Government agencies – state and federal – have spent the past several months trying to get healthcare’s attention about cybersecurity and simple steps that organizations can take to reduce their risk of ransomware (aka minimize risk). “There are known knowns; there are things we know we know. We also know there are known unknowns; that … Read more
Interested in some (thankfully) non-pandemic related news? New York State’s SHIELD Act is in effect as of March 21, 2020. The SHIELD Act (Stop Hacks and Improve Electronic Data Security Act) takes several actions, including: broadening the definition of “Private Information”, expanding the definition of breach, and expanding the reach of the law to include … Read more
As things ease up, and slowly people return to the office, what steps do you need to take to make sure data and devices are secure? It’s not quite a reversal of what covered entities (CE) and business associates (BA) went through when everyone who was non-essential was required to go to remote work, but … Read more
On April 2, 2020, the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) announced that effective immediately, it will exercise its enforcement discretion and will not impose penalties for violations of certain provisions of the HIPAA Privacy Rule against health care providers or their business associates for the … Read more
Ever run into a vendor who claims to be a conduit versus a business associate (BA)? It happens all too often, in my experience. Here’s the problem: the conduit exception is a narrow one. If you’re storing PHI data, even encrypted PHI where you don’t have the encryption key, you’re a BA. Sign the Business … Read more
A brief recap: The California Consumer Privacy Act (CCPA) aims to give California consumers greater control over their personal information by imposing certain obligations on entities covered by the law. The CCPA takes effect January 1, 2020. And as we said in an earlier blog article, you don’t have to be a California-based business to … Read more
I’m often taken aback by some of the marketing material I receive from privacy and security training vendors. This is clearly a “buyer beware” moment. The review of a training vendor’s material can give you some insight into their credibility. Particularly if you’re already somewhat knowledgeable of the material that needs to be covered in … Read more
In most instances, HIPAA rules apply for adults and minors. That’s to say, the federal regulation sets the bar. HIPAA treats minors as adults when it comes to privacy rights if they’ve reached the age of informed consent except when state laws say otherwise. Some state laws permit or require disclosure to parents or guardians … Read more
When State law requirements are tougher than HIPAA, then it’s likely that the State law is the one you need to follow. When does it not? When it’s “contrary.” Then, it may be submitted for exemption – in other words, may be up for consideration to “trump” the federal regulations. However, it’s rare that a … Read more
While conducting a workshop focused on privacy, the question came up about what covered entities and business associates supporting covered entities can charge for an electronic copy of a patient’s designated record set (aka PHI). My answer to the audience was partially correct and partially wrong. The following is an excerpt from the preamble to … Read more
Apgar & Associates, LLC
7100 SW Hampton St #137
Tigard, OR 97223
503-384-2538
©Copyright 2023 Apgar and Associates. All rights reserved.
