PHI Examples
PHI Examples HIPAA: 18 Identifiers You Must Protect
A Faxed Lab Report Sent to the Wrong Number Started It All A nurse at a mid-size clinic in Minnesota faxed a patient's
Carl B. Johnson
Healthcare Chief Information Security Officer (CISO), Virtual Privacy Officer and HIPAA Compliance Educator and National Speaker on Healthcare Privacy & Security
HIPAA Compliance Testing Services
HIPAA Compliance Testing Services: What Actually Works
The Audit That Costs Less Than the Breach A hospital system in Oregon thought its annual checklist was enough. Internal IT signed off every year.
Healthcare Emergency Management
Healthcare Emergency Management: HIPAA Rules Still Apply
The Hurricane That Exposed More Than a Hospital's Roof In 2017, Hurricane Harvey flooded a major Texas hospital system. Staff scrambled to evacuate
Electronic Health Records
What Act Outlines the Use of Electronic Health Records
In 2011, a small cardiology practice in Phoenix switched from paper charts to an electronic health record system. Within six months, an unencrypted laptop containing
Covered Entity vs Business Associate
Covered Entity vs Business Associate: Key Differences
A few years ago, I got a call from the CEO of a mid-sized billing company. His team had been processing claims for a hospital
EHR and HIPAA
EHR and HIPAA: What Every Practice Gets Wrong
A $4.3 Million Wake-Up Call Buried in an EHR Audit Log In 2023, the University of Texas MD Anderson Cancer Center lost its years-long
Who Regulates HIPAA
Who Regulates HIPAA? The Agencies Behind Enforcement
A Single Complaint to the Wrong Agency Can Cost You Months I got a call last year from a clinic administrator who had filed a
Technical Safeguards HIPAA
Technical Safeguards HIPAA: What Most Orgs Get Wrong
In 2018, the University of Texas MD Anderson Cancer Center lost a $4.3 million appeal after OCR found that unencrypted laptops and thumb drives
OSHA HIPAA
OSHA HIPAA: Where Workplace Safety Meets Patient Privacy
The Phone Call That Exposed a $1.7 Million Blind Spot A hospital safety officer called me three years ago, panicking. OSHA had requested employee
HIPAA Eligibility
HIPAA Eligibility: Who Must Comply and Why It Matters
A $5.1 Million Penalty That Started with a Simple Question In 2017, Memorial Healthcare System in Florida agreed to pay $5.1 million to
HIPAA Violation
Definition of HIPAA Violation: What Actually Counts
A hospital employee in Texas looks up her ex-husband's medical records out of curiosity. A dental office in Georgia tosses paper charts into
Patient Privacy Rights
Patient Privacy Rights: What Your Practice Gets Wrong
A Mother Couldn't Get Her Own Son's Medical Records — Then the Feds Got Involved In 2019, a small medical practice in