PHI
Subscribe to PHI's Posts

The Toughest Problem Set: Navigating Regulatory and Operational Challenges on University Campuses

Because widespread, rapid COVID-19 testing remains unavailable in many locations, universities have had to find innovative ways to implement testing, tracing and isolation protocols to reduce the risk of transmission among students, faculty and staff. There is no one perfect protocol—all universities are in unchartered waters. But there are a few key components university administrators may want to consider and address.

Access the article.




Guidance on Ransomware Attacks under HIPAA and State Data Breach Notification Laws

The US Department of Health and Human Services has recently issued guidance under the Health Insurance Portability and Accountability Act on what covered entities and business associates can do to prevent and recover from ransomware attacks; however, other state data breach notification laws can also be triggered by a ransomware attack. The authors of this article explain the guidance and what to do if you are subject to a ransomware attack.

Read the full article here.




HIPAA Privacy and Security Compliance for Group Health Plan Sponsors

Joanna Kerpen authored an article on final HIPAA rules for privacy enforcement and audit programs, particularly those with additional requirements aimed at group health plan sponsors. This report focuses on the final regulations issued under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), in January 2013, HIPAA enforcement and audit programs, HIPAA-related additional requirements of group health plan sponsors, and the actions that must be taken by group health plan sponsors to ensure compliance with the final regulations and requirements and to prepare for potential audits and enforcement actions.

“The final HIPAA regulations made many changes to the existing HIPAA privacy and security rules that are applicable to covered entities,” Ms. Kerpen wrote, and she urged plan sponsors to conduct a comprehensive review of their compliance plans to prepare for audits or enforcement action.

Read the full article here.




OCR Launches Phase 2 HIPAA Audit Program with Pre-Audit Screening Surveys

HIPAA covered entities have reported that the HHS Office for Civil Rights recently sent pre-audit screening surveys to a pool of covered entities that may be selected for the previously delayed second phase of HIPAA compliance audits. This On the Subject describes the phase two audit program and identifies steps that covered entities and business associates should take to prepare for these audits.

Read the full article.




STAY CONNECTED

TOPICS

ARCHIVES