HIPAA: True or False: If a practice has a website, a current copy of its HIPAA Notice of Privacy Practices (NPP) must be available there. True. The HIPAA Privacy Rule requires covered entities to post the current version of its NPP at a prominent location on their website. The Office for Civil Rights (OCR) clarified […]
In a recent Google search for adjectives to describe the world’s experience with the SARS-CoV-2 virus and the illness COVID-19, there was quite a range of emotions voiced. Some of the descriptive terms included: frightening, enlightening, paralyzing, loss, fear, and gain. Whatever term or terms you might use, the word stressful does comes to mind. […]
If you have spent any time on the Internet, you have been asked what you would like a website to do with its cookies. A cookie is information saved by your web browser. Cookies are like flags that allow a website to recognize and remember your device if you return to that site in the […]
The HHS Office for Civil Rights (OCR) recently settled three more investigations in the Right of Access Initiative it started in 2019. All three of the new enforcements involved dental practices, bringing the total number of access initiative enforcements to 41. The enforcements also come with a message directly to all dental practices from the […]
OSHA: Does OSHA require our office to have written policies and protocols about workplace violence? OSHA has no specific standard for workplace violence. However, they could cite a facility under the General Duty Clause which requires employers to provide their employees with a place of employment that is “free from recognized hazards that are causing […]
OSHA: If we have an employee less than a year, are we obligated to keep their medical records? No, the medical record can be given to the worker upon termination if they were employed less than a year. Medical records would include medical and employment questionnaires, laboratory tests, pre-employment exams, first aid records, treatment descriptions […]
OSHA: How should our office prepare for persons who have been exposed to monkeypox? First and foremost, train your employees. They should be able to recognize the signs and symptoms of monkeypox. Wear the appropriate personal protective equipment (PPE) to prevent potential exposures and know how to treat. Symptoms are typically flu-like with a rash […]
Of all the known cyberattacks that cause a data breach, phishing is the most expensive to remedy. A successful phishing attack most commonly reveals usernames and passwords, which paves the way to the data breach resulting in an average cost of $4.9m for victim organizations worldwide. The costs remain the highest in the healthcare industry […]
These phishing emails are targeting healthcare providers. The email has a subject of “(Victim Organization) (Date) Business Review” and utilizes a Secure Message theme. Inside of the email is a malicious link that takes the recipient to an Evernote site that looks like it belongs to the Victim Organization. On that site is an HTML […]
Throughout the COVID-19 public health emergency that began in January of 2020, the Office for Civil Rights has issued several notifications of enforcement discretion for certain aspects of the HIPAA rules. This means that, for the topics covered, the OCR will not impose penalties for noncompliance with the HIPAA rules as long as the covered […]
