In June 2023, the US. The Department of Health and Human Services (HHS) reached an agreement with Yakima Valley Memorial Hospital over a significant breach of privacy and security rules. Specifically, HHS found that several security guards had inappropriately accessed the private records of up to 419 patients. 

This settlement demonstrated administrative and internal security is essential to Covered Entities and Business Associates. We will discuss these controls and what they mean for HIPAA-regulated organizations. 

Read More

With modern computing increasingly moving into a mobile paradigm of remote workers, laptops, and smart devices, the threat to security in various industries is only increasing. This is no more true than in healthcare, where HIPAA breaches related to mobile devices are becoming more common. 

This article will discuss the HIPAA security rule, how it governs mobile devices in regulated settings, and how to minimize your attack surface and liability. 

Read More

In previous blog posts, we’ve discussed the role of technology and HIPAA (related explicitly to HITECH regulations). However, the growth of intelligent devices and the Internet of Things (IoT) has led to a sea change in how Covered Entities (CEs) and Business Associates (BAs) manage their patients. Likewise, it adds new wrinkles to how these organizations manage their compliance requirements under HIPAA. 

Here, we’ll discuss some of the overlaps between HIPAA requirements and risks posed by smart, IoT-based devices. 

Read More