Compliance, Due Diligence and HIPAA - Health Care Compliance Brief

HIPAA Phishing Scandal Results in $3M OCR Settlement

Compliancy Group

JANUARY 15, 2025

On January 14, 2025, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a HIPAA phishing settlement with Solara Medical Supplies, LLC (Solara). The investigation into Solara found that they had done a poor job in protecting PHI, uncovering several potential HIPAA security rule violations.

HIPAA

HIPAA Due Diligence Compliance

Ensuring the Security and Privacy of Patient Data while Managing Large Volumes of Electronic Health Records (EHRs)

Healthcare IT Today

DECEMBER 10, 2024

All hosts will ensure strict security protocols, but compliance standards vary, and its up to the vendor to maintain tight configurations and standards of their own. Does your vendor maintain proper certification and compliance? Compliance is important, but healthcare leaders cant stop there.

Compliance

Compliance Due Diligence HIPAA Governance

What is a HIPAA Violation?

HIPAA Journal

DECEMBER 31, 2022

To best answer the question what is a HIPAA violation, it is necessary to explain what HIPAA is, who it applies to, and what constitutes a violation; for although most people believe they know what a HIPAA compliance violation is, evidence suggests otherwise. What is HIPAA and Who Does It Apply To?

HIPAA

HIPAA Due Diligence Compliance Fraud

Webinars

Bridging Innovation & Patient Care: The Growing Role of AI

MORE WEBINARS

Six Compelling Reasons to Begin Your HIPAA Compliance Journey Before the Year Ends

Total HIPAA

NOVEMBER 15, 2023

As 2023 unfolds, the urgency for entities in the healthcare sector to initiate or reinforce their HIPAA compliance cannot be overstated. Prove Your Due Diligence The decision to postpone setting up comprehensive policies, procedures, and HIPAA training could be detrimental.

HIPAA

HIPAA Compliance Due Diligence Health Insurance

Is Gmail’s Confidential Mode HIPAA Compliant?

Total HIPAA

AUGUST 17, 2022

Covered Entities, and other organizations that are obligated by law to maintain HIPAA compliance, naturally have been curious as to whether they can use Gmail’s confidential mode to share sensitive data. And is it an effective, secure alternative to HIPAA compliant fax or efax protocols? How confidential is it, actually?

HIPAA

HIPAA Due Diligence Compliance

HIPAA Compliance for Hospitals

HIPAA Journal

DECEMBER 28, 2022

Discussing HIPAA compliance for hospitals in a single article is challenging. This means there is no one-size-fits-all guide to HIPAA compliance for hospitals, but rather checklists that can help hospitals cover the basics of the compliance requirements. What is Required to Comply with HIPAA?

HIPAA

HIPAA Compliance Hospitals Medicare

Compliancy Group Confirms Ruffian Software as HIPAA Compliant

HIPAA Journal

MARCH 10, 2022

The Mauldin SC-based IT company, Ruffian Software, has completed Compliancy Group’s HIPAA compliance process and has been confirmed as having implemented an effective HIPAA compliance program. To demonstrate the company’s commitment to HIPAA compliance, Ruffian Software partnered with Compliancy Group.

HIPAA

HIPAA Compliance Due Diligence

What Happens if You Break HIPAA Rules?

HIPAA Journal

DECEMBER 31, 2022

HIPAA requires covered entities to provide training to staff to ensure HIPAA Rules and regulations are understood. During HIPAA training, healthcare employees should be aware of the possible penalties for HIPAA violations, but what are those penalties, and what happens if you break HIPAA Rules?

HIPAA

HIPAA Due Diligence Doctors Compliance Officers

Why Vendor Due Diligence is Crucial in Preventing Third-Party Data Breaches

Compliancy Group

APRIL 12, 2023

Vendor due diligence is key in preventing these third-party data breaches. Vendor Due Diligence – What is It & Why is it Important? Vendor due diligence is the process of assessing the security and risk management practices of third-party vendors before engaging in a business relationship with them.

Due Diligence

Due Diligence HIPAA Compliance

Your Healthcare Compliance Due Diligence Checklist

Compliancy Group

MARCH 25, 2024

In today’s complex healthcare landscape, compliance is crucial. A healthcare compliance due diligence checklist is one essential tool that can help organizations in their quest for compliance. What is a Healthcare Compliance Due Diligence Checklist?

