Healthcare Security & Compliance Blog

 
  • All Categories
  • Cybersecurity
  • Digital Front Door
  • HIPAA
  • HITRUST
  • NIST
  • Third Party Risk Management

5 Things You Need to Know for HIPAA Compliance in 2023

HIPAA compliance is changing. New ways of working in the healthcare industry, the migration to digital, and evolving technologies have driven updates to the HIPAA privacy rule, set to take effect in 2023. But it’s not just the official rules that have changed; it’s also the approach to compliance.  If…

Read More

4 Key Elements of HIPAA Compliance in Today’s Evolving Environment

HIPAA compliance remains a critical and ever-evolving piece of healthcare and patient privacy. HIPAA (Health Insurance Portability and Accountability Act) protects sensitive patient data and health information, upholding the integrity of medical and healthcare organizations and supporting patient rights. However, with the ongoing and explosive escalation of new technologies like…

Read More

405(d): What is it and why should you care?

What is 405(d)?  With security incidents and breaches increasing year over year within the healthcare sector, it is up to both public and private organizations and cybersecurity experts to build a more secure healthcare system. In 2015, congress passed the Cybersecurity Act to help combat the increase in cyber threats…

Read More

Keys to Successfully Achieving HIPAA Compliance

Are you looking for some best practices to complete your HIPAA  compliance this year? We can help! Here are a few things you can do throughout the year that will go a long way to ensuring security and compliance. Many organizations put off completing their Security Risk Assessment (SRA) until…

Read More

HITRUST i1 Frequently Asked Questions

During a recent webinar we received several questions about the new i1 and r2 HITRUST assessment options. For easy reference, we’ve summarized the questions and answers in this blog post. Q. What was the basis for deciding which controls go into i1? A. HITRUST took several frameworks and industry segments…

Read More

So Many HITRUST Offerings: Which Option Is Right For You?

Understanding the nuances of the new HITRUST assessment portfolio can be difficult, especially when trying to determine which assessment is right for you. In this blog we will outline the types of HITRUST assessments, their differences, key characteristics, and possible use cases for each. Starting with the highest level of…

Read More

Navigating Your HITRUST Assessment Scope

What is a HITRUST assessment scope and why is it so important? Scoping is the process of outlining the systems and datasets you plan to include in your HITRUST assessment. It is a necessary step in the HITRUST process and should be your first level of engagement with HITRUST. Scoping…

Read More

CMS Requirements for MIPS 2022 – What’s at Stake?

Written by Sarah Reiter, SVP Strategic Partnerships with Health eFilings On November 2, 2021, the Centers for Medicare and Medicaid Services (CMS) issued the Final Rule for the 2022 MIPS program.  These rules detail the requirements for this MIPS reporting period, which started on Jan. 1, 2022, and align with…

Read More

How to Quickly Address Your HIPAA Compliance Issues

Let’s be honest, if you are reading this, you probably still have “complete your HIPAA Security Risk Assessment (SRA)” on your to-do list and you are wondering what you can do to get it done before the end of the year. (December 31st is right around the corner) We understand procrastination, but we also understand the importance…

Read More

Addressing HIPAA Privacy Rules and Cybersecurity for Hospitals and Health Systems

Managing HIPAA compliance can be a messy, complex process; especially for hospitals and health systems managing compliance for hundreds of individual clinics and practices. It can be difficult to track, maintain and report on risk management and cybersecurity efforts. Many organizations are using time-consuming manual processes such as spreadsheets and emails for compliance, which can require a significant investment of time,…

Read More

The Simplest Way to Manage Your Business Associate Agreements

Importance of a Business Associate Agreement The Privacy Rule under HIPAA requires the safeguarding of protected health information (PHI) and applies to all covered entities (CE) – healthcare providers, health plans and healthcare clearinghouses. Most providers do not carry out ALL their necessary healthcare functions. Billing, medical software, and electronic…

Read More

Essential Tips for HIPAA Security, Privacy, & Breach Compliance

HIPAA compliance can be difficult to approach on your own. Healthcare providers and their business associates are required to perform an annual HIPAA Security Risk Assessment (SRA) to ensure that proper physical, administrative, and technical controls are in place to protect health information. By performing a security risk assessment, not…

