Data Privacy Resources just for you

We get a lot of questions about HIPAA Certification. Here are your answers.

Complying with Data Privacy Laws can be a headache for organizations. That is why each organization should assign one person to oversee compliance for the organization.

Whether you call it HIPAA on steroids or just another expansion, the HITECH Act gave organizations tougher security requirements as well as backs it up with increased penalties for HIPAA noncompliance.

For security-conscious businesses, SOC 2 compliance is a minimal requirement when considering a SaaS provider. Here is what you should know.

If you are a small business owner or anyone trying to sell anything online or in person, you may have heard the term PCI. Here, we'll answer your questions on PCI.

HIPAA is a complex law with plenty of moving parts. Here we broke down the requirements for compliance.

Colorado has officially passed a specific data privacy rule, become the third state to do so. Let's examine what this law means.

In this day and age, it's not a question of if you'll have a breach, but when. Here we cover the steps you should take to prepare yourself for when that day occurs.

The HIPAA rule requires that an organization appoint a Privacy Officer to oversee safeguarding the integrity and security of protected health information. But who should you select as your Privacy officer? And what steps should this person take? We have all the answers.

Under the GDPR, Personal data is much broader than America’s Personally identifiable information (PII) and even broader than the PHI of HIPAA.

All in all, the GDPR has drastically increased the requirements of organizations and how they manage personal data.

The subject of Data Privacy has gone through quite a bit of changes over the years, the premise remains the same: people just want the right to be left alone. 

Technical Safeguards can often be the most challenging regulation to understand and implement because it is a mix of addressable and required. We'll help explain both here.

The principle of least privilege plays an important role in an organization's data security. See how it can yours.

May was a busy month for the GDPR, as they levied many fines at a variety of organizations in different sectors for noncompliance.

In Part two of our series, we'll take a deep dive and examine physical safeguards of the Security rule.

GDPR Compliance isn’t something that businesses should take lightly, not by a long shot. Getting fined by them for violating their regulations results in one’s company not only taking a financial hit, but likely receiving a very nasty hit to their reputation,

In May 2021, there was only one settlement against a healthcare laboratory in Georgia and the Office of Civil Rights. Here are the details.

In this three part series, we'll take time to examine each of the Security Rule safeguards. In this post, we will look at a detailed look at the different types of administrative safeguards the HHS requires in order to comply with HIPAA.

Think that being certified makes you compliant? Think again! Read on to learn how a certification program does not free you up from your obligations under HIPAA.

PCI DSS and HIPAA both aim to secure entirely different types of information while attempting to meet a similar need: data security.

Whether we like it or not, we live in an age where our personal information is being tracked, collected, shared, monitored, you name it. In short, very little data is private: but that may be changing.

All those who work in and around HIPAA know that they are taught to fear an OCR audit and avoid it at all costs. But what happens during an audit of your HIPAA compliance?

There are a many concerns raised from a data security perspective that remote work brings for many organizations. In this post, we discuss working from home and what it means for data privacy and security. 

Data Subject Access Requests are an important part of complying with Data Privacy Laws. But what are they and how do you follow them? We make it clear in this post.

April was a busy month for the GDPR, as they levied many fines at a variety of organizations in different sectors for noncompliance.

We created a simple GDPR Compliance checklist to help make the monumental task of complying with the GDPR easier.

HIPAA is a vast regulation. We’ve broken down the core rules that you need to know and live by in order to be considered HIPAA Compliant.

You can have the proper policies and procedures in place, but all it takes is a little mistake and Bam! You've violated HIPAA. Here are a few violations.

Think complying with HIPAA is a challenge? The hit of HIPAA Violations to your wallet and reputation are even greater challenges.

Data Security is the process of protecting digital information from unauthorized access, theft, or corruption throughout its entire lifecycle.

In this blog, we’ll walk through 4 of the most popular business communication platforms on the market and how they can be used in a HIPAA-compliant manner.

Covered Entity? Business Associates? The HIPAA regulation is full of unusual language. Here we break down what is and what isn't a covered Entity.

HIPAA has laid out a precise list of 18 different forms of protected health information. Below we will outline each different type and give examples of each so that you can have a better understanding of what exactly qualifies as PHI and what you can expect your healthcare provider to be doing with this information.

Email is an important tool for communication, but there are risks to send PHI and other sensitive data via email, so organizations must choose a HIPAA compliant email provider. Here is what Accountable recommends.

The GDPR has been the starting point for data protection laws for countries outside the EU. But where did it come from? What problems were it looking to solve?

Office 365, is the most popular on the market, many healthcare organizations have been prompted to ask whether Office 365 products are HIPAA compliant?

What do you do when you believe that an individual or a company is potentially violating HIPAA? The answer is you file a complaint with the Office of Civil Rights.

With the medical CBD industry regularly growing, it has remained a consistent question of whether the cannabis industry need to be HIPAA compliant. We’ll answer all of your questions about HIPAA and Cannabis, just read on!

When choosing a telehealth platform for your practice or clinic, it is important that you select a platform that not only fits your needs but is also compliant with the regulations of HIPAA.

The General Data Protection Regulation, or GDPR, is a legal framework that sets guidelines for the collection and processing of personal data from individuals who live in the European Union (EU).

The risks of HIPAA audits vary dramatically from organization to organization depending on health data you store, what other organizations you work with, and what steps you have taken to guard this information.

Since the United States has not introduced a data privacy law on the federal level, many states have begun to create state-specific laws which govern the protection of their resident's personally identifiable information (PII) to some degree. In this article, we will cover the existing and developing bills within various state legislatures in order to keep you up to date on the state laws that are likely upcoming.

