
A blog dedicated to keeping pro-life organizations in the know about all things HIPAA, updates to this website, and any other information that impacts your mission.

HHS Plans to Prioritize Healthcare Cybersecurity
The Department of Health and Human Services indicates they will prioritize cybersecurity over the next two years. Below is the article in full from HealthItSecurity outlining the announcement including links…

Updated Security Risk Assessment Tool 3.4 Now Available
The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) at the U.S. Department of Health and Human Services (HHS) announced the…

What is the Health Breach Notification Rule and Who Does It Apply To?
In an article from HealthItSecurity, the Federal Trade Commission’s Health Breach Notification Rule applies to vendors of personal health records, including health apps and other non-HIPAA-covered entities. Below is their…

Rhysida Ransomware Emerges as Latest RaaS Threat Group
In an article from HealthItSecurity, Rhysida, new ransomware-as-a-service group leverages phishing and Cobalt Strike exploits to access victim networks and deploy ransomware. Below is their article in full including a…

June 2023 HHS OCR Cybersecurity Newsletter
The Office of Health and Human Services Office of Civil Rights published their Quarterly Cybersecurity newsletter discussing HIPAA and Cybersecurity Authentication. Below is the newsletter in its entirety as well…

Snooping Into Medical Records is Expensive
The following is a report from the the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR). The OCR “announced a settlement with Yakima Valley Memorial Hospital,…

An Even Place Podcast
I had the blessed opportunity to talk with Mindy Lefaucheur Friday, 9, 2023 about HIPAA and other activity at the federal level. Below is part one of our time together…

Responding to Negative Online Comments. Is it worth it?
On June 5, 2023, HHS reached a settlement agreement with a New Jersey psychiatry practice that included, amongst other requirements, a fine of $30,000 to settle a complaint about an…

Protecting Patient Data: The Importance of Cybersecurity in Healthcare
The following article is taken from a recent article written by KnowBe4, which does an excellent job explaining the importance of cybersecurity as well as outlining some practices to implement…

New York Attorney General Fines Practicefirst $550K For Failure to Protect Health Records
It appears that the New York Attorney General Letitia James is becoming more aggressive regarding the protection of health records. On May 25, 2023 AG Letitia James fined practice management vendor Practicefirst…

Healthcare Organizations Face Increased Scrutiny
An increase in hacking incidents, new regulatory requirements and compliance initiatives due to Dobbs and Pixel use, and lawsuits against healthcare organizations over privacy violations are soaring. HIPAA-regulated entities and other organizations…

HHS Cybersecurity Task Force Provides New Resources to Help Address Rising Threat of Cyberattacks in Health and Public Health Sector
On April 17th, “The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of the following resources to help address cybersecurity concerns in the Healthcare and…

RFI HIPAA Privacy Rule
On April 12th, the Office of Health and Human Services (HHS) published a Notice of Proposed Rule Making (NPRM) to seek comments regarding modifications to the HIPAA Privacy Rule ‘to…

New York….oh New York
Is anyone watching New York, besides New Yorkers? The Albany Update reports, “Over the past year, the New York State Legislature and Gov. Kathy Hochul have worked together to pass…

New Features: Deleting Users and More
I try very hard to implement feedback from both Group Leaders and users. Recently a Group Leader expressed the desire to have more control over deleting users. Getting this type…

HHS Restructures OCR to Handle Increased HIPAA Complaints
It should not come as a surprise that on February 27, 2023 HHS announced three new divisions within the Office of Civil Rights (OCR): An Enforcement Division, a Policy Division,…

HHS Office for Civil Rights Delivers Annual Reports to Congress on HIPAA Compliance and Breaches of Unsecured Protected Health Information
The HHS Office of Civil Rights (OCR) provided Congress with two reports for 2021 regarding HIPAA Privacy, Security, and Breach Notification Rule Compliance and Breaches of Unsecured Protected Health Information. These reports…

New Bill to Strengthen HIPAA Protections for Patients Seeking Reproductive Healthcare
US Senators Michael Bennet (D-CO) and Mazie Hirono (D-HI) introduce the Secure Access for Essential Reproductive (SAFER) Health Act. The act aims to strengthen HIPAA protections; as a result, it…

How to Dispose of Electronic Protected Health Information Under HIPAA
Improper disposal of either paper or electronic protected health information is a HIPAA violation. HIPAA requires organizations to implement and follow administrative, technical, and physical safeguards. These types of violation…

