Did you know? OCR has a new Risk Analysis Enforcement Initiative

HIPAA Summit 41 OCR risk analysis enforcement

View OCR Director Melanie Fontes Rainer’s presentation deck here. At the HIPAA Summit 41 in late February, she spoke on “spoke on recent OCR rulemakings, trends in health data breaches, recent HIPAA enforcement actions, new HIPAA enforcement initiatives (think risk analysis enforcement), best practices, and available cybersecurity resources to improve the protection and security of … Read more

How is OCR handling Women’s Reproductive Healthcare challenges as relates to PHI?

OCR PHI and reproductive health

With every new headline about women’s reproductive health, providers and patients have been left wondering what’s next legally. Will they be protected or prosecuted? The answer could be down to interpretation of HIPAA’s Privacy Rule. To that end, OCR’s taken the position of clarification and strengthening PHI protections from the HIPAA perspective. On April 12, … Read more

How Do You Weigh Vendor Risk Exposure?

vendor risk exposure risk management

When it comes to vendor risk exposure and its management, you need to know how to implement a proper program that aligns with HIPAA compliance. Because whether you’re talking Cloud Service Providers or others, a solid vendor risk management program is key to potentially how well your organization can avoid a serious PHI security incident. … Read more

How can you assure remote employees’ HIPAA compliance?

remote workers hipaa compliance essentials

Remember the days of “Never gonna happen” when people wanted to work from home, even occasionally?  All the compliance focus was on what was happening at the office, or during business travel. Then came the pandemic, and the organizations that would have fallen on their swords to prohibit all remote work for coders, or customer … Read more

With Eyes Wide Open: How to Manage Vendor Compliance Liability

manage vendor compliance liability

Ever feel like your efforts to avoid compliance liability just turned into a game of hot potato? Is it a vendor responsibility (business associate or other third party) or yours? Consider cloud service providers (CSPs) as an example. Maintaining HIPAA compliance brings unique challenges to anyone working in or with the cloud. Don’t assume your … Read more

Are Business Associates Taking the Hit for CEs?

HIPAA and business associates

Looks like it could be a thing. All business associates (BAs), from super small, like small agency web hosting companies or medical transcriptionists, to large TPAs or data aggregation services, need to pay attention.  The recent settlement of Jelly Bean Communications LLC with the Department of Justice – yes, you read that right, the DOJ … Read more

New NPRM Makes Changes Geared to Reproductive Privacy Under HIPAA

NPRM relates to reproductive privacy under HIPAA

You’ve likely heard by now that the Office for Civil Rights (the OCR) published a Notice of Proposed Rulemaking (NPRM) on April 17, 2023, that makes changes to the HIPAA Privacy Rule to promote reproductive privacy (see the HHS Fact Sheet). The new NPRM makes changes related to uses and disclosures, and Notices of Privacy … Read more

What the End of PHE Means to Telehealth Services

telehealth services after PHE

Hello everyone!  The White House just announced that the COVID-19 Public Health Emergency (PHE) will end on May 11, 2023. This directly affects how telehealth services can be delivered. If you haven’t blocked out all memories of Spring 2020, you may recall that the Office for Civil Rights issued a Notice of Enforcement Discretion on … Read more

Apgar & Associates Achieves HITRUST® Readiness Licensee Designation

Apgar and associates-Logo

Designee builds on commitment to furthering excellence in the healthcare sector’s information security and privacy programs. PORTLAND, Ore., October 12, 2022 (Newswire.com) – Apgar & Associates, LLC today announced that it is designated as a HITRUST Readiness Licensee. With this achievement, Apgar & Associates is approved by HITRUST to perform consulting and readiness work for organizations looking … Read more

Chris Apgar Posthumously Honored with AHIMA Triumph Influencer Award

Chris Apgar, CISSP Information Security

Apgar and Associates is honored to announce that our late founder, Chris Apgar, CISSP C-CISO is the recipient of the AHIMA Triumph Award in the Influencer category. The award category, formerly known as the Literary Legacy Award, honors individuals or groups who have made significant contribution to the knowledge base of the Health Information field … Read more