HIPAA, Security Incidents, and Reportable Events

May 11, 2023 Lazarus Alliance 0 Comment

In the interconnected world of digital health information, safeguarding Protected Health Information is paramount. Healthcare providers must legally follow the Health Insurance Portability and Accountability Act (HIPAA) to protect patient privacy and maintain trust, and this compliance includes understanding what it means to identify and deal with security incidents.

Among these, the concepts of security incidents, reportable events, and the implementation of the Breach Notification Rule are particularly critical. These aspects of HIPAA are at the heart of ensuring that health information remains confidential and that violations are promptly addressed and communicated appropriately.

This article explains the obligations of HIPAA-covered entities and their business associates under the Breach Notification Rule regarding reportable events. We will explore how to identify security incidents, determine their severity, ascertain if they constitute a reportable event, and understand the necessary steps for notification during a breach.

What Are the Proposed Rule Changes to HIPAA Coming in 2023?

May 3, 2023 Lazarus Alliance 0 Comment

In response to changes in the medical industry due to COVID-19, the Department of Health and Human Services (HHS) and Substance Abuse and Mental Health Services Administration (SAMHSA) have put forth a Notice of Proposed Rulemaking to streamline how doctors can access mental health information.

This article will discuss this rule change and why it seeks to address the gaps between HIPAA disclosure and mental health information protections.

What Are the Penalties for HIPAA Violations?

Jun 2, 2022 Lazarus Alliance 0 Comment

In October of 2015, the Excellus Health Plan suffered what was the largest HIPAA data breach of the year, with some 9.5 million patient records compromised. An investigation concluded in January 2021, stating that Excellus had five critical violations of HIPAA, including a failure to conduct risk analysis, implement sufficient network security measures and enact data security policies around data and access controls.

The Office of Civil Rights (OCR) settled with Excellus for $5.1 million from the five violations found and after years of audits and investigations.

Don’t let this become your story if you are working in the healthcare sector. Understand compliance and penalty structures.