Due Diligence

Due Diligence Compliance Informed Consent Fraud

Guide to HIPAA Safeguards

HIPAA Journal

MARCH 9, 2022

Requirements to implement HIPAA safeguards appear more often in the text of the Healthcare Insurance Portability and Accountability Act than is often acknowledged. There is also a section relating to the Organization Requirements of the Privacy and Security Rules – both of which include further HIPAA safeguards.

HIPAA

HIPAA Due Diligence Ransomware Compliance

Building a Culture of Compliance

Total HIPAA

OCTOBER 3, 2023

When a company effectively communicates the significance of cybersecurity, ensures that team members know how to report suspicious incidents, and implements accurate risk assessments along with clear policies and procedures, we refer to this as a “culture of compliance”. This approach significantly enhances your security measures.

Compliance

Compliance Due Diligence HIPAA Compliance Officers

The Healthcare Cybersecurity Ecosystem: A System in Need of Comprehensive Care

Healthcare IT Today

APRIL 9, 2025

The following is a guest article by Andrew Mahler, JD, CIPP/US, AIGP, CHC, CHPC, CHRC , Vice President of Privacy, Compliance Services at Clearwater When the healthcare information ecosystem operates as it should, it mirrors a healthy circulatory system. Looking Forward Fixing this requires all hands on deck.

Due Diligence

Due Diligence Hospitals Compliance Ransomware

Seven Elements of a Compliance Program

HIPAA Journal

MARCH 30, 2023

The seven elements of a compliance program are integrated processes organizations in all industries can adopt to help them develop a culture of compliance in the workplace. While the seven elements of a compliance program apply to all industries, they originated in the healthcare industry in the 1990s.

Compliance

Compliance Compliance Officers Fraud HIPAA

Is Microsoft Teams HIPAA Compliant?

HIPAA Journal

JUNE 5, 2023

If your HIPAA-covered organization is planning to use Microsoft Teams to collect, store, share, or transmit electronic PHI, it is important to know how to make Microsoft Teams HIPAA compliant. How to Make Microsoft Teams HIPAA Compliant No software is HIPAA compliant.

HIPAA

HIPAA Due Diligence Compliance Licensing

Navigating AI’s Double-Edged Sword: Cyber Resilience in Healthcare

Healthcare IT Today

APRIL 18, 2025

Case in point: the industrys longstanding need to comply with the Health Insurance Portability and Accountability Act (HIPAA). For example, AI validation platforms rigorously test and monitor AI models within electronic health record (EHR) systems to ensure accuracy and compliance. Security in the cloud is a shared responsibility.

Due Diligence

Due Diligence Compliance Health Insurance Public Health

Protected Health Information (PHI): Everything You Need to Know about HIPAA and PHI

Total HIPAA

MAY 23, 2022

The Health Insurance Portability and Accountability Act ( HIPAA ) is a 1996 federal law that regulates privacy standards in the healthcare sector. Since 1996, Congress has passed additional laws to adapt HIPAA in accordance with new technological advancements. Most HIPAA rules and regulations revolve around protecting PHI.

HIPAA

HIPAA Due Diligence Health Insurance Compliance

Healthcare Remains Top Target in 2022 ITRC Breach Report

Compliancy Group

JANUARY 25, 2023

Make Sure You’re HIPAA Compliant HIPAA compliance protects you against breaches. Protect your business by becoming HIPAA compliant today! Become HIPAA Compliant × Get HIPAA Compliant! Lee credited HIPAA rules and regulations as the reason for more transparency in healthcare breach reporting.

HIPAA

HIPAA Electronic Medical Records Due Diligence Compliance

HIPAA Security Rule Checklist

HIPAA Journal

JANUARY 21, 2024

A HIPAA Security Rule checklist helps covered entities, business associates, and other organizations subject to HIPAA compliance to fulfil the requirements of the Security Standards for the Protection of Electronic Protected Health Information (better known as the HIPAA Security Rule).

HIPAA

HIPAA Compliance Due Diligence Medicare

HIPAA Compliant Environment or a Culture of Compliance?

Compliancy Group

APRIL 29, 2022

One of the trendy marketing terms being used by equipment and service providers in the security space is “HIPAA Compliant Environment.” But security and compliance are not the same things. HIPAA Compliant Environment or a Culture of Compliance – Super Security Kryptonite. Compliancy Group can help! Learn More! ×

HIPAA

HIPAA Compliance Due Diligence Ransomware

Breach Prevention: 5 Best Practices to Protect Your Data

MRO Compliance

MAY 18, 2022

This committee should oversee the organization’s patient privacy compliance program and conduct quarterly risk analyses and assessments. In addition to these responsibilities, a patient data protection committee should perform mock HIPAA audits using Phase 2 protocols from the OCR. 4) Test the effectiveness of your compliance program.

