HIPAAtrek Blog
Refresh your HIPAA know-how.
How to Track HIPAA Security Incidents Like a Pro
As a HIPAA privacy or security officer, you are used to seeing HIPAA compliance issues pop up out of nowhere. You don’t have the time to chase down the details of every security incident in your organization. However, security incident tracking doesn’t have to be...
read more
How to Manage HIPAA Security Reminders in 5 Easy Steps
You know you must provide HIPAA training to new employees shortly after employment. However, a frequently forgotten part of training is security reminders. Security reminders are a required administrative safeguard under the HIPAA Security Rule. The Security Rule also...
read more
How to Destroy Protected Health Information with Media Sanitization
HIPAA requires you to keep unauthorized people from viewing protected health information (PHI). Even when you’re disposing of unneeded PHI, you must still keep the data secure. According to the Department of Health and Human Services (HHS), “covered entities are not...
read more
HIPAA Verification Guidelines: How to Verify a Request for PHI
The HIPAA Privacy Rule requires you to verify the identity and authority of a person requesting protected health information (PHI) unless the person is already known by your organization. The rule is flexible about how you get verification. However, there are basic...
read more
Law Enforcement and HIPAA: What You Need to Know About Disclosing PHI
When law enforcement enters your organization demanding patient information, it can be intimidating. You know that the Health Insurance Portability and Accountability Act (HIPAA) requires you to keep patients’ protected health information (PHI) private. Ordinarily,...
read more
The ABCs of HIPAA Protected Health Information (PHI Decision Tree Included)
We all know what “protected health information” (PHI) is, right? You know that HIPAA requires you to keep this information private and secure. However, it’s easy to assume we know what PHI means…but be gravely mistaken. Some of us tend to think everything is PHI....
read more
6 Business Associate Agreement Provisions to Protect Your Data
The HIPAA business associate agreement (BAA) lays out your business associate's obligations to protect your data. The previous blog gave an overview of BAAs. Let's hone in on six important BAA provisions: Permissible uses and disclosures of protected health...
read more
7 Quick Facts About HIPAA Business Associate Agreements
So far in our vendor management series, we’ve looked at: how to know if your vendor is a business associate (BA) under HIPAA, how to conduct due diligence before contracting with a vendor, and six areas to address in your vendor contract. However, as a HIPAA-covered...
read more
Address These 6 Things in Your Vendor Contract to Reduce Risk
Before you outsource any of your organization’s functions to a third party, you need to do your research. Will the vendor handle PHI on behalf of your organization? If so, they’re a business associate (BA). Then conduct due diligence to be sure you can trust the...
read more
How Should I Conduct Due Diligence for Vendors and Business Associates?
In the last blog, you used a Business Associate Decision Tree to find if your vendors are business associates (BAs) under HIPAA. But good vendor management begins before you enter a contract with a third party. Before hiring a vendor, you must exercise due diligence....
read more