Call Us Today! 1.800.704.3394|



Call for State Privacy Laws to Align with HIPAA

By |March 1st, 2017|

In December 2016, the National Governors Association (NGA) released a report calling for improvements in the exchange of clinical information among healthcare providers in different states. Current conflicting and restrictive state laws, in addition to market barriers, have resulted in incomplete or delayed diagnosis and/or treatment for patients. State privacy laws supersede HIPAA and can […]

HIPAA Risk Analysis Tip – OCR CAP Data: Learn Why 9 of 10 Organizations Fail

By |January 28th, 2017|

This entry is part 49 of 49 in the series HIPAA Security Risk Analysis Tips

HIPAA Risk Analysis Tip – OCR CAP Data: Learn Why 9 of 10 Organizations Fail
There are plenty of ways to squander several million dollars, but none quite as frustrating as forking over those hefty sums to HHS’s Office for Civil Rights (OCR).  In each of these recent cases, MAPFRE Life ($2.20MM), St. Joseph’s Health ($2.1MM), Advocate […]

HIPAA Risk Analysis Tip – The Biggest Risk Management Surprises in the 2016 OCR Audit Protocol

By |April 11th, 2016|

This entry is part 48 of 49 in the series HIPAA Security Risk Analysis Tips

HIPAA Risk Analysis Tip – The Biggest Risk Management Surprises in the 2016 OCR Audit Protocol
A quick look at the “Current Protocol” reveals greater coverage of the regulations and more in-depth inquiries and documentation review, but the details provide even bigger surprises.  OCR isn’t kidding about the need for greater information security and formal risk […]

The Updated OCR HIPAA Audit Protocol Is Out and It’s a Puzzler

By |April 5th, 2016|

The OCR has finally released a new protocol, entitled “Audit Protocol – Current” and one can’t be sure if this is indeed the promised “Phase 2” Audit Protocol, despite the mention that it has been “updated to reflect the Omnibus Final Rule.”  Honestly, if one of our customers hadn’t just received “the pre-audit screening questionnaire”, we might have thought it was just an update for which “feedback” was being requested.  […]

Folly of HIPAA certification

By |February 22nd, 2016|

Is your health care organization HIPAA certified? Before you start searching for your certification documentation, you should know that this is a trick question. […]

Have You Suffered A Data Breach? A 4 Step Assessment

By |January 6th, 2016|

A data breach in the healthcare industry isn’t just nerve-racking – it’s also expensive and can potentially shut a business down. The bad news is nearly every company will experience a data breach of some magnitude during the life of their company. This guide helps you to identify the type and severity of a data breach. […]

HIPAA Violations: More Serious Now than Ever

By |December 7th, 2015|

HIPAA violations have got more serious over recent years.  Financial costs often reach the millions, and headlines damage reputation to an almost immeasurable degree. And let’s not forget the prison sentences handed out to individuals found culpable of severe breaches of trust.  With the Office of Civil Rights (OCR) again promising to ramp up HIPAA enforcements with a fresh round of audits in 2016, we take you through a deep dive of HIPAA violations.


Who woke up OCR?: Triple-S Management Corporation Settles HHS Charges by Agreeing to $3.5 Million HIPAA Settlement

By |December 1st, 2015|

Triple-S Management Corporation (“TRIPLE-S”), on behalf of its wholly owned subsidiaries, Triple-S Salud Inc., Triple-C Inc. and Triple-S Advantage Inc. , formerly known as American Health Medicare Inc., has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR). TRIPLE-S will pay $3.5 million and will adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program, an effort it has already begun. […]

What is the difference between consent and authorization under the Privacy Rule?

By |November 10th, 2015|

In one of our most popular blog posts, we take a look at consent vs authorization, as they are defined under specific HIPAA regulations.

What is Consent? (According to HIPAA)

A consent as defined by the Privacy Rule is a general document that gives health care providers, which have a direct treatment relationship with a patient, permission to use […]

Your Back-to-School Checklist — 10 Ways to Strengthen Your HIPAA Compliance and Security Practices this Fall

By |August 31st, 2015|

Spring isn’t the only season for refreshing and renewing business practices. With a back-to-school, change-is-in-the-air feel to it, fall also provides a great opportunity to review and reinforce your business practices — including data security and HIPAA compliance. […]