How to Dispose of Paper Protected Health Information Under HIPAA
Disposing of paper protected heath information (PHI), such as medical records needs to be done in a HIPAA compliant way. It is important to implement and follow administrative, technical, and…

HHS OCR Issues Bulletin on Requirements under HIPAA for Online Tracking Technologies
The bulletin highlights the obligations of covered entities and business associates when using online tracking technologies like Google Analytics or Meta Pixel. These technologies are designed to collect and analyze…

FBI Reports Hive Ransomware Actors Have Extorted Over $100M From Victims
The Federal Bureau of Investigations (FBI) warns of ongoing malicious activity by the notorious Hive ransomware gang. The Hive ransomware gang has extorted more than $100 million from its victims,…

Former Methodist Hospital Employees Charged with HIPAA Violations
The US Attorney’s Office for the Western District of Tennessee announced the indictment of five former employees of a Tennessee-based Methodist Hospital for committing HIPAA violations. The five have been…

The OCR Releases Video on Recognized Security Practices Under HITECH
In recognition of National Cybersecurity Awareness Month the OCR produced a video for organizations covered under the HIPAA Rules on ‘Recognized Security Practices.’ Recommended security practices can help your organization…

American Data Privacy and Protection Act (ADPPA) Requirements
For organization’s not required to comply with HIPAA – you will soon have very similar requirements imposed if the American Data Privacy and Protection Act (ADPPA) becomes law. The ADPPA…

How the American Data Privacy and Protection Act Could Impact Your Organization
The following article written by HealthIT Security highlights the American Data Privacy and Protection Act (ADPPA). This legislation should not be a surprise to anyone. The comprehensive nature of the…

HIPAA Changes are Coming….Are They Really?
The OCR published a request for information in December of 2018. There was an extension on comments for the interim final rule in first half of 2020. Every year I…

California State Legislature Passes AB1242 to Protect Abortion Data Privacy
Meta’s role in a Nebraska investigation into a mother-daughter pair who performed an abortion more than 20 weeks after fertilization, which is illegal in Nebraska is making both the federal…

Yelp Targets Misleading Medical Information in Abortion Access
Yelp plans to provide users seeking abortion access a notice that the business they are viewing is a crisis pregnancy center and unlikely to provide abortion services or other medical…

Abortion and EMTALA?
The Emergency Medical Treatment and Labor Act, or EMTALA was enacted in 1986. EMTALA ensures public access to emergency services regardless of a person’s ability to pay. EMTALA applies to…

New Feature: User Quiz Review
I try very hard to implement feedback from both Group Leaders and users. Recently a user reached out asking if she could review a quiz she had just taken. So…

HHS Announces Proposed Rule to Strengthen Nondiscrimination in Health Care
The Department of Health and Human Services continues to broaden its reach and impact through civil rights enforcement. You can download the 308 page proposed rule that was released July…

Statement by HHS Secretary Xavier Becerra on President Biden’s Executive Order to Protect Access to Reproductive Health Care
This article is taken directly from an email received from the Department of Health and Human Services as a way to keep you up to date regarding the actions taken…

HHS Issues Guidance to Protect Patient Privacy in Wake of Supreme Court Decision on Roe
This article is taken directly from an email received from the Department of Health and Human Services as a way to keep you up to date regarding the actions taken…

Sharing Protected Health Information
There are six instances when it is appropriate for a covered entity to use and disclose protected health information (PHI) without a client’s authorization. First, a covered entity or business…

Defeating the ‘Fake Clinic’ Argument by Creating a Culture of Compliance
Many from the pro-choice perspective argue against the legitimacy of pregnancy centers by stating they are ‘fake clinics that don’t even have to abide by HIPAA’. For example, the AMA…

Information Blocking and HIPAA
The 21st Century Cures Act (Cures Act) was passed by congress in 2016. The Act contains several healthcare reforms. One of the main objectives of the Cures Act was to…

What About This Transaction
45 CFR 162.1101: Health care claims or equivalent encounter information transaction is either of the following: a) A request to obtain payment, and necessary accompanying information, from a health care provider…

RFI HITECH
On April 7, 2022, The Office for Civil Rights (OCR) issued a request for information (RFI) seeking feedback on two requirements under the Health Information Technology for Economic and Clinical Health Act (HITECH). Recall…