Read More

Implementing cybersecurity measures BEFORE you experience a breach

A cybersecurity nightmare “IT just informed us that our main software platform has been hacked.” A statement no CISO wants to hear. Do you have a plan for what to do next? Are you prepared to handle this? How will you recover servers and client data? As an organization, are…

Read More

Remote Cybersecurity: Best Practices

Remote work is here to stay  Many of us have been working remote for over a year now. The pandemic hit in March of last year and virtually all industries had to adapt. The transition was sudden at the time, and IT and security personnel quickly had to organize their workforce to successfully work remotely. Work from Home (WFH) is no longer a temporary solution…

Read More

HIPAA Compliance in the Changing World of Healthcare

A Changing World of Health Care The health care and HIPAA landscape have changed dramatically since the beginning of 2020. Reliance on telehealth and telecommuting has put practices at further risk for security breaches. Cyber Threats (Ransomware, Email Phishing, etc.) are increasing and becoming more successful. These are just a…

Read More

Elevating Your Privacy Compliance

Proposed changes to the HIPAA Privacy Rule are expected to be finalized in late 2022, with compliance enforcement likely beginning in 2023. These changes reflect the health care industry’s increased use of mobile communication, telehealth platforms and electronic health records, as well as updates to right to access requirements that…

Read More

The History of HITECH/HIPAA: Everything You Need to Know

The Establishment of HIPAA The Health Insurance Portability and Accountability Act, also known as HIPAA, was established on August 21, 1996. HIPAA was created to promote the portability and accountability of health insurance coverage. Consequently, it has affected the way healthcare organizations handle all facets of information management, including reimbursement,…

Read More

Implementing the NIST RMF: Step Zero

The NIST RMF is increasingly being seen as the gold standard for industries with critical or highly sensitive data needs – such as healthcare. It is an effective security planning and management framework that enables a comprehensive picture of organizational risk. This helps organizations build a solid risk management strategy, understand the areas that matter most to their organizational security and enable them to properly perform their essential business functions.   Yet, healthcare organizations…

Read More

Choosing a HIPAA Security and Privacy Officer for your compliance program

What is the purpose of a HIPAA Privacy and Security Officer? First and foremost, appointing a HIPAA security and a HIPAA privacy officer is a requirement, per 164.308(a)(2). In the past, healthcare providers were not protecting patient information as they should, so the federal government stepped in and implemented the…

Read More

HIPAA violations and how to avoid them

The Health and Human Services, Office for Civil Rights (OCR) is the governing body that enforces HIPAA and the consequences of HIPAA non-compliance. Periodically, the OCR will send out updates and announcements of recent HIPAA infractions. These announcements typically outline the HIPAA violation, the fine associated, and what corrective action…

Read More

Military service to country provides Intraprise Health staff with lifelong memories and skills

Serving our country is meaningful for Intraprise Health, especially for those employees who have served in the U.S. military. As a healthcare focused IT security firm, located in Yardley, Pennsylvania, Intraprise Health relies on its strong core of veterans to navigate the ever-changing cybersecurity landscape. Read full article

Read More

New State order for Health Insurance Companies

Insurance Data Security Risk Assessment and Reporting The state of Virginia announced this week that they have made changes to state HIPAA laws (14VAC5-430) and are now formally requiring health insurers to perform an annual NIST-based Cybersecurity Risk Assessment. The new requirements were released in a statement from the Commonwealth of…

Read More

The Benefits of HITRUST Certification

Today, covered entities and business associates are addressing a wide-range of regulatory requirements necessary to solve the growing complexities in the healthcare industry. Evolving technologies, migration to the Cloud, and cyber threats like ransomware are just a few top-of-the-mind issues. Combine those with regulations under HIPAA, Meaningful Use, PCI, COBIT…

Read More

We can help you access the LADMF

What is the LADMF? Healthcare organizations must access the LADMF to keep records up to date and prevent fraud. LADMF stands for Limited Access Death Master File, it is a database maintained by the Social Security Administration and contains over 86 million records on deceased individuals. This online file has many…

Read More

How Well Do You Understand Your HIPAA Risks?

HIPAA laws can be complex and challenging, but they are also increasingly critical for healthcare practices to understand and be in compliance. As more of your practice becomes digital in one form or another—electronic health records (EHRs), remote patient monitoring, practice management systems, medical billing software—your risk of a breach…

Read More

I have experienced a breach, now what?

