Governance and HIPAA - Health Care Compliance Brief

The Limits of HIPAA Auditing and What Needs to Change

Healthcare IT Today

APRIL 10, 2025

Despite the stringent requirements outlined in the Health Insurance Portability and Accountability Act (HIPAA), enforcement remains alarmingly limited. Compounding this issue, OCR may now have even fewer resources to enforce HIPAA regulations amid shifting federal priorities and ongoing budget cuts in Washington.

HIPAA

HIPAA Compliance Framework Compliance Governance

A Look at Changes in the NEW HIPAA Security Rule

Healthcare IT Today

JANUARY 7, 2025

Proposed Changes Require Strong Cybersecurity The newly proposed changes to the 2013 HIPAA Security Rule published yesterday in the U.S. Following federal rulemaking procedures, the proposed HIPAA Security Rule from the U.S.

HIPAA

HIPAA Compliance Ransomware Governance

HHS OCR Settles HIPAA Ransomware Cybersecurity Investigation for $90,000

Compliancy Group

NOVEMBER 5, 2024

, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) settled a HIPAA ransomware cybersecurity investigation of Bryan County Ambulance Authority (BCAA). HIPAA Ransomware Cybersecurity Investigation: The Risk Analysis Initiative In late October of 2024, a conference was held in Washington, D.C. by the U.S.

Ransomware

Ransomware HIPAA Compliance Governance

Webinars

Bridging Innovation & Patient Care: The Growing Role of AI

MORE WEBINARS

Going beyond HIPAA compliance is worthwhile

Healthcare Dive

APRIL 11, 2022

Just because HIPAA doesn't require the use of data governance technology doesn't mean you can do without it.

HIPAA

HIPAA Compliance Governance

HIPAA Compliance: Can Your Organization Avoid Costly Government Penalties and Fines?

Colington Consulting was established in 2013 and helps organizations achieve HIPAA compliance and ensures clients stay current with the latest enforcement trends. We provide a full range of HIPAA compliance services and consulting.

HIPAA

Managing Competing Government Data Requirements and Best Practices to Balance Sharing with Protection

Healthcare IT Today

NOVEMBER 20, 2024

Plus, there’s a complex maze of national and state laws which govern when and how healthcare data can and should be shared. We start off our interview with asking Weitnauer about what’s required to reconcile the competing requirements of government regulations (CURES Act, Interoperability Regulations, HIPAA, etc).

Governance

Governance HIPAA Hospitals

Senate Committee Told How Federal Government Can Improve Healthcare Cybersecurity

HIPAA Journal

MARCH 20, 2023

Senate Committee on Homeland Security and Governmental Affairs held a hearing to examine cybersecurity risks to the healthcare sector, how healthcare providers and the federal government are working to combat those threats, and determine what the federal government needs to do to improve defenses against cyberattacks on the healthcare sector.

Governance

Governance Public Health HIPAA COVID-19

A Brief Quantum Medicine Policy Guide

Bill of Health

DECEMBER 6, 2024

These technologies can act as privacy enhancing techniques (PET) to ensure privacy and compliance with regulations like HIPAA and GDPR. The EU AI Act , proposed EU AI Liability Directive , and laws under the European Strategy for Data , such as the Data Governance Act , may also play roles. The regulatory landscape in the U.S.

FDA

FDA Governance Compliance Bioethics

Code Red: Healthcare Cybersecurity in a Post-Chevron World

HIT Consultant

OCTOBER 22, 2024

The healthcare sector, heavily regulated by statutes such as HIPAA and new cybersecurity guidelines like the Health Sector Cybersecurity Coordination Center (HSCC) Health Industry Cybersecurity Practices (HICP), now faces uncertainty. For example, HHS has interpreted HIPAA to require robust cybersecurity measures to protect patient data.

HIPAA

HIPAA Compliance Public Health Medicaid

HIPAA: Why It Matters to Your Practice

Advertiser: Abyde

85% of practices are not complying with the government’s HIPAA standards. The large majority of practices are likely trying to protect patients’ information, but they may not be doing all that they need to meet government requirements. Not complying with HIPAA has definite drawbacks, with one major one being massive fines.

HIPAA

AHA says OCR's online tracking tool rules need to go

Healthcare It News

OCTOBER 3, 2023

Health and Human Services Office of Civil Rights rule regarding the use of online tracking tools is at odds with existing HIPAA rules and could cause meaningful harm to patients and public health. "Should requirements of such a duty be based on the sensitivity of collected data?"