US Department of Health and Human Services

US Department of Health and Human Services Due Diligence Compliance COVID-19

5 Steps for Effective Vendor Compliance Management

Compliancy Group

OCTOBER 12, 2023

Healthcare vendor compliance is one of the most important things to consider when choosing vendors for your healthcare organization; adopting a vendor compliance management strategy is essential for assessing whether or not a vendor is suitable to work with. One such contract is a HIPAA business associate agreement (BAA).

Compliance

Compliance Due Diligence Regulatory Compliance HIPAA

The Complicated Nature of BAA Compliance

HIPAA Journal

MAY 26, 2023

In the healthcare industry, the term BAA compliance refers to a Business Associate complying with the terms of a Business Associate Agreement entered into with a Covered Entity. While, in theory, BAA compliance should be straightforward, this is not always the case – and sometimes, noncompliance is not the fault of the Business Associate.

Compliance

Compliance HIPAA Due Diligence

Is Your Data Supply Chain Ethical? Don’t Restrict Due Diligence to Physical Operations.

C&M Health Law

JUNE 15, 2021

This article was originally published in Corporate Compliance Insights. Health Insurance Portability and Accountability Act (HIPAA) can present several areas of exposure. Significant due diligence processes were established for third parties to prevent bribery and other ethical violations.

Due Diligence

Due Diligence Licensing Informed Consent HIPAA

Navigating HIPAA Compliance in Tracking Technologies

Total HIPAA

JULY 30, 2024

HIPAA Compliance and Online Tracking Technologies The U.S. The HIPAA Privacy Rule does not explicitly demand written authorization for tracking. Tracking technologies could inadvertently capture PHI, posing a risk of potential HIPAA violations [source]. What are User-Authenticated Web Pages? What is a Tracking Technology?

HIPAA

HIPAA Compliance Due Diligence Health Insurance

Médecins Sans Frontières/Doctors Without Borders Deploys Celo Health Secure Messaging Solution to Support its Humanitarian Efforts in 87 Countries

HIPAA Journal

JUNE 20, 2023

Securely sharing patient information is vital in the United States where healthcare organizations and their business associates are required to comply with the Health Insurance Portability and Accountability Act (HIPAA) and state laws governing health information privacy.

Doctors

Doctors Due Diligence Telemedicine HIPAA

What’s the Civil Penalty for Unknowingly Violating HIPAA?

Compliancy Group

JANUARY 24, 2022

When a covered entity or business associate makes the HIPAA Wall of Shame for a significant breach or violation, it often results in huge fines. In some cases, the breaches and resulting fines resulted from organizations knowingly violating HIPAA regulations and just hoping they wouldn’t get caught.

HIPAA

HIPAA Due Diligence Compliance Health Insurance

Healthcare Data Breach Statistics

HIPAA Journal

MARCH 20, 2025

The HIPAA Journal has compiled healthcare data breach statistics from October 2009, when the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) started publishing summaries of healthcare data breaches on its website. This page is regularly updated to reflect the latest healthcare data breach statistics.

HIPAA

HIPAA Ransomware Compliance Hospitals

Security Breaches in Healthcare in 2023

HIPAA Journal

JANUARY 31, 2024

In the paper, the HHS indicated it will be adopting a carrot-and-stick approach by developing voluntary Healthcare and Public Health (HPH) Sector Cybersecurity Goals (CPGs) that consist of cybersecurity measures that will have the greatest impact on security along with an update to the HIPAA Security Rule to add new cybersecurity requirements.

Ransomware

Ransomware HIPAA Hospitals Compliance

Settlement Agreed with Florida Children’s Health Insurance Website Contractor to Resolve False Claims Act Allegations

HIPAA Journal

MARCH 15, 2023

The United States Department of Justice has agreed to settle alleged False Claims Act violations with Jelly Bean Communications Design LLC and manager Jeremy Spinks related to the failure to protect HIPAA-covered data. Companies have a fundamental responsibility to protect the personal information of their website users.

Health Insurance

Health Insurance HIPAA Fraud Due Diligence

When Can PHI be Disclosed?

HIPAA Journal

OCTOBER 21, 2022

Most sources of information answering the question when can PHI be disclosed refer to the standards of the HIPAA Privacy Rule that specify the required and permissible uses and discloses of PHI, and those that require the consent or authorization of the individual (§164.502 – §164.514). When Can PHI be Disclosed According to the Privacy Rule?