What should I do? Navigating the world of HIPAA can be difficult; and in the event of discovering a breach, many are unsure of how to proceed. According to the Department of Health and Human Services (HHS) and the Office for Civil Rights (OCR), “a breach is an impermissible use or disclosure…

Read More

Online HIPAA Training and Certification

Need to complete your annual HIPAA training? Get started today with the HIPAA One® Knowledge Center! HIPAA One® Training Platform HIPAA training is an important element of any HIPAA compliance program. At Intraprise Health, our goal is to provide a training solution that simplifies the HIPAA compliance and certification process. As…

Read More

HIPAA One® Summer Release 2020

Intraprise Health is excited to announce the new features and updates for our HIPAA One® Summer Release 2020. The updates added to the HIPAA One® platform are designed to enhance the user experience through easier navigation, simplified workflows, and customized reporting. As an industry-leader for HIPAA compliance, our goal is…

Read More

Telehealth and COVID-19, Protecting ePHI

What is Telehealth? The Health Resources Services Administration (HRSA) defines telehealth as, “the use of electronic information and telecommunications technologies to support long-distance clinical health care, patient and professional health-related education, public health, and health administration. Technologies include videoconferencing, the internet, store-and-forward imaging, streaming media, and terrestrial and wireless communications.”…

Read More

HITRUST Assessments: Relying on the work of others

HITRUST has been a trusted framework since it was founded in 2007. It was created to champion programs that safeguard sensitive information and manage information risk. Intraprise Health is one of the first certified HITRUST assessors and is 100% healthcare focused.  We know the importance of ensuring organizations are secure…

Read More

Business Associate Agreements (BAA) and Microsoft Office 365

Note: This information has been updated, please visit our Microsoft Office 365 page. Health and Human Services (HHS) defines a Business Associate as, “any entity or person that is not directly employed by a provider, but who works with and on behalf of the provider and has access of the…

Read More

Healthcare Payers: Scalability and Risk Management-Based Prioritization

April 2020 As healthcare payers surge to meet the increasing needs of their members and health system partners, their IT and security teams are gleaning some timely reminders that scalability and adoption of a risk management framework are critically important in times of crisis. Scalability is a “muscle” that all…

Read More

Staying Alert: Coronavirus-themed phishing emails on the rise

COVID-19 phishing emails: The second virus you didn’t see coming As the Coronavirus spreads around the world, much of the workforce has been invited to work remotely for the next few weeks. It is important to uphold current security measures as well as implement new security measures to ensure the…

Read More

Coronavirus and HIPAA Compliance

During a public health emergency, it can be confusing to know what information can be shared about individuals who have contracted COVID-19 and those suspected of exposure. To help organizations navigate the complexities of sharing information, we want to walk through what disclosures are permitted. Before we jump in, it…

Read More
cybersecurity resources for healthcare

Resources for Healthcare Organizations During COVID-19 Pandemic

As COVID-19 changes the way many healthcare organizations are operating, Intraprise Health has been compiling a list of resources that we think will be useful to your organization.  Our team of cybersecurity experts has been fielding questions from clients on many of these topics.  Links to resources such as securing your work from home force, to…

Read More

Security and contingency planning in the shadow of COVID-19

We’ve received several inquiries from our colleagues in the healthcare industry related to the increased prevalence of remote work and contingency operations. Given these uncertain times, we wanted to share a few thoughts that might help as we proceed into some new and uncomfortable realities. Business as Usual (as much…

Read More

HIPAA Resources for COVID-19

With the recent Coronavirus outbreak, many healthcare professionals and business associates have questions about staying HIPAA compliant during a public health emergency. It can be confusing to know what information to trust. We have complied a list below of trusted sources for COVID-19 updates and HIPAA. COVID-19 Resources: CDC.gov/coronavirus WHO.int/emergencies/diseases…

Read More
Penetration Testing - why you need it

When Requesting a Penetration Test- Do You Know What to Ask For?

