Here are some important Health Insurance Portability and Accountability (HIPAA) reminders and updates.
First, on the Security Rule side of things: this past Thursday, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted its latest settlement with a covered entity related to alleged HIPAA violations. This $250,000 settlement, with a Washington-based healthcare provider, followed a ransomware attack and subsequent investigation by OCR.
The risky business at issue here is, in many ways, merely operating in the healthcare industry. According to OCR, ransomware and hacking are the primary threats in healthcare. But a ransomware attack, which will always be disruptive and damaging, and can be challenging to prevent and often results from human error, does not need to result in further payment to the government.
There have been countless ransomware attacks, but only a handful of them result in settlements, and that’s because it’s not the ransomware itself, but the state of your compliance, when OCR comes knocking. This latest settlement was, as many are, a complaint-driven investigation. And when OCR investigated, it found one of the most common HIPAA compliance failures – the lack of a comprehensive, accurate, organization-wide risk analysis. OCR also found insufficient monitoring of activity within the organization’s information systems that housed electronic personal health information (ePHI).
Preparing your organization for that worst-case but sometimes inevitable-feeling attack means you need to get your house in order to make sure that any investigation shows you were meeting your compliance requirements.
Now, compliance with the HIPAA Security Rule is staying more or less status quo, but there are some significant changes to the Privacy Rule that go into effect at the end of this year and will require some additional effort.
The new HIPAA Privacy Rule to Support Reproductive Health Care Privacy goes into effect Dec. 23. This new Rule implements a variety of new requirements, focused on providing further protection for “reproductive healthcare” – a new and very broadly defined term. The Rule, which was published in April, seeks to prohibit covered entities from using or disclosing PHI related to reproductive healthcare to identify a patient or healthcare provider in connection with an investigation or proceeding where the care was provided under lawful circumstances.
Here are some things to consider and make sure you’ve implemented by the end of the year:
The final requirement is to update Notice of Privacy Practices, but you have until 2026 to do that.
EDITOR’S NOTE:
The opinions expressed in this article are solely those of the author and do not necessarily represent the views or opinions of MedLearn Media. We provide a platform for diverse perspectives, but the content and opinions expressed herein are the author’s own. MedLearn Media does not endorse or guarantee the accuracy of the information presented. Readers are encouraged to critically evaluate the content and conduct their own research. Any actions taken based on this article are at the reader’s own discretion.
As state laws, federal regulations, and insurance policies continue to evolve, healthcare organizations face growing demands to ensure that gender-affirming care is appropriately documented and
Sepsis is one of the most (if not the most) challenging concepts in the International Classification of Diseases, 10th Edition, Clinical Modification (ICD-10-CM), the Health Insurance Portability and Accountability
Please log in to your account to comment on this article.
Only ICD10monitor delivers what you need: updates on must-know changes associated with the FY26 IPPS, including new ICD-10-CM/PCS codes, CCs/MCCs, and MS-DRGs, plus insights, analysis and answers to your questions from two of the country’s most respected subject matter experts.
This third session in our 2026 IPPS Masterclass will feature a review of FY26 changes to the MS-DRG methodology and new technology add-on payments (NTAPs), presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
This second session in our 2026 IPPS Masterclass will feature a review the FY26 changes to ICD-10-PCS codes. This information will be presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
This first session in our 2026 IPPS Masterclass will feature an in-depth explanation of FY26 changes to ICD-10-CM codes and guidelines, CCs/MCCs, and revisions to the MCE, presented by presented by nationally recognized ICD-10 coding expert Christine Geiger, MA, RHIA, CCS, CRC, with bonus insights and analysis from Dr. James Kennedy.
RACmonitor is proud to welcome back Dr. Ronald Hirsch, one of his most requested webcasts. In this highly anticipated session, Dr. Hirsch will break down the complex Two Midnight Rule Medicare regulations, translating them into clear, actionable guidance. He’ll walk you through the basics of the rule, offer expert interpretation, and apply the rule to real-world clinical scenarios—so you leave with greater clarity, confidence, and the tools to ensure compliance.
Bring your questions and join the conversation during this open forum series, live every Wednesday at 10 a.m. EST from June 11–July 30. Hosted by Chuck Buck, these fast-paced 30-minute sessions connect you directly with top healthcare experts tackling today’s most urgent compliance and policy issues.
Fraud convictions don’t just punish a few bad claims; they can wipe out years of reimbursements. Don’t wait for an audit to learn the rules. Join Frank Cohen, MPA, for a live Q&A on spotting red flags, avoiding liability, and protecting your practice. Register now and bring your questions!
Substance abuse is everywhere. It’s a complicated diagnosis with wide-ranging implications well beyond acute care. The face of addiction continues to change so it’s important to remember not just the addict but the spectrum of extended victims and the other social determinants and legal ramifications. Join John K. Hall, MD, JD, MBA, FCLM, FRCPC, for a critical Q&A on navigating substance abuse in 2025. Register today and be a part of the conversation!
Copyright © 2025 ICD10monitor. Powered by MedLearn Media.
Happy National Doctor’s Day! Learn how to get a complimentary webcast on ‘Decoding Social Admissions’ as a token of our heartfelt appreciation! Click here to learn more →
CYBER WEEK IS HERE! Don’t miss your chance to get 20% off now until Dec. 2 with code CYBER24
