HIPAA

A covered entity shall, following the discovery of a breach of unsecured protected health information, notify each individual whose unsecured protected health i…

A covered entity may disclose protected health information to a business associate and may allow a business associate to create, receive, maintain, or transmit …

Except as otherwise provided, an individual has a right of access to inspect and obtain a copy of protected health information about the individual in a designa…

A covered entity must make reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disc…

A covered entity must provide a notice of its privacy practices. The notice must describe the uses and disclosures of protected health information the covered e…

A covered entity may not use or disclose protected health information, except as permitted or required by this subpart. A covered entity is permitted to use or …

Implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected heal…

A covered entity or business associate must: ensure the confidentiality, integrity, and availability of all electronic protected health information; protect aga…

A covered entity must conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability…

A covered entity must train all members of its workforce on the policies and procedures with respect to protected health information as necessary and appropriat…

HIPAA Breach Notification: Who, When, and How A data breach involving protected health information (PHI) triggers mandatory notification obligations under the H…

HIPAA Business Associate Agreements: A Practical Guide A Business Associate Agreement (BAA) is one of the most critical compliance documents your organization …

HIPAA Security Rule: Risk Analysis Step-by-Step The HIPAA Security Rule requires covered entities and business associates to conduct and document a thorough ri…

HIPAA Workforce Training: Requirements and Best PracticesHIPAA compliance isn't a one-time checkbox. It's an ongoing commitment that requires your entire workfo…

IntroductionIncident response planning is not optional under modern data protection frameworks. HIPAA, GDPR, and PCI-DSS each impose mandatory breach notificati…

Vendor Risk Management Under GDPR and HIPAA Managing vendor risk in regulated industries requires a dual-framework approach. Whether you operate under GDPR, HIP…

This checklist ensures your organization complies with HIPAA Breach Notification Rule requirements (45 CFR §§ 164.400-414) when a breach of unsecured protected …

This checklist ensures new employees receive required HIPAA training and understand their obligations to protect patient privacy and security. HR must complete …

This checklist provides IT and security teams with concrete, actionable steps to ensure compliance with the HIPAA Security Rule (45 CFR Parts 160 and 164). Each…

HHS OCR reached a $3 million settlement with Advocate Aurora Health, an Illinois-based healthcare system, for HIPAA violations related to the use of tracking te…

HHS OCR settled with Banner Health for $1.25 million following a 2016 data breach affecting approximately 2.9 million individuals. Attackers gained access to Ba…

HHS OCR imposed a $480,226 civil money penalty on Lafourche Medical Group for failure to conduct a HIPAA risk analysis. A phishing attack resulted in unauthoriz…