As we continue to rely on the interoperability of our computer systems in our everyday lives, we must remember this interconnectivity comes with a price. The ability to access devices remotely over the internet has created a new world of ease and freedom which can be manipulated by malicious actors. It’s quite eye-opening in its simplicity: If a device is…

Read More

Lessons learned from a $65,000 HIPAA fine

Last week the Department of Health and Human Services’ Office for Civil Rights (OCR) issued a press release announcing that West Georgia Ambulance has agreed to pay a settlement of $65,000. In addition to the monetary penalty, the organization agreed to adopt a corrective action plan that includes two years of monitoring…

Read More

The Present (and Future) of Healthcare IT Security

It has been another busy year for Healthcare IT. Between acquisitions, changes in regulations, and IoT, there has been a lot of progress. However, there is one trend we aren’t so proud of and that is the number of breaches that have happened in 2019. If you made it to…

Read More

HIPAA Enforcement is Here to Stay

Even though Meaningful Use, now MIPS, has been in production since 2012, often, we hear healthcare providers tell us they haven’t started their HIPAA compliance because they are too small to worry about being audited. Some also claim that the Office of Civil Rights (OCR) has eased their enforcement of…

Read More

Top HIPAA compliance pitfalls to avoid

If you work in the healthcare industry, you have heard the term HIPAA. Many healthcare professionals understand the basics of HIPAA, but few know what is required to fulfill HIPAA requirements and to be “HIPAA compliant.” This is especially concerning because organizations that don’t understand are neglecting to prioritize their…

Read More

Substance Abuse and HIPAA

War on Drugs It was the 1970’s: a time of disco dancing, polyester suits, and crazy nights. It was also time of increasing stress, depression, and anxiety following the Vietnam war and Watergate scandal. Many people were looking for an escape and turned to alcohol and drugs. This new era,…

Read More

Raising the standard of cybersecurity

New cybersecurity questions have been added to the HIPAA One® Security Risk Assessment. Cyberattacks on healthcare organizations are continuing to rise and the threat of a breach is a top concern for many organizations. Each time we turn on the news there is a new report of a ransomware attack…

Read More

Why it might be time to ditch SMS for MFA

BLUF: multi-factor authentication (MFA) utilizing SMS (i.e. text messaging) leaves an organization open to vulnerabilities. IT departments, users, and platform operators should cease use in lieu of vastly more secure app-based or hardware options. If you are serious about security, it is time to think twice about using text-messaging (SMS)…

Read More

Mitigating the risks of a ransomware attack

It’s no secret that organizations across the world in nearly all verticals have been reeling from the destructive effects of ransomware over the past several years. News outlets have been flooded with tales of lost productivity, revenue, and exorbitant sums paid. And from our experience, a substantial majority of these…

Read More

What You Need to Know About Split Tunneling

Today’s modern networks require flexibility to allow workers to work from multiple locations.  One of the most common methods to achieve remote network access is a Virtual Private Network (VPN).  VPN’s can come in all shapes and sizes, from hosted to on-premises, to in the cloud, and can be built…

Read More

Security is a necessity, NOT a luxury

I recently read a story about a man who won the lottery. Unlike most, this man opted for an annuity payment rather than the lump sum payment. This resulted in a smaller yet substantial sum of money being awarded annually over a twenty-year period. As time went on, the man…

Read More

Ransomware: 3 ways to protect your organization

News Update: healthcare organizations are being hacked 24/7. Those experiencing a ransomware attack can feel similar to having your home burglarized. In many cases, targeted hacking is financially motivated to hold data hostage and make payroll.  Hackers target executives because they have a lot of access to secured information. With…

Read More

How to Prepare for HITRUST Certification: Gaining Organizational Support

Why HITRUST? More than 81 % of U.S. hospitals and health systems and 80 % of U.S. health plans use the HITRUST Common Security Framework (CSF). It provides an implementation standard that is understood and accepted throughout the healthcare industry. Having HITRUST certification in place shows other healthcare entities that…

Read More

Zero Trust Architecture and the Future of Networking

By Joshua Perri In today’s networks, having a strong defense at the perimeter-points is not sufficient to keep your data safe. The IT landscape moves very quickly and so do the threats that we face. Strong networks will implement additional defenses to protect the internal boundary points. These additional defenses…

Read More

A balance of trust: new guidelines for business associates under HIPAA

The relationship between a covered entity and business associate requires a delicate balance of trust. This balance of trust works because each is invested in the security and protection of personal health information. As a covered entity, it is important to partner with business associates that have a strong security…

Read More

Don’t get caught! Five ways to avoid a phishing scam

I love to spend time with my family. Some of our favorite outdoor activities include skiing and mountain biking. Unfortunately, this time of year it is hard to do either activity because the snow is too slushy to ski and the canyon trails are too muddy to mountain bike. However,…

Read More

Tabletop Exercises: Unappreciated and Underutilized

Value for healthcare security – Not just a government planning tool Government defense and response agencies from the Pentagon to FEMA, from state government to the EPA, have been conducting tabletop exercises (TTXs) for years. Why? In a word: they work. Cybersecurity attacks have been increasing in numbers and complexity…

Read More

Four Tips to Help You Protect Your Medical Devices

How do you best protect your hospital or health system from the unique threats posed by unprotected medical devices? We asked our expert Ryan Patrick, for some tips.

