HIPAA Compliance Blog

Recently, Department of Health and Human Services’ Office for Civil Rights Director Roger Severino signaled an end to the latest wave of HIPAA audits – but “no slowdown in our enforcement efforts.”

In order to prevent irreparable financial and reputational harm to your company, it’s worth having a healthy discussion with your employees about what is considered a breach of HIPAA. According to the U.S. Department of Health & Human Services (HHS), a breach of Protected Health Information (PHI) is defined as “an impermissible use or disclosure under the Privacy Rule that compromises the security or privacy of the protected health information.

According to the Healthcare Insurance Portability and Accountability Act (HIPAA), it is a violation of federal law for covered entities (including almost all physician offices) to disclose protected health information of patients. The scope of what is and isn’t protected health information can even lead to question the practice of obstetricians posting photos of newborns that they helped deliver.

Part of the Heath Insurance Portability and Accountability Act (HIPAA) that became law in 1996, the HIPAA Privacy Rule defined the part of the law that protects patients’ protected health information (PHI). Among organizations this rule applies to are health plans and providers who use electronic medical records (EMR) either internally or to invoice insurance companies.

HIPAA (the Health Insurance Portability and Accountability Act) became law in 1996 and revolutionized requirements and practices ensuring patient rights, privacy, and security. Instead of laws that were unclear or insufficient in some cases, HIPAA became federally mandated and regulated. However, the healthcare businesses that must comply have to navigate complex rules and make sure regulations are being followed.