HIPAA

HIPAA Hospitals Public Health Doctors

WebMD Ignite collaborates on data privacy in omnichannel outreach

Healthcare It News

OCTOBER 24, 2023

To better navigate the regulatory guidance governing tracking technologies and ensure the PHI of patients and prospective patients stays safe, WebMD Ignite said Tuesday that it can help healthcare organizations ensure they're not sharing protected data with tools that aren’t HIPAA-compliant.

HIPAA

HIPAA Hospitals Public Health Governance

Ensuring the Security and Privacy of Patient Data while Managing Large Volumes of Electronic Health Records (EHRs)

Healthcare IT Today

DECEMBER 10, 2024

It involves a comprehensive approach that integrates strong governance policies, advanced technology, and vigilant human oversight. Look for HIPAA compliance, EPCS compliance, HITRUST certification, ONC Certified HIT certification, SOC-2 Type II certification, and more. Does your vendor maintain proper certification and compliance?

Compliance

Compliance Due Diligence HIPAA Governance

Clarifying the HIPAA Retention Requirements

HIPAA Journal

MARCH 31, 2023

The reason the HIPAA retention requirements needs clarifying is that the distinction between HIPAA medical records retention and HIPAA record retention can be confusing. Throughout the Administrative Simplification Regulations of HIPAA, there are several references to HIPAA data retention.

HIPAA

HIPAA Medicare Medicare Compliance

What Are THE 3 Major Things Addressed in the HIPAA Law?

HIPAA Journal

MARCH 30, 2022

Articles discussing the 3 major things addressed in the HIPAA law often tend to focus on the Administrative, Physical, and Technical Safeguards of the Security Rule. However, although the Safeguards of the Security Rule are 3 things in the HIPAA law, they are not THE 3 major things addressed in the HIPAA law. The Need to Reform.

HIPAA

HIPAA Fraud Health Insurance Health Care Reform

AHA, H-ISAC warn hospitals about Black Basta following Ascension cyberattack

Healthcare It News

MAY 13, 2024

"Recent actionable threat intelligence provided by our partners in the Health-ISAC and government agencies indicate that this known Russian-speaking group is actively targeting the U.S. For that reason, many industry observers continue to suggest that now is the time for the government to fund the critical sector.

Hospitals

Hospitals Ransomware Governance Doctors

HHS urges patient education on privacy basics

Healthcare It News

OCTOBER 19, 2023

THE LARGER TREND Telehealth increases cyber risk across applications and endpoint security and challenges healthcare organizations in their efforts to comply with HIPAA. Contained in OCR's companion handout – Telehealth Privacy and Security Tips for Patients – the tips can be shared directly with patients.

HIPAA

HIPAA Telemedicine Governance

Language Barriers: Protecting Your Organization From A Hidden HIPAA Threat

Healthcare IT Today

SEPTEMBER 28, 2023

The following is a guest article by Bill Young, Director of Healthcare & Life Sciences at SYSTRAN Keeping patient data confidential and secure remains a major healthcare challenge today, more than 25 years after the introduction of the 1996 Health Insurance Portability & Accountability Act or HIPAA.

HIPAA

HIPAA US Department of Health and Human Services Governance Health Insurance

Does HIPAA Apply to Employers?

HIPAA Journal

JANUARY 1, 2023

The question “Does HIPAA Apply to Employers” is one that has provoked many different responses due to the complicated nature of the HIPAA Privacy Rule. The HIPAA Privacy Rule is one of the most complicated pieces of legislation affecting the healthcare and health insurance industries.

HIPAA

HIPAA Doctors Hospitals Compliance

Comparing HIPAA and NIST

Total HIPAA

NOVEMBER 1, 2023

In the ever-evolving landscape of data security and privacy, two key frameworks have emerged as significant players: HIPAA and NIST. HIPAA, particularly through its Security Rule, establishes standards for the protection of electronic protected health information (ePHI).

HIPAA

HIPAA Compliance Health Insurance Governance

How health systems can better protect patient privacy

Healthcare It News

SEPTEMBER 21, 2023

Joint governance leads to better patient protection Liederman credited joint governance for helping to facilitate a higher sense of trust among patients and the workforce. " To safely address insider snooping you have to record all the views and actions, which HIPAA requires anyway.