Read More

DV-NJ HIMSS Post-Conference Blog

Inspira Health Network: Using CRM to Create an Engagement Ecosystem

Read More

Patient Engagement Platform at Inspira Health Network

Health network uses Dynamics 365 to transform care delivery and wow patients July 13, 2018 In a market where every provider delivers quality, Inspira Health Network wanted to go one step further by offering wow-factor patient service. So, the New Jersey–based healthcare provider adopted Microsoft Dynamics 365 to deepen its…

Read More

Inspira Health Network: Using CRM to Create an Engagement Ecosystem

By Jeff Fisher Product and Client Strategy, Intraprise Health In 2016, Inspira Health Network came to Intraprise with a goal: “Wow the patient.” As reimbursement models shift and healthcare is becoming more consumerized, forward-thinking health systems like Inspira are seeking new market differentiators to draw in clients.

Read More
Webinar: Scaling Third Party and Enterprise Risk Management webinar

Four Tips to Help Protect your Medical Devices

The Challenge of Medical Devices:  Medical devices represent significant exposure and potential vulnerability to healthcare organizations. There are thousands of medical devices in use even in small medical operations. These devices are generally made to meet a specific use, and not often created with security at top of mind. They…

Read More

POODLE and the BEAST: Ensuring you’re protected with Transport Layer Security

Transport Layer Security (TLS), and its predecessor Secure Sockets Layer (SSL), have come under scrutiny by security researchers and advisors in the wake of numerous vulnerabilities that plague their older versions. SSL/TLS are cryptographic protocols utilized while web browsing, emailing, and using Voice Over IP (VOIP) services.

Read More

Take a fresh look at your annual Security Risk Assessment (SRA)

Organizational Resilience and Security Risk Assessments The importance of a Security Risk Assessment is clear — it helps healthcare organizations ensure their physical, technical, and administrative safeguards are compliant with HIPAA requirements. It also assists in showing areas where an organization might be putting PHI and other sensitive information at…

Read More

Am I a business associate under HIPAA? Why should I care?

Back in 2013, when Edward Snowden was in Hong Kong revealing he leaked documents detailing mass-surveillance programs by the U.S. government, the Department of Health and Human Services (HHS) was creating the Final Omnibus Rule. This rule extended its regulatory reach beyond covered entities (e.g. healthcare providers, health plans, and clearinghouses)…

Read More

HIPAA Compliance for Microsoft Office 365

Organizations in every industry are upgrading to Microsoft Office 365 to improve security. A common concern among healthcare professionals is that using Office 365 and Microsoft Teams exposes an organization to HIPAA violations. If Office 365 is implemented without the correct security configurations, that is likely true. However, Office 365…

Read More

HIPAA Security Checklist

Our complimentary HIPAA Security Checklist summarizes HIPAA Security Rule requirements that should be implemented by covered entities and business associates. The citations are to 45 CFR § 164.300 et seq. You can download our checklist here. For additional resources concerning Security Rule requirements and compliance assistance, see the Office for Civil Rights (OCR)…

Read More

Healthcare Continues to Dominate Breach Related Costs

Across the country, healthcare organizations have a Goliath size security problem. For an eight-straight year, healthcare has the highest breach-related costs of any industry at $408 per lost or stolen record, nearly three times the cross-industry average of $148. Without a commitment to cyber-security, healthcare entities and their valuable databases containing…

Read More

Similar but Different: Gap Assessment vs Risk Assessment

If you’ve heard the terms gap assessment and risk assessment used interchangeably before in privacy or security conversations, you are not alone. At Intraprise Health, we have found that there are quite a few misconceptions about these two approaches and how to differentiate between them. In this post, we’ll define…

Read More

GDPR and Windows 10 Compliance

Note: This information has been updated. Please visit our M365 Compliance page. On April 14, 2016, the European Union (EU) ratified the final version of the General Data Protection Regulation aka GDPR. The new GDPR regulation has been characterized as the most sweeping and impactful change to privacy and data…

