Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization’s network or information technology environment. The primary goal of access control is to protect sensitive information, maintain the confidentiality, integrity, and availability of data, and prevent unauthorized users from gaining access to resources.  The Three Categories of Access Control Authentication: Authentication is the process of verifying the identity of a user or system attempting to access a resource. Common m ..read more

As 2023 unfolds, the urgency for entities in the healthcare sector to initiate or reinforce their HIPAA compliance cannot be overstated. This isn’t just about ticking off a checklist; it’s about safeguarding the future of your organization, whether you’re a medical practice, a health insurance agent, a self-funded employer, or a business associate in the healthcare realm. 1. Prove Your Due Diligence The decision to postpone setting up comprehensive policies, procedures, and HIPAA training could be detrimental. Particularly for entities established or becoming self-funded in 2023, immediate act ..read more

In the ever-evolving landscape of data security and privacy, two key frameworks have emerged as significant players: HIPAA and NIST. Both emphasize the importance of safeguarding sensitive information, but they have key differences in their scope, mandate, and enforcement. In this blog post, we’ll explore the similarities and differences between these two frameworks. Similarities: Focus on Security and Privacy: HIPAA (Health Insurance Portability and Accountability Act) and NIST (National Institute of Standards and Technology) share a common emphasis on the security and privacy of data. HIPAA ..read more

Organizations are responsible for protecting their employees’ personal information. This is regulated under different laws, and by different state and federal agencies. Depending on the kinds of health benefits provided to employees, there are some different regulatory items HR needs to be aware of.  HIPAA applies to employers when the organization has a self-funded or level-funded health plan. In all other cases health information confidentiality falls under the purview of Americans with Disabilities Act (ADA) and/or Family Medical Leave Act regulations. In most cases, the responsibilit ..read more

Culture takes shape in every type of organization, whether it’s a business or a sports team. This happens as certain behaviors become the norm, whether by design or by accident. Prosperous companies make deliberate choices about the qualities they want their team members to have, and they work on nurturing common attitudes and behaviors that align with their mission. They also discourage any tendencies that might hinder the company’s objectives. It’s becoming more crucial for organizations to promote a strong commitment to safeguarding sensitive data. When a company effectively communicates th ..read more

In the world of healthcare, patient privacy and data confidentiality are of utmost importance. To ensure the protection of sensitive information related to Substance Use Disorder (SUD) patients, the US Department of Health and Human Services and The Substance Abuse and Mental Health Services Administration (HHS and SAMHSA) collaborated to create the HIPAA Drug and Alcohol Records Law, also known as 42 CFR Part 2. This law outlines the guidelines for handling patient consent and the sharing of SUD-related Protected Health Information (PHI). In this blog post, we will delve into the key aspects ..read more

Who does this apply to? In the extensive world of rules and regulations related to HIPAA, it’s crucial to have a clear grasp of specific rules for both legal and ethical reasons. Section 45 CFR § 160.402 is often referred to as the “Common Agency Provision.” This rule serves as a central reference point for organizations that are subject to the Health Insurance Portability and Accountability Act (HIPAA). All covered entities and their business associates should understand what the “Basis for a Civil Money Penalty” means. Breaking it Down The Common Agency Provision is part of the Code of Feder ..read more

What is AI? Artificial intelligence is the science of making machines that can learn, similar to the ways humans do. AI technology can process large amounts of data in ways that humans can’t. Machines and programs that incorporate AI in their design are able to recognize patterns and make decisions based on their experience of a dataset and therefore their ability to predict what would come next in a pattern. How does AI work? From the SAS institute: “AI adapts through progressive learning algorithms to let the data do the programming. AI finds structure and regularities in data so that algori ..read more

There are many scenarios in business and healthcare in which PHI is moved and shared. In the 1990s a lot of this happened over fax machines, over the phone and in person. In the modern landscape software and the internet are used to manage all data including protected health information. As you probably already know, these transactions require Business Associate Agreements. The BAA transfers responsibility for the PHI from the covered entity to the associate handling it. This is often an EHR, email provider, pharmacy, printer or some other service provider or individual that is managing and no ..read more

In the world of healthcare, patient privacy and data confidentiality are of utmost importance. To ensure the protection of sensitive information related to Substance Use Disorder (SUD) patients, the US Department of Health and Human Services and The Substance Abuse and Mental Health Services Administration (HHS and SAMHSA) collaborated to create the HIPAA Drug and Alcohol Records Law, also known as 42 CFR Part 2. This law outlines the guidelines for handling patient consent and the sharing of SUD-related Protected Health Information (PHI). In this blog post, we will delve into the key aspects ..read more