covered entity or business associate, whether or not they are paid by the covered entity or business associate.”  45 CFR 160.103

HIPAA training reminders:

  • Covered entities should routinely evaluate who is working on their behalf and determine who is included in their workforce (and needs training).
  • The Privacy Rule requires covered entities to train all workforce members on policies and procedures related to PHI, as necessary and appropriate for the workforce members to carry out their functions. 45 CFR 164.530(b)
  • The Security Rule requires covered entities to: “implement a security awareness and training program for all members of its workforce (including management)” 45 CFR 164.308(a)(5)
  • Workforce members should also be trained to recognize breaches, how to report them internally, and who to report them to.
  • All workforce member should be trained on appropriate social media use (this is especially important during a national emergency).

Read More

Topics: HIPAA, Social Media, security, breach notification, COVID-19, privacy

    Privacy Policy           Terms of Use