It’s Your Call – December 2022

exit sign

OSHA: How many exit routes are necessary in the workplace? Per OSHA, at least two exit routes must be available for prompt and safe evacuation during an emergency, and these two routes must be located as far away from each other as practical. Single exit routes are permitted when the number of employees, building size, […]

It’s Your Call – November 2022

image that says true or false

HIPAA: True or False: If a practice has a website, a current copy of its HIPAA Notice of Privacy Practices (NPP) must be available there. True. The HIPAA Privacy Rule requires covered entities to post the current version of its NPP at a prominent location on their website. The Office for Civil Rights (OCR) clarified […]

Website Privacy Policies and HIPAA’s Notice of Privacy Practices

If you have spent any time on the Internet, you have been asked what you would like a website to do with its cookies. A cookie is information saved by your web browser. Cookies are like flags that allow a website to recognize and remember your device if you return to that site in the […]

OCR Right Of Access Enforcements – A Message to Dental Practices

OCR logo

The HHS Office for Civil Rights (OCR) recently settled three more investigations in the Right of Access Initiative it started in 2019. All three of the new enforcements involved dental practices, bringing the total number of access initiative enforcements to 41. The enforcements also come with a message directly to all dental practices from the […]

TMC Security Scout on Phishing

security scout doctor compliance

Of all the known cyberattacks that cause a data breach, phishing is the most expensive to remedy. A successful phishing attack most commonly reveals usernames and passwords, which paves the way to the data breach resulting in an average cost of $4.9m for victim organizations worldwide. The costs remain the highest in the healthcare industry […]

ALERT – Phishing Campaign

evernote phish 2

These phishing emails are targeting healthcare providers. The email has a subject of “(Victim Organization) (Date) Business Review” and utilizes a Secure Message theme. Inside of the email is a malicious link that takes the recipient to an Evernote site that looks like it belongs to the Victim Organization. On that site is an HTML […]

OCR’s COVID-19 Enforcement Discretions

OCR logo

Throughout the COVID-19 public health emergency that began in January of 2020, the Office for Civil Rights has issued several notifications of enforcement discretion for certain aspects of the HIPAA rules. This means that, for the topics covered, the OCR will not impose penalties for noncompliance with the HIPAA rules as long as the covered […]

Navigating Social Media, Online Reviews, & HIPAA

social media

No one likes a bad review. It is much more common for an unsatisfied customer to post a negative review than it is for a happy customer to post a positive review. Most business advice sites recommend responding to both good and bad reviews because it helps resolve issues and actually wins back customers. However, […]

Your Patients’ Right of Access

healthcare HIPAA enforcement update

The HIPAA Privacy Rule grants patients the right to access their health information in a way that is easy and affordable for them. Providers are required to give patients access to their health information. There are some exceptions, of course, so getting the process right can be as confusing as being in a house of […]

Beware of Malware Lurking in PDF Email Attachments

Beware of Malware Lurking in PDF Email Attachments

Most malware that is delivered as an email attachment is usually a Word (.docx) or Excel (.xlsx) file. Cybersecurity threat analysts have recently discovered that PDF attachments are now becoming more popular to distribute malware. Since many people have been trained to be suspicious of opening Word and Excel files, they are not as cautious […]