HIPAA

HIPAA Due Diligence Compliance Licensing

Part 1: Basics of Artificial Intelligence (AI) and Healthcare Compliance

AIHC

JUNE 6, 2023

AI Use in Healthcare Research & Quality As posted in the American Institute of Healthcare Compliance (AIHC) June monthly newsletter, the Agency for Healthcare Research & Quality (AHRQ) grantee is testing AI for use to improve breast cancer screening accuracy and efficiency. Beware of new companies offering such services.

Compliance

Compliance Medical Billing HIPAA Due Diligence

The Importance of Third-Party Compliance: Mitigating Risks and Ensuring Accountability

Compliancy Group

DECEMBER 29, 2023

This is where third-party compliance comes into play – a crucial aspect of any organization’s risk management strategy. By establishing robust oversight mechanisms and enforcing accountability measures, companies can safeguard their reputation and maintain regulatory compliance across all areas of operation.

Compliance

Compliance Regulatory Compliance Due Diligence HIPAA

Why Is Credentialing Management Software Important?

MedTrainer

AUGUST 2, 2023

Good credentialing management opens the door to a wide range of benefits at both the facility and organization levels: Compliance With Regulatory Standards. Credentialing management helps organizations maintain compliance with regulatory standards set by accrediting bodies, government agencies, and industry regulators.

Malpractice

Malpractice Compliance Licensing Due Diligence

Part 1: Basics of Artificial Intelligence (AI) and Healthcare Compliance

AIHC

JUNE 6, 2023

AI Use in Healthcare Research & Quality As posted in the American Institute of Healthcare Compliance (AIHC) June monthly newsletter, the Agency for Healthcare Research & Quality (AHRQ) grantee is testing AI for use to improve breast cancer screening accuracy and efficiency. Beware of new companies offering such services.

Compliance

Compliance Medical Billing HIPAA Due Diligence

Cybersecurity Threats to Health Systems

American Medical Compliance

DECEMBER 20, 2022

Third, due diligence with partners is essential to prevent attacks. American Medical Compliance (AMC) is a leader in the industry for compliance, billing, and HR solutions. Learn more about protecting patient data by taking AMC’s HIPAA Regulations and Cybersecurity Training for Healthcare Personnel course.

Due Diligence

Due Diligence COVID-19 Compliance HIPAA

Mitigating Risks from Online Tracking Technologies

YouCompli

NOVEMBER 15, 2023

Because they pose risks to patient privacy and security, it is important for compliance pros to understand them and, of course, comply with applicable federal laws. With the OCR and FTC focusing on these issues, compliance professionals should as well so they can best support their organization and their patients.

US Department of Health and Human Services

US Department of Health and Human Services HIPAA Compliance Due Diligence

Mitigating Healthcare Cyber Risk Through Vendor Management

HIT Consultant

OCTOBER 17, 2022

Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is exercising its enforcement discretion to not impose penalties for noncompliance with HIPAA and the HITECH Act as it relates to “good faith” implementations of remote technologies used to provide telehealth. While the U.S. – Ongoing risk-based monitoring.

Due Diligence

Due Diligence HIPAA Compliance Governance

Top Security Certifications Required for Data Protection

HIT Consultant

FEBRUARY 9, 2023

A lack of regulatory compliance, network and technical vulnerabilities, unencrypted information, unsecured mobile devices, and weak credentials all play a part in putting a healthcare organization at risk for a data breach. Paul Banco, CEO of etherFAX    How secure is your data? How Can a Data Breach Be Prevented?

Regulatory Compliance

Regulatory Compliance Due Diligence Compliance Compliance Framework

The Value of an Enterprise Active Data Archive Begins with Patient Safety

HIT Consultant

DECEMBER 26, 2021

As other mandates, including the Health Insurance Portability and Accountability Act (HIPAA) and the Cures Act, all came into play, the need to digitalize records to ensure privacy and confidentiality as well as improve interoperability has forced payors and providers alike to look at data differently.

Due Diligence

Due Diligence Compliance HIPAA Nurses

Updated Compliance Tool for Developers of Mobile Health Apps

Hall Render

JANUARY 11, 2023

The Health Breach Notification Rule applies only to organizations not subject to HIPAA and is triggered when there is unsecured, individually identifiable information in a PHR. For example, reimbursement under Medicare and Medicaid for certain telemedicine services was significantly increased due to the COVID-19 pandemic.

