Report HIPAA Breaches Involving Fewer Than 500 Individuals by February 28! HIPAA & HITECH Act Blog by Jonathan P. Tomes
45 C.F.R. § 164.408 requires covered entities that discover a breach of unsecured protected health information (“PHI”) to notify the Secretary of Health and Human Services .. read more
New Wall of Shame Format: HIPAA & HITECH Act Blog by Jonathan P. Tomes
Before discussing the new format, note that almost 800 covered entities are now memorialized, so to speak, on the Big Breacher website (my name for .. read more
New Confidentiality Agreement with a Custodial Service Posted in Premium Member Section: HIPAA & HITECH Act Blog by Jonathan P. Tomes
We do not believe that a HIPAA covered entity or upstream business associate should enter into a business associate agreement (“BAA”) with a custodial service .. read more
What Are HIPAA Policies Worth? HIPAA & HITECH Act Blog by Jonathan P. Tomes
Another HIPAA blogger recently posted an article titled “What’s a good set of Policies and Procedures worth?” In the article, the blogger recounted that he .. read more
Do You Have a Patient Portal for Your Practice? HIPAA & HITECH Act Blog by Jonathan P. Tomes
About the time that I signed up to go through a patient portal to set up an appointment with my bone and joint doctor about .. read more
Do Not Create Your Policies without First Doing a Risk Analysis! HIPAA & HITECH Act Blog by Jonathan P. Tomes
Although I love it when people buy my sample policies to adapt to their situation, we sometimes get asked to comment on policies from our .. read more
OIG Slams DHHS Again for Not Enforcing HIPAA Adequately! HIPAA & HITECH Act Blog by Jonathan P. Tomes
On November 21, 2013, the Department of Health and Human Services (“DHHS”) Office of the Inspector General (“OIG”) issued another scathing report about the DHHS .. read more
Do Not Create Your Policies without First Doing a Risk Analysis! HIPAA & HITECH Act Blog by Jonathan P. Tomes
Although I love it when people buy my sample policies to adapt to their situation, we sometimes get asked to comment on policies from our .. read more
Can You Talk to the News Media? HIPAA & HITECH Act Blog by Jonathan P. Tomes with Guest Commentator Janet Wray
“A reporter’s on the phone!” What to do? What to say? How to say it? Talking to a reporter can be stressful, but the following .. read more
Covered Entity Hires Me to Respond to OCR Investigation—No Violation, Case Closed! HIPAA & HITECH Act Blog by Jonathan P. Tomes
A covered entity hired me to respond to an Office for Civil Rights (“OCR”) Complaint Investigation that alleged that the entity was not in compliance .. read more