Here are some important Health Insurance Portability and Accountability (HIPAA) reminders and updates.
First, on the Security Rule side of things: this past Thursday, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted its latest settlement with a covered entity related to alleged HIPAA violations. This $250,000 settlement, with a Washington-based healthcare provider, followed a ransomware attack and subsequent investigation by OCR.
The risky business at issue here is, in many ways, merely operating in the healthcare industry. According to OCR, ransomware and hacking are the primary threats in healthcare. But a ransomware attack, which will always be disruptive and damaging, and can be challenging to prevent and often results from human error, does not need to result in further payment to the government.
There have been countless ransomware attacks, but only a handful of them result in settlements, and that’s because it’s not the ransomware itself, but the state of your compliance, when OCR comes knocking. This latest settlement was, as many are, a complaint-driven investigation. And when OCR investigated, it found one of the most common HIPAA compliance failures – the lack of a comprehensive, accurate, organization-wide risk analysis. OCR also found insufficient monitoring of activity within the organization’s information systems that housed electronic personal health information (ePHI).
Preparing your organization for that worst-case but sometimes inevitable-feeling attack means you need to get your house in order to make sure that any investigation shows you were meeting your compliance requirements.
Now, compliance with the HIPAA Security Rule is staying more or less status quo, but there are some significant changes to the Privacy Rule that go into effect at the end of this year and will require some additional effort.
The new HIPAA Privacy Rule to Support Reproductive Health Care Privacy goes into effect Dec. 23. This new Rule implements a variety of new requirements, focused on providing further protection for “reproductive healthcare” – a new and very broadly defined term. The Rule, which was published in April, seeks to prohibit covered entities from using or disclosing PHI related to reproductive healthcare to identify a patient or healthcare provider in connection with an investigation or proceeding where the care was provided under lawful circumstances.
Here are some things to consider and make sure you’ve implemented by the end of the year:
The final requirement is to update Notice of Privacy Practices, but you have until 2026 to do that.
EDITOR’S NOTE:
The opinions expressed in this article are solely those of the author and do not necessarily represent the views or opinions of MedLearn Media. We provide a platform for diverse perspectives, but the content and opinions expressed herein are the author’s own. MedLearn Media does not endorse or guarantee the accuracy of the information presented. Readers are encouraged to critically evaluate the content and conduct their own research. Any actions taken based on this article are at the reader’s own discretion.
Last week I read a research letter dealing with family physician burnout published in the Journal of the American Medical Association (JAMA) Internal Medicine. It
I had planned a different topic for this week, sequencing sepsis, based on feedback from my last article, but an article about OpenEvidence rolling out
Please log in to your account to comment on this article.
Gain clarity and confidence in OB‑GYN coding with this expert‑led webcast featuring Stacey Shillito, CDIP, CPMA, CCS, CCS‑P, CPEDC, COPC. You’ll learn how to apply global maternity package rules accurately, select the right CPT codes for procedures and visits, and identify documentation gaps that lead to denials. With practical guidance and real examples, this session helps you strengthen compliance, reduce audit risk, and ensure accurate reimbursement for women’s health services.
Uncover essential coding insights with nationally recognized coding authority Kay Piper, RHIA, CDIP, CCS. Through ICD10monitor’s interactive, on‑demand webcast series, Kay walks you through the AHA’s 2026 ICD‑10‑CM/PCS Quarterly Coding Clinics, translating each update into practical, easy‑to‑apply guidance designed to sharpen precision, ensure compliance, and strengthen day‑to‑day decision‑making. Available shortly after each official release.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s fourth quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Uncover critical guidance on the ICD-10-CM/PCS code updates. Kay Piper reviews and explains ICD-10-CM/PCS coding guidelines in the AHA’s third quarter 2026 ICD-10-CM/PCS Coding Clinic in an easy to access on-demand webcast.
Federal auditors are intensifying their focus on inpatient psychiatric facilities, using advanced data analytics to spotlight outliers and pursue high‑dollar repayments. In this high‑impact webcast, Michael Calahan, PA, MBA, Compliance Officer and V.P., Hospital & Physician Compliance, breaks down what regulators are really targeting in IPF-PPS admissions, documentation, treatment and discharge planning. Attendees will learn practical steps to tighten processes, avoid common audit triggers and protect reimbursement and reduce the risk of multimillion-dollar repayment demands.
In this timely session, Stacey Shillito, CDIP, CPMA, CCS, CCS-P, CPEDC, COPC, breaks down the complexities of Medical Decision Making (MDM) documentation so providers can confidently capture the true complexity of their care. Attendees will learn practical, efficient strategies to ensure documentation aligns with current E/M guidelines, supports accurate coding, and reduces audit risk, all without adding to charting time.
Join Ronald Hirsch, MD, FACP, CHCQM for The PEPPER Returns – Risk and Opportunity at Your Fingertips, a practical webcast that demystifies the PEPPER and shows you how to turn complex claims data into actionable insights. Dr. Hirsch will explain how to interpret key measures, identify compliance risks, uncover missed revenue opportunities, and understand new updates in the PEPPER, all to help your organization stay ahead of audits and use this powerful data proactively.
Stay ahead of the 2026-2027 audit surge with “Top 10 Audit Targets for 2026-2027 for Hospitals & Physicians: Protect Your Revenue,” a high-impact webcast led by Michael Calahan, PA, MBA. This concise session gives hospitals and physicians clear insight into the most likely federal audit targets, such as E/M services, split/shared and critical care, observation and admissions, device credits, and Two-Midnight Rule changes, and shows how to tighten documentation, coding, and internal processes to reduce denials, recoupments, and penalties. Attendees walk away with practical best practices to protect revenue, strengthen compliance, and better prepare their teams for inevitable audits.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
BLOOM INTO SAVINGS! Get 25% OFF during our spring sale through March 27. Use code SPRING26 at checkout to claim this offer.
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 1 with code CYBER25
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
