
A blog dedicated to keeping pro-life organizations in the know about all things HIPAA, updates to this website, and any other information that impacts your mission.

New Features: Deleting Users and More
I try very hard to implement feedback from both Group Leaders and users. Recently a Group Leader expressed the desire to have more control over deleting users. Getting this type…

HHS Restructures OCR to Handle Increased HIPAA Complaints
It should not come as a surprise that on February 27, 2023 HHS announced three new divisions within the Office of Civil Rights (OCR): An Enforcement Division, a Policy Division,…

HHS Office for Civil Rights Delivers Annual Reports to Congress on HIPAA Compliance and Breaches of Unsecured Protected Health Information
The HHS Office of Civil Rights (OCR) provided Congress with two reports for 2021 regarding HIPAA Privacy, Security, and Breach Notification Rule Compliance and Breaches of Unsecured Protected Health Information. These reports…

New Bill to Strengthen HIPAA Protections for Patients Seeking Reproductive Healthcare
US Senators Michael Bennet (D-CO) and Mazie Hirono (D-HI) introduce the Secure Access for Essential Reproductive (SAFER) Health Act. The act aims to strengthen HIPAA protections; as a result, it…

How to Dispose of Electronic Protected Health Information Under HIPAA
Improper disposal of either paper or electronic protected health information is a HIPAA violation. HIPAA requires organizations to implement and follow administrative, technical, and physical safeguards. These types of violation…

How to Dispose of Paper Protected Health Information Under HIPAA
Disposing of paper protected heath information (PHI), such as medical records needs to be done in a HIPAA compliant way. It is important to implement and follow administrative, technical, and…

HHS OCR Issues Bulletin on Requirements under HIPAA for Online Tracking Technologies
The bulletin highlights the obligations of covered entities and business associates when using online tracking technologies like Google Analytics or Meta Pixel. These technologies are designed to collect and analyze…

FBI Reports Hive Ransomware Actors Have Extorted Over $100M From Victims
The Federal Bureau of Investigations (FBI) warns of ongoing malicious activity by the notorious Hive ransomware gang. The Hive ransomware gang has extorted more than $100 million from its victims,…

Former Methodist Hospital Employees Charged with HIPAA Violations
The US Attorney’s Office for the Western District of Tennessee announced the indictment of five former employees of a Tennessee-based Methodist Hospital for committing HIPAA violations. The five have been…

The OCR Releases Video on Recognized Security Practices Under HITECH
In recognition of National Cybersecurity Awareness Month the OCR produced a video for organizations covered under the HIPAA Rules on ‘Recognized Security Practices.’ Recommended security practices can help your organization…

American Data Privacy and Protection Act (ADPPA) Requirements
For organization’s not required to comply with HIPAA – you will soon have very similar requirements imposed if the American Data Privacy and Protection Act (ADPPA) becomes law. The ADPPA…

How the American Data Privacy and Protection Act Could Impact Your Organization
The following article written by HealthIT Security highlights the American Data Privacy and Protection Act (ADPPA). This legislation should not be a surprise to anyone. The comprehensive nature of the…

HIPAA Changes are Coming….Are They Really?
The OCR published a request for information in December of 2018. There was an extension on comments for the interim final rule in first half of 2020. Every year I…

California State Legislature Passes AB1242 to Protect Abortion Data Privacy
Meta’s role in a Nebraska investigation into a mother-daughter pair who performed an abortion more than 20 weeks after fertilization, which is illegal in Nebraska is making both the federal…

Yelp Targets Misleading Medical Information in Abortion Access
Yelp plans to provide users seeking abortion access a notice that the business they are viewing is a crisis pregnancy center and unlikely to provide abortion services or other medical…

Abortion and EMTALA?
The Emergency Medical Treatment and Labor Act, or EMTALA was enacted in 1986. EMTALA ensures public access to emergency services regardless of a person’s ability to pay. EMTALA applies to…

New Feature: User Quiz Review
I try very hard to implement feedback from both Group Leaders and users. Recently a user reached out asking if she could review a quiz she had just taken. So…

HHS Announces Proposed Rule to Strengthen Nondiscrimination in Health Care
The Department of Health and Human Services continues to broaden its reach and impact through civil rights enforcement. You can download the 308 page proposed rule that was released July…

Statement by HHS Secretary Xavier Becerra on President Biden’s Executive Order to Protect Access to Reproductive Health Care
This article is taken directly from an email received from the Department of Health and Human Services as a way to keep you up to date regarding the actions taken…

HHS Issues Guidance to Protect Patient Privacy in Wake of Supreme Court Decision on Roe
This article is taken directly from an email received from the Department of Health and Human Services as a way to keep you up to date regarding the actions taken…

Sharing Protected Health Information
There are six instances when it is appropriate for a covered entity to use and disclose protected health information (PHI) without a client’s authorization. First, a covered entity or business…

Defeating the ‘Fake Clinic’ Argument by Creating a Culture of Compliance
Many from the pro-choice perspective argue against the legitimacy of pregnancy centers by stating they are ‘fake clinics that don’t even have to abide by HIPAA’. For example, the AMA…

Information Blocking and HIPAA
The 21st Century Cures Act (Cures Act) was passed by congress in 2016. The Act contains several healthcare reforms. One of the main objectives of the Cures Act was to…

What About This Transaction
45 CFR 162.1101: Health care claims or equivalent encounter information transaction is either of the following: a) A request to obtain payment, and necessary accompanying information, from a health care provider…

RFI HITECH
On April 7, 2022, The Office for Civil Rights (OCR) issued a request for information (RFI) seeking feedback on two requirements under the Health Information Technology for Economic and Clinical Health Act (HITECH). Recall…

OCR: Complying With the HIPAA Security Rule Substantially Prevents and Mitigates Most Cyberattacks
The OCR announced in its March 2022 Cybersecurity Newsletter that compliance with the HIPAA Security Rule can both prevent and mitigate cyberattacks. Healthcare hacking incidents have steadily increased throughout 2020…

5 Barriers to Secure Email Communication
1. Cumbersome email technology HIPAA compliant email requires encryption. Email encryption services go about encryption differently. Some email encryption services require recipients to login to a portal, which means creating…

HIPAA Business Associates
HIPAA requires covered entities to have a business associates agreement in place with business associates that interact with an organization’s protected health information. A business associate agreement ensures that the business associate will follow the…

Common HIPAA Violations Part 2
Impermissible Uses and Disclosures While the failure to conduct or complete a security risk assessment is the most common violation for organizational behavior, the most common violation for individuals are…

Common HIPAA Violations Part 1
Security Risk Assessment The HIPAA Security Rule requires organizations to conduct a Security Risk Assessment, also called a security risk analysis. When it comes to HIPAA violations, the failure to…

Changes to the HIPAA Privacy Rule: HIPAA Update
The proposed changes from the RFI issued December 2018 include: strengthening individuals’ right to access their own health information improving information sharing for care coordination and case management for individuals…

The Amendment to the HITECH Act
Congress amended the Health Information Technology for Economic and Clinical Health (HITECH) Act to require the Secretary of Health and Human Services to consider certain recognized security practices of covered…