HIPAA compliance is a moving target. To understand where HIPAA is moving, you'll first need to understand why it began and how it expanded.

The Covid-19 pandemic has forced many practices to scramble and adopt videoconferencing tools in order to continue operations. But which video platforms are compliant with HIPAA?

Within the HIPAA Security Rule, there are a series of safeguards and standards that all organizations under HIPAA must adhere to. However, HIPAA allows for ambiguity when it comes to adhering to those. Why? Read on to find out.

It's not just healthcare providers that need to comply with HIPAA, their vendors need to be compliant too. But what do they need to do to be considered HIPAA Compliant?

When PHI is found in an electronic form, like a computer or a digital file, it is called electronic Protected Health Information or ePHI.

HIPAA is all about safeguarding PHI. But what is Protected Health Information? What Isn't PHI? Why is PHI so valuable to hackers? In this post, we'll answer your questions.

With rising concerns over the privacy of personal data the Oklahoma House passed a Data Privacy Bill that may serve as the canary in the coal mine for lower thresholds for applicability of data privacy laws. Read on to learn more.

The Minimum Necessary Standard is a requirement that covered entities take all reasonable steps to see to it that protected health information (PHI) is only accessed to the minimum amount necessary to complete the tasks at hand.

Need to be HIPAA Compliant but aren't sure what you need to do? Cut straight to the chase and learn what steps are actually required to become HIPAA-compliant by reviewing this checklist.

Data security has become one of the highly vulnerable aspects of the healthcare industry due to the speedy adoption of electronic health record systems (EHR) over the past decade. Choosing and implementing security protocols that will work best for your healthcare organization mandates a thorough analysis of your ongoing policies and procedures without compromising the efficacy of your care delivery services.

Slack is an industry-leading communications platform used by countless organizations including healthcare institutions. But is it HIPAA Compliant? The short answer is no. The long answer is it can be. Read on to find out how.

With the passage of the Virginia Consumer Data Protection Act, Virginia becomes the second state to pass a state specific privacy law. In this post, we break down what you need to know.

Phishing is a very common method for bad-actors to compromise your data. Here are several examples of common phishing emails to watch out for.

HiTrust vs HITECH. HITECH vs HiTrust? Both oversee information security in the healthcare space. But which is which, and which one must you comply with?

There are a lot of things startups should know when it comes to them approaching their HIPAA. But don’t let HIPAA become a roadblock to your success. Here you'll learn the basic steps to comply with the act.

Even before Covid-19 struck, working remotely was becoming more and more popular. However, working remotely poses new security risks and challenges to your organization's HIPAA compliance. Read on to see what those risks are and how you can mitigate them.

Anyone that keeps an eye on the HIPAA violation settlements would be able to see the clear trend over the past year - the Right of Access Initiative. Here, we’ll walk through everything you need to know about component of HIPAA and how the OCR has been following through on that in 2019 and 2020. 

Overseeing HIPAA compliance as a practice manager can feel like a daunting task. In this post, Accountable breaks down what you need to do to be compliant.

HIPAA is a complex law that can affect every aspect of your business. Because it is broad and vague, it can feel like a challenge to know where to begin. That is why we broke down HIPAA compliance into its most basic steps.

The HIPAA Privacy Rule was the second rule to expand and clarify the scope of HIPAA. It established standards to protect PHI and as originally applied to Covered Entities.

If you’re on our website, you’re probably aware that privacy regulations can be pretty challenging. The rules are vague and complicated, plus navigating brand-new regulations is even tougher. The CPRA is the latest of these rules to pass, and can serve as the canary in the coal mine for the rest of the nation.

2020 was an unexpected year in so many industries but arguably none more than the healthcare industry. Public health has dominated the headlines and our day-to-day discussions throughout almost all of 2020.

HIPAA and Web Hosting. Web Hosting and HIPAA. Is your head spinning already? We’ll clear up your questions and concerns here.

We know that managing HIPAA internal compliance and signing business associate agreements with all other organizations can be time-consuming and confusing. In this post, we will lay out everything you need to know to utilize Zendesk in a HIPAA compliant manner.

Due to the value of the PHI that these Covered Entities and their business Associates use, store and transmit, it is critical that each organization have contingency plans in the event of a emergency.

Text messaging can be HIPAA compliant, it all depends on what information is sent, what consent has been given, and what encryption is used over that information. Read on to learn how you can use a common form of communication without committing a HIPAA violation.

HIPAA Technical Safeguards are designed to help reduce the risks to your organization and the information you store or transmit. Read on to learn more about how these can help your organization safeguard PHI.

We're thrilled to announce the newest version of Accountable today which launches new features and protections for HIPAA compliance

If you work within or with the healthcare providers, you should be familiar with Protected Health Information (PHI). But what about Personal Identifiable Information (PII)? How does GDPR define personal data?

Back in March, the HHS announced the suspension of some penalties for Privacy Rule violations throughout the duration of the COVID-19 crisis. But with a vaccine on the way, covered entities should prepare for the end of these waivers.

AWS, or Amazon Web Services is the cloud platform operated under the parent company of Amazon, which offers cloud computing for businesses of all sizes and industries. Luckily, AWS is one of the providers that you can trust to operate in a compliant manner, once certain steps are completed.

Healthcare Providers are a common target of attackers, but why? The answer is that the information they have is incredibly valuable.

Dismissing Employees can lead to risks. If companies don