Compliance

Compliance HIPAA FDA Due Diligence

Protecting Privacy: Lessons from the OCR-Yakima Valley Memorial Hospital Snooping Settlement

Total Medical ComplianceHIPAA

JULY 6, 2023

Vendor Due Diligence: Conduct thorough due diligence when selecting and working with vendors who have access to sensitive data. Confirm they adhere to robust privacy and security standards and regularly monitor their compliance.

Due Diligence

Due Diligence Hospitals Compliance HIPAA

Another Resolution by DOJ Pursuant to its Civil Cyber-Fraud Initiative Highlights Continued Efforts to Hold Companies Accountable for Ensuring Data are Secured

Health Care Law Brief

JUNE 5, 2023

Despite not providing the foregoing, Jelly Bean represented compliance with its contract with FHKC. Government contractors, such as Jelly Bean, are expected “to do the due diligence to keep software applications updated and secure” to ensure the “safeguarding [of] patients’ medical and other personal information.”

Fraud

Fraud Due Diligence Medicaid Medicaid

What You Need for Your SOC 2 Readiness Assessment

Compliancy Group

DECEMBER 7, 2023

Your first step to SOC 2 compliance is completing a SOC 2 readiness assessment. Compliance with Policies Verify that your employees and partners adhere to established security policies and guidelines through awareness training and regular compliance checks. What is a SOC 2 Gap Assessment?

Compliance

Compliance Due Diligence Compliance Framework Regulatory Compliance

HIPAA Phishing Scandal Results in $3M OCR Settlement

Ensuring the Security and Privacy of Patient Data while Managing Large Volumes of Electronic Health Records (EHRs)

Webinars

Trending Sources

What is a HIPAA Violation?

Webinars

Six Compelling Reasons to Begin Your HIPAA Compliance Journey Before the Year Ends

Is Gmail’s Confidential Mode HIPAA Compliant?

HIPAA Compliance for Hospitals

Compliancy Group Confirms Ruffian Software as HIPAA Compliant

What Happens if You Break HIPAA Rules?

Why Vendor Due Diligence is Crucial in Preventing Third-Party Data Breaches

Your Healthcare Compliance Due Diligence Checklist

Guide to HIPAA Safeguards

Building a Culture of Compliance

The Healthcare Cybersecurity Ecosystem: A System in Need of Comprehensive Care

Seven Elements of a Compliance Program

Is Microsoft Teams HIPAA Compliant?

Navigating AI’s Double-Edged Sword: Cyber Resilience in Healthcare

Protected Health Information (PHI): Everything You Need to Know about HIPAA and PHI

Healthcare Remains Top Target in 2022 ITRC Breach Report

HIPAA Security Rule Checklist

HIPAA Compliant Environment or a Culture of Compliance?

Breach Prevention: 5 Best Practices to Protect Your Data

5 Steps for Effective Vendor Compliance Management

The Complicated Nature of BAA Compliance

Is Your Data Supply Chain Ethical? Don’t Restrict Due Diligence to Physical Operations.

Navigating HIPAA Compliance in Tracking Technologies

Médecins Sans Frontières/Doctors Without Borders Deploys Celo Health Secure Messaging Solution to Support its Humanitarian Efforts in 87 Countries

What’s the Civil Penalty for Unknowingly Violating HIPAA?

Healthcare Data Breach Statistics

Security Breaches in Healthcare in 2023

Settlement Agreed with Florida Children’s Health Insurance Website Contractor to Resolve False Claims Act Allegations

When Can PHI be Disclosed?

Part 1: Basics of Artificial Intelligence (AI) and Healthcare Compliance

The Importance of Third-Party Compliance: Mitigating Risks and Ensuring Accountability

Why Is Credentialing Management Software Important?

Part 1: Basics of Artificial Intelligence (AI) and Healthcare Compliance

Cybersecurity Threats to Health Systems

Mitigating Risks from Online Tracking Technologies

Mitigating Healthcare Cyber Risk Through Vendor Management

Top Security Certifications Required for Data Protection

The Value of an Enterprise Active Data Archive Begins with Patient Safety

Updated Compliance Tool for Developers of Mobile Health Apps

Protecting Privacy: Lessons from the OCR-Yakima Valley Memorial Hospital Snooping Settlement

Another Resolution by DOJ Pursuant to its Civil Cyber-Fraud Initiative Highlights Continued Efforts to Hold Companies Accountable for Ensuring Data are Secured

What You Need for Your SOC 2 Readiness Assessment

Stay Connected