Read More

GDPR and the Impact on U.S. Healthcare Providers

A new acronym has begun popping up within the healthcare technology community and is slowly beginning to gain momentum in the way of media coverage and industry articles. If you’ve heard the term GDPR in the past few months and did not understand what it was referring to, know that you’re not alone. In fact,…

Read More

Cloud Security in Healthcare

Guest Blog by Yiannis Koukouras, TwelveSec in collaboration with the HIPAA One/Intraprise Health team In our culture, something or someone is always trending. Whether it be bell-bottom jeans in the ’70’s, playing Nintendo in the ’80’s or watching stock market go up and down (whenever!), trends are a lenses through…

Read More

Consequences for HIPAA Violations

A recent HHS Office for Civil Rights email blast outlined a story that many of us have heard before, another business closed with significant monies paid out in fines. Filefax, Inc. has agreed to pay $100,000 in order to settle potential violations of the HIPAA Privacy Rule. Once a medical records storage…

Read More

We’ve Helped Many Access the LADMF! Need Assistance?

Note: This information has been updated. To see the latest updates, read our most recent blog. Last May, we wrote a “How To” blog on the Social Security Limited Access Death Master File (LADMF) aka DMF and the response has been overwhelming! The Intraprise Health team is delighted by how…

Read More

Newly Released Whitepaper Co-Authored with Microsoft

We updated our Microsoft Whitepaper in November of 2021. For more recent information on the subject, click here. The concept of the “Internet of Things” (IoT) is becoming an increasingly growing topic of conversation as  more and more companies are interconnecting everyday objects around us to the internet, such as:…

Read More

PCI vs. HIPAA Compliance

A common question among covered entities that we encounter time and time again is, “What is the difference between PCI and HIPAA Compliance?” This question becomes even more frequent when news breaks of breaches in businesses that are PCI-compliant and HIPAA covered entities. According to a recent Identity Theft Resource Center data…

Read More

Need to Access the LADMF? We can help

Note: This information has been updated. You can read our latest LADMF blog here. In the world of HIPAA compliance, sometimes the only constant is change. It is not out of the norm for one of our clients to come to us with a question or request that at times,…

Read More

HIPAA Security Officer

Note: This blog was written a few years ago. For up-to-date information regarding HIPAA security and privacy officers, please read our most recent blog on the subject. The concept of a HIPAA Security Officer is relatively new. Starting in 2012,  we have seen IT Managers and CIOs deputized as the “HIPAA Security Officer”…

Read More

What is HR’s Role in HIPAA Compliance?

In recent years, many healthcare organizations have faced the same question: Which department should be tasked with Health Insurance Portability and Accountability Act (HIPAA) compliance? More times than not, the finger points to IT. However, in doing so, organizations are overlooking the key component Human Resources (HR) should play in…

Read More

OCR’s Updated HIPAA Audit Program – What you need to know

Note: This blog was written a few years ago and there have been changes to HIPAA audit protocols not reflected here. For more up-to-date information, check out our more recent blogs, or contact us for a quick call. With the pinnacle of patient breaches hopefully behind us (e.g. Anthem/WellPoint breach,…

Read More

7 Ways Employees Can Help Prevent HIPAA Violations

There are several qualities of working in healthcare that are not dissimilar from other careers in other industries. You need to come into work on time, work hard while clocked in, get along with the other staff members, be a good representative of your company and so on. But there’s…

Read More

HIPAA Compliance For Dental Offices

Today, most dental offices run electronically. From having patients fill out forms to checking them in to appointments to filing dental records and more, it’s all done electronically. Why? Because the advancements of technology allow dentists to run their offices more efficiently than ever before. But since we live in…

Read More

5 Most Common HIPAA Privacy Violations

The HIPAA Privacy Rule was put in place to provide rights to access and amend our protected health information, appropriate disclosures and help reduce fraud, waste and abuse. If your facility and its network aren’t HIPAA compliant, the costs may be significantly higher than taking action. HIPAA compliance violations erode…

Read More

What’s The Difference Between A Covered Entity & Business Associate?

Knowing the distinction between a covered entity and a business associate is essential because the Health Insurance Portability and Accountability Act Privacy Rule is administered differently between the two. If you understand the difference, then you understand who has access to your medical data and what authority they possess to…

Read More