Governance

Governance HIPAA Ransomware Licensing

NIST Urged to Make HIPAA Security Rule Implementation Guidance More Usable by Small Providers

HIPAA Journal

OCTOBER 5, 2022

Recently, NIST issued a draft update (SP 800-66r2) to its 2008 publication: An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, and sought feedback from industry stakeholders ahead of the publication of the final version of the guidance. Background. Now that H.R.

HIPAA

HIPAA COVID-19 Compliance Health Insurance

Should Government Play a Bigger Role in Healthcare Cybersecurity?

Healthcare IT Today

SEPTEMBER 4, 2024

In light of that, many have wondered whether the government has a role to play in healthcare cybersecurity. What role does the government have, if any, when it comes to healthcare cybersecurity? What role does the government have, if any, when it comes to healthcare cybersecurity? Here are his responses.

Governance

Governance US Department of Health and Human Services Regulatory Compliance Ransomware

Key Challenges in Maintaining Compliance with Regulatory Standards in the Context of Health Information Management

Healthcare IT Today

DECEMBER 24, 2024

To learn more about this, we reached out to our brilliant Healthcare IT Today Community and asked them what are the key challenges in maintaining compliance with regulatory standards, such as HIPAA , in the context of health information management? It’s more than just completing your annual HIPAA assessment.

Compliance

Compliance HIPAA Governance Regulatory Compliance

The Light Collective amplifies its call for patient data rights

Healthcare It News

SEPTEMBER 16, 2024

In its current state, the bill lacks protections for data not covered by HIPAA, including personal health records, de-identified data and health data shared by patient groups on social media platforms such as Facebook, they argue. The HIMSS Healthcare Cybersecurity Forum is scheduled to take place October 31-November 1 in Washington, D.C.

HIPAA

HIPAA Hospitals World Health Governance

Outsourced Billing Services for Podiatrists

Medisys Compliance

DECEMBER 19, 2024

Specialized podiatry billing services ensure adherence to unique guidelines such as those governing routine foot care, diabetic foot exams, and nail care. HIPAA Compliance and Data Security: Ensure that the billing service adheres to HIPAA regulations to protect patient information. Claims submission and denial management.

Medical Billing Outsourcing

Medical Billing Outsourcing Medicare Medicare Compliance

HIPAA Enforcement is Changing. Providers Must Too.

HIT Consultant

DECEMBER 20, 2023

Cam Roberson, VP at Beachhead Solutions Healthcare delivery organizations and those working with them that are still in business are either well aware of their duties under HIPAA, work with managed service providers that understand the law well, or…are lucky to have made it this far. The recent bill H.R.7898

HIPAA

HIPAA Ransomware Governance

Up to 11 Million Health Records Compromised in Cyberattack on Government Contractor

HIPAA Journal

JULY 31, 2023

a government services contracting company, has announced in a Securities and Exchange Commission (SEC) filing that hackers exploited a zero-day vulnerability in Progress Software’s MOVEit Transfer solution in May 2023 and accessed the protected health information (PHI) of between 8 and 11 million individuals. Reston, VA-based Maximus Inc.,

Governance

Governance Medicare Medicare Ransomware

Editorial: HIPAA Enforcement Trends and Outlook

HIPAA Journal

MARCH 17, 2023

Considering the Health Insurance Portability and Accountability Act (HIPAA) is now in its third decade, the Privacy Rule took effect 20 years ago, and compliance with the HIPAA Security Rule has been mandatory for 18 years, there have been relatively few financial penalties over the years, with just 130 imposed by OCR to resolve HIPAA violations.

HIPAA

HIPAA Compliance Health Insurance Governance

Three Steps to Unlock the Power of AI for Healthcare Transformation

Healthcare IT Today

DECEMBER 2, 2024

Are there standardized protocols for data collection that ensure compliance with regulations such as HIPAA? Implementing AI responsibly requires adopting a proactive approach to security and implementing robust data governance practices.

Regulatory Compliance

Regulatory Compliance Compliance HIPAA Governance

UHG says it's rebuilding Change Healthcare with cloud-based security

Healthcare It News

MAY 2, 2024

" Several members of Congress used their time to ask how the company intends to help patients, providers and government employees exposed and continuing to suffer financial strain in the outage. Gary Palmer, R-Alabama, asked about the duration of the fallout from the cyberattack.

US Department of Health and Human Services

US Department of Health and Human Services HIPAA Ransomware Governance

Health systems' websites still face uncertain regulatory terrain

Healthcare It News

OCTOBER 8, 2024

Becerra that sought to bar enforcement of the Office for Civil Rights rule governing the use of online tracking tools. "The state law requirements are all still at issue, and in some cases are more stringent than HIPAA. The American Hospital Association has pushed back and filed suit. The highest risk is class action litigation.

HIPAA

HIPAA Hospitals Governance

Medical Express Ambulance Service Data Breach Affects 118K Individuals

HIPAA Journal

APRIL 16, 2025

comprehensive review of all files on the network confirmed that the exposed information included names, Social Security numbers, dates of birth, addresses, diagnoses, pathology test results, medical record numbers, driver’s license numbers, unique or other government issued identification numbers, and health insurance information.

Licensing

Licensing Health Insurance HIPAA Ransomware

Mistrial Declared in Criminal HIPAA Prosecution of Couple Who Disclosed PHI to Undercover FBI Agent

HIPAA Journal

JUNE 6, 2023

The prosecution of two doctors accused of criminal HIPAA violations and conspiring with the Russian government has ended in a mistrial as the jury could not reach a unanimous guilty verdict. government and military to Russia. government and military to Russia. government. Dr. Anna Gabrielian.

HIPAA

HIPAA Doctors Governance Compliance

Understanding Whistleblower Protections in Healthcare – Legal Obligations and Compliance Implications

AIHC

APRIL 22, 2025

Atkins, PhD, MSW, LMSW, CPC, CIGE The governments new whistleblower complaint portal launched in April 2025 emphasizes the importance of complying with regulations related to qui tam suits, OCR investigations and protecting the rights of employees submitting a tip or complaint internally or to authorities. Written by Dr. Stacey R.

Compliance

Compliance HIPAA Compliance Officers Fraud

Weekly Roundup – April 12, 2025

Healthcare IT Today

APRIL 12, 2025

Michael Burns at Michigan Medicine described the role of automated data exchange between state governments and healthcare organizations to help families who have lost a loved one. Read more… The Limits of HIPAA Auditing – and What Needs to Change. That puts the onus on IT teams to take the lead in closing compliance gaps.

HIPAA

HIPAA Telemedicine Governance Compliance

Cerebral Admits HIPAA Breach, Reports Leak of Data On 3.1 Million Users

Healthcare IT Today

MARCH 24, 2023

Cerebral’s investigation concluded that the data might be considered protected health information and that it had failed to make sure that these third parties met HIPAA requirements for protecting PHI. Its leaders found that the tracking technology used to mine user data had disclosed information to third parties and subcontractors.

HIPAA

HIPAA Health Insurance Governance Telemedicine

Understanding the Common Agency Provision in HIPAA – aka “Basis for a Civil Money Penalty,” or 45 CFR § 160.402

Total HIPAA

SEPTEMBER 12, 2023

In the extensive world of rules and regulations related to HIPAA, it’s crucial to have a clear grasp of specific rules for both legal and ethical reasons. ” This rule serves as a central reference point for organizations that are subject to the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA

HIPAA Compliance Health Insurance Doctors

The AI Prescription: The Risks and Responsible Use of AI in Healthcare Technology

Healthcare IT Today

MARCH 27, 2025

Without strict governance, AI tools could inadvertently violate HIPAA and other healthcare privacy laws, placing patient confidentiality at riskmissteps that are not easily forgiven. The Risks: Ethics, Bias, and Compliance Challenges AI’s role in healthcare is evolving, but so are its associated challenges.

Governance

Governance Compliance HIPAA Regulatory Compliance

Send Mammogram leverages cloud for data security

Healthcare It News

OCTOBER 11, 2022

By leveraging ClearDATA’s CyberHealth platform, Send Mammogram has been able to go beyond the standards of HIPAA and HITRUST compliance for patients and providers, according to the announcement. ON THE RECORD.

Compliance

Compliance Health Outcomes HIPAA Governance

Laboratory Services Cooperative Breach Impacts 1.6 Million People

HIPAA Journal

APRIL 11, 2025

Additional identifiers such as Social Security Numbers, driver’s license/state ID numbers, passport numbers, dates of birth, demographic data, student ID numbers, and other government identifiers. Million People appeared first on The HIPAA Journal. The post Laboratory Services Cooperative Breach Impacts 1.6

Ransomware

Ransomware Fraud HIPAA Licensing

Beacon Health System Affected by Two Business Associate Email Breaches

HIPAA Journal

MARCH 28, 2025

The post Beacon Health System Affected by Two Business Associate Email Breaches appeared first on The HIPAA Journal. Neither incident is currently shown on the HHS Office for Civil Rights breach portal, so it is unclear how many patients have been affected.

Licensing

Licensing Health Insurance HIPAA Medicaid

Hyperautomation in Healthcare: Transforming IT with Benefits and Risks

HIT Consultant

JANUARY 12, 2025

By ensuring continuous monitoring and rapid responses to cyber risks, hyperautomation safeguards sensitive patient data and reinforces compliance with strict regulatory requirements like HIPAA. To overcome this challenge, healthcare organizations should prioritize investments in robust data integration tools and governance frameworks.

Compliance

Compliance HIPAA Governance Telemedicine

Advancing Behavioral Health Care Through AI Integration

Healthcare IT Today

NOVEMBER 29, 2024

Privacy considerations extend beyond standard HIPAA compliance. Additionally, data anonymization protocols should be established for individual patient information and aggregated AI insights, with clear governance policies for data retention and disposal. Clinical oversight continues to be a critical component of AI implementation.

Patient Satisfaction

Patient Satisfaction Public Health HIPAA Governance

The Limits of HIPAA Auditing and What Needs to Change

A Look at Changes in the NEW HIPAA Security Rule

Webinars

Trending Sources

HHS OCR Settles HIPAA Ransomware Cybersecurity Investigation for $90,000

Webinars

Going beyond HIPAA compliance is worthwhile

HIPAA Compliance: Can Your Organization Avoid Costly Government Penalties and Fines?

Managing Competing Government Data Requirements and Best Practices to Balance Sharing with Protection

Senate Committee Told How Federal Government Can Improve Healthcare Cybersecurity

A Brief Quantum Medicine Policy Guide

Code Red: Healthcare Cybersecurity in a Post-Chevron World

HIPAA: Why It Matters to Your Practice

AHA says OCR's online tracking tool rules need to go

WebMD Ignite collaborates on data privacy in omnichannel outreach

Ensuring the Security and Privacy of Patient Data while Managing Large Volumes of Electronic Health Records (EHRs)

Clarifying the HIPAA Retention Requirements

What Are THE 3 Major Things Addressed in the HIPAA Law?

AHA, H-ISAC warn hospitals about Black Basta following Ascension cyberattack

HHS urges patient education on privacy basics

Language Barriers: Protecting Your Organization From A Hidden HIPAA Threat

Does HIPAA Apply to Employers?

Comparing HIPAA and NIST

How health systems can better protect patient privacy

NIST Urged to Make HIPAA Security Rule Implementation Guidance More Usable by Small Providers

Should Government Play a Bigger Role in Healthcare Cybersecurity?

Key Challenges in Maintaining Compliance with Regulatory Standards in the Context of Health Information Management

The Light Collective amplifies its call for patient data rights

Outsourced Billing Services for Podiatrists

HIPAA Enforcement is Changing. Providers Must Too.

Up to 11 Million Health Records Compromised in Cyberattack on Government Contractor

Editorial: HIPAA Enforcement Trends and Outlook

Three Steps to Unlock the Power of AI for Healthcare Transformation

UHG says it's rebuilding Change Healthcare with cloud-based security

Health systems' websites still face uncertain regulatory terrain

Medical Express Ambulance Service Data Breach Affects 118K Individuals

Mistrial Declared in Criminal HIPAA Prosecution of Couple Who Disclosed PHI to Undercover FBI Agent

Understanding Whistleblower Protections in Healthcare – Legal Obligations and Compliance Implications

Weekly Roundup – April 12, 2025

Cerebral Admits HIPAA Breach, Reports Leak of Data On 3.1 Million Users

Understanding the Common Agency Provision in HIPAA – aka “Basis for a Civil Money Penalty,” or 45 CFR § 160.402

The AI Prescription: The Risks and Responsible Use of AI in Healthcare Technology

Send Mammogram leverages cloud for data security

Laboratory Services Cooperative Breach Impacts 1.6 Million People

Beacon Health System Affected by Two Business Associate Email Breaches

Hyperautomation in Healthcare: Transforming IT with Benefits and Risks

Advancing Behavioral Health Care Through AI Integration

Stay Connected