As we round the corner into the final months of the year, we can begin to reflect on the most significant advances over the year. As predicted, technology in global healthcare has undergone an unprecedented transformation in 2019, and 2020 is not going to pale in comparison.  What’s hot is not only these advances in

Cyber-security incident prevention has been at the top of the list of Health IT agendas in recent years, and pressure will only grow more intense as we turn the corner into 2020.  An explosion of systems exploitation in recent months has caused Health IT professionals to be more vigilant than ever to implement procedures to

Healthcare entities that accept credit card payments are subject to PCI-DSS requirements.  PCI-DSS provides “mandated” requirements for the protection and security of credit card transactions. It is not a law. Rather, it was born out of collaboration between major credit card brands (Visa, MasterCard, American Express, Discover and JCB-Japan Credit Bureau) to regulate and

The Gramm Leach Bliley Act (GLBA) of 1999 (Pub. L 106-102, 113 Stat.1338) has two parts.

The first allows for the consolidation/merger of financial institutions such as banks, insurance companies and investment/security firms.

The second regulates the use, disclosure (sharing) and security of the massive amounts of personal information (which includes health records)

In 2017, President Trump issued a call to action that led to the declaration of a nationwide public health emergency regarding the opioid crisis. In response, the Office for Civil Rights (OCR) issued guidance on how HIPAA allows information sharing to address the opioid crisis.

OCR’s guidance, released in October 2017, addresses when and how

The 21st Century Cures Act of 2016 (Cures Act) mandated the Department of Health and Human Services (HHS) to simplify the authorization process for individuals who want to release Protected Health Information (PHI) for research purposes. Individual authorization is necessary if the information will be utilized or shared in any format other than aggregate (without

A recent Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy and Security Rules ruling in Houston, Texas, against MD Anderson Cancer Center underscores the importance of not just developing, but following established rules, policies and procedures. The lack of policies and procedures is always problematic but often, the failure to follow existing ones