HIPAA/GDPR Compliance

The Health Insurance Portability and Accountability Act (HIPAA) was signed into law by President Bill Clinton in 1996. Follow its introduction, HIPAA’s primary function was to address the issue of healthcare coverage for individuals between jobs. Prior to HIPAA, workers that were temporarily without pay could find themselves without healthcare coverage, and therefore potentially unable to access important medical treatment. HIPAA introduced new protections for people in this situation, and still maintains this function to this day.

For businesses that collect, process, or store data relating to EU data subjects, it is important to understand the difference between a GDPR representative and a DPO (Data Protection Officer). The failure to appoint the right person in the right role can lead to penalties for non-compliance with GDPR.

Many covered entities have criticized the HIPAA training requirements as being very light on detail, and unclear as to exactly what training must be provided to employees.

How often is HIPAA Training required? The HIPAA training requirements are a little vague. Here we explain the industry best practice for training to comply with both the HIPAA Privacy and Security Rule.

Since HIPAA was introduced in 1996, Business Associates had a contractual obligation to guarantee the integrity of PHI, but no legal requirement. With the introduction of the HITECH Act 2009, Business Associates now had the same legal requirement to adhere with HIPAA and HITECH as Covered Entities...

All employees at an organisation which handles the sensitive healthcare information of patients should be familiar with HIPAA. This article outlines some of the most essential aspects of HIPAA and offers recommendations on how to conduct employee training courses.

The General Data Protection Regulations (GDPR) were introduced into EU law on May 25th 2018. The regulations were designed to give individuals in the EU control over their data by changing how the data can be collected, used, and stored by those who handle the information.

A good place to start for many US companies is to take a comprehensive GDPR audit on their data. A report should be produced regarding the methods by which the data was obtained, for what purpose the data was collected, how the data is stored, and if the data is still needed by the company.

Neither Act is more important than the other. Covered Entities and Business Associates, since the HITECH Act 2009, must obey the stipulations within both Acts if they create, use, transmit or store Protected Health Information.

Patient rights are an important aspect of the HIPAA Rules and the HHS’ Office for Civil Rights has been cracking down on noncompliance. It is important for employees to be made aware of patient rights under HIPAA to prevent noncompliance and HIPAA fines.

The HIPAA Security Rule training requirements call for a security awareness and training program to be implemented “for all members of its workforce (including management).”

HIPAA refresher training for the workforce is required by both the HIPAA Privacy and Security Rules. Here we explain the requirements for these periodic training sessions.

Since HIPAA was introduced in 1996, Business Associates had a contractual obligation to guarantee the integrity of PHI, but no legal requirement.

Introduced on September 1, 2012, Texas House Bill 300 (HB 300) expands the existing privacy requirements of the Texas Medical Records Privacy Act to any individual or organization that has access to the Protected Health Information (PHI) or Sensitive Personal Information (SPI) of any Texas resident – irrespective of where the individual, organization, or resident is located in the world.

Many covered entities have criticized the HIPAA training requirements as being very light on detail, and unclear as to exactly what training must be provided to employees.

The HHS’ Office for Civil Rights has imposed 8 financial penalties on HIPAA-covered entities and business associates in the first 6 months of 2021, with the fines totaling $5,570,000.

HIPAA training for employees: A summary of the HIPAA privacy rule and Security Rule requirements for HIPAA-covered entities and their business associates.

HIPAA Legislation was established to protect a patient’s personal information. Organisations and their associates must ensure proper HIPAA training to prevent the unlawful sharing of patient data.

How often is HIPAA Training required? The HIPAA training requirements are a little vague. Here we explain the industry best practice for training to comply with both the HIPAA Privacy and Security Rule.

Virtually all businesses, non-profits, and educational institutions are required to retain email data, but what is the legal recommended email archiving retention period? In this post we will explain how long you should be arching your emails and how this differs based on email content.

To ensure full HIPAA compliance, covered entities and their business associates must ensure that all employees have adequate training in the secure handling of patient information.

Introduced on September 1, 2012, Texas House Bill 300 (HB 300) expands the existing privacy requirements of the Texas Medical Records Privacy Act to any individual or organization that has access to the Protected Health Information (PHI) or Sensitive Personal Information (SPI) of any Texas resident – irrespective of where the individual, organization, or resident is located in the world.

Many covered entities have criticized the HIPAA training requirements as being very light on detail, and unclear as to exactly what training must be provided to employees.

Due to there being few HIPAA training requirements, covered entities should consider how best to provide employees with an adequate knowledge of HIPAA

Virtually all businesses, non-profits, and educational institutions are required to retain email data, but what is the legal recommended email archiving retention period? In this post we will explain how long you should be arching your emails and how this differs based on email content.