Compliance Tip of the Day: Rethinking Corporate AI Governance Through Design Intelligence
Compliance Tip of the Day: COSO Governance Framework: Part 4, Culture
Compliance Tip of the Day: COSO Governance Framework: Part 1, Introduction
Compliance Tip of the Day: Internal Control Deficiencies
FCPA Compliance Report: Stay the Course: Ellen Lafferty on Navigating Anti-Corruption Compliance in 2025
Adventures in Compliance: The Novels – The Hound of the Baskervilles, Introduction and Compliance Lessons Learned
Compliance Tip of the Day: Assessing Internal Controls
Key Discovery Points: BYOD Case Law Covering Subpoenas and Employee Handbooks
Compliance Tip of the Day: COSO Objective 5 – Monitoring Activities
Compliance Tip of the Day: COSO Objective 4 - Control Information and Communication
Hospice Insights Podcast - Election Inspection: Be Proactive to Avoid Costly Election Statement Denials
Compliance Tip of the Day: COSO Objective 3 – Control Activities
Compliance Tip of the Day – COSO Objective 1 – Control Environment
Compliance Tip of the Day: Code of Conduct as an Internal Control
Rethinking Records Retention
Compliance Tip of the Day: Internal Controls for GTE
FCPA Compliance Report: Revolutionizing Speak Up: Ariel D. Weindling on Enhancing Whistleblower Systems
Compliance Tip of the Day: Implementing Internal Controls
Podcast: Addressing Patient Complaints About Privacy Violations
Compliance Amidst a Global Consensus Breakdown
When it comes to compliance with the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (“HIPAA”), is your house in order? Has someone recently looked underneath the counter and...more
As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security Rule (scheduled to be published in the Federal Register January 6). It...more
Announcing its fourth ransomware cybersecurity investigation and settlement, the Office for Civil Rights (OCR) also observed there has been a 264% increase in large ransomware breaches since 2018....more
More than two months after the February 2024 Change Healthcare cyber-ransom attack, the healthcare industry continues to grapple with the fallout, creating significant challenges, disruptions, and outages to the healthcare...more
Get ready to be inspired with game-changing insights and industry connections! For over two and a half decades, healthcare compliance professionals have gathered at HCCA’s Compliance Institute (CI) to share ideas, learn...more
A recent settlement entered into by the nation’s largest publicly operated health plan serves as a stark warning to all entities and business associates subject to the Health Insurance Portability and Accountability Act:...more
On June 28, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a settlement (resolution agreement and corrective action plan) with iHealth Solutions (also known as Advantum Health)...more
The recent settlement between the U.S. Department of Health and Human Services Office for Civil Rights (OCR) and a community hospital is a reminder of the importance of HIPAA compliance for all healthcare organizations. The...more
On June 15, 2023, OCR announced a settlement with Yakima Valley Memorial Hospital (Yakima) after completing a HIPAA investigation regarding allegations that hospital security guards accessed medical records of 419 patients....more
On February 1, 2023, the Federal Trade Commission (FTC) reached a settlement with digital health platform GoodRx for sharing users’ personal health information with third parties without properly disclosing their data...more
Hybrid work is likely here to say, and, as Sheila Limmroth, privacy specialist at DCH Health System, and the author of the chapter Hybrid Work Environment in the Complete Healthcare Compliance Manual observes in this...more
Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more
As the COVID-19 pandemic continues and our health system is pushed to and beyond capacity, lawmakers and stakeholders are assessing different ways to handle the incredible volume of patients suddenly needing care. One...more
Health care providers, health plans, and others who are subject to HIPAA are sure to have questions about when they may disclose information about individuals who have contracted, or been exposed to, Coronavirus (COVID-19)....more
Although COVID-19 is not the first pandemic to hit the United States, the virus has thrown the country into uncharted territory as federal and state governments and agencies struggle to contain the virus’s quick-moving...more
The Office of Civil Rights (OCR) last month provided guidance and a reminder to HIPAA covered entities and their business associates regarding the sharing of patient health information (PHI) under the Health Insurance...more
Recent guidance from the Office for Civil Rights and the Centers for Medicare and Medicaid Services reiterates that existing privacy laws and emergency preparedness standards provide an effective framework for providers...more
Click here to read more on the coronavirus According to the Centers for Disease Control and Prevention (CDC), the immediate risk of being exposed to COVID-19 (aka, the coronavirus) is thought to be low. While the virus is not...more
During a particularly good episode of The Office, Michael Scott burned his foot, made a screaming SOS call to the receptionist imploring the good people of Dunder-Mifflin for assistance, wrapped his leg in bubble wrap, and...more
In a recent blog post, colleagues in our Employment, Labor & Workforce Management practice addressed the legal framework pertaining to coronavirus (COVID-19) risks in the workplace. As the number of cases continues to the...more
Since the 2019 Novel Coronavirus (COVID-19) was first detected in December, the death toll has continued to rise as the virus quickly spreads. Centers for Disease Control (CDC) officials have stated that while the immediate...more
Health care providers, health plans and others monitoring the recent coronavirus outbreak should be aware of how patient information can and cannot be shared and used under applicable laws, including the HIPAA privacy rule,...more
With the recent spread of coronavirus (2019-nCoV), it is an important time to examine what information employers may share under HIPAA’s Privacy Rule during an outbreak of infectious disease or other emergency situation....more
When the European Union’s General Data Protection Regulation (GDPR) became effective on May 25, 2018, many US-based hospitals struggled to determine whether they were subject to the GDPR and, if so, what they must do to...more