PHI Security

HIPAA Compliant Email

Compliant Email: HIPAA Rules for Sending PHI Securely

In 2023, OCR settled with a healthcare provider for over $100,000 after an investigation revealed that staff routinely sent unencrypted emails containing protected health

Sep 3, 2022

G Suite HIPAA

G Suite HIPAA Compliance: What Your Organization Must Do

In 2024, OCR settled a case with a healthcare provider that had been storing patient records in a cloud-based email platform — without a signed Business

Jun 13, 2022

Google Workspace HIPAA

Google Workspace HIPAA Compliant Cost: What You'll Pay

When OCR investigated a small medical practice in 2023 for storing patient records in a consumer Gmail account without a Business Associate Agreement, the practice

Apr 28, 2022

HIPAA Certification

HIPAA Certification for Software: What Developers Must Know

In 2023, OCR settled with a telehealth platform for $1.25 million after an investigation revealed the company's software transmitted protected health information

Apr 1, 2022

HIPAA Compliance

HIPAA Compliance G Suite: What You Must Configure

In 2023, OCR settled with a healthcare provider for over $1.25 million after an investigation revealed that protected health information was being shared through

Feb 28, 2022

HIPAA Compliance

HIPAA Compliant Cloud Provider: What You Must Verify

In 2022, OCR settled with a health plan for $1.25 million after an investigation revealed that the organization had migrated protected health information to

Feb 28, 2022

HIPAA Paper Records

HIPAA Paper Records: Safeguards You Can't Ignore

In 2018, OCR settled with Filefax Inc. for $100,000 after the company left medical records — paper records containing protected health information — sitting in an

Dec 31, 2021

HIPAA Technology Rule

HIPAA Technology Rule: What Healthcare Orgs Must Know

In December 2023, HHS published a Notice of Proposed Rulemaking (NPRM) that represents the most significant update to the HIPAA Security Rule since its original

Sep 18, 2021

HIPAA Compliant Texting

HIPPA Compliant Text: What HIPAA Actually Requires

Every month, OCR receives complaints about protected health information sent via unsecured text messages — a nurse texting a patient's lab results to a

Jan 19, 2021

Patient Protected Information

Patient Protected Information: What HIPAA Requires

In 2023, OCR settled with a dental practice in New England for $50,000 after an investigation revealed that staff members were routinely sharing patient

Aug 31, 2020

Telemedicine

Telemedicine and HIPAA Compliance: What Providers Must Know

When OCR announced in late 2023 that the COVID-era telehealth enforcement discretion would not last forever, many healthcare organizations realized they had been operating telemedicine

Jan 26, 2020

Texting and HIPAA

Texting and HIPAA Compliance: What Your Organization Must Know

In 2023, a dermatology practice in Connecticut paid $150,000 to settle an OCR investigation that traced back, in part, to unsecured electronic communications — including

Jan 26, 2020