ePHI - Security, Privacy and the Law

Tag Archives: ePHI

HIPAA Compliant Technology and the Importance of Encryption

We welcome this guest blog by Gene Fry, Compliance Officer, Scrypt, Inc.

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for protecting sensitive patient data. This means that any covered entity (CE) or business associate (BA) that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed. The HIPAA Privacy Rule addresses the storage,… More

HHS OCR Cites Faulty Risk Analysis, Lack of Policies in Addition to Breach by Physician Practice

In what may be a sign of things to come, a recent HHS OCR resolution agreement with a dermatology practice cites not only the loss of some 2,200 records on a thumb drive, but the lack of an “accurate and thorough analysis of the potential risks and vulnerabilities to the confidentiality of ePHI” and “[t]he Covered Entity did not … have written policies and procedures and train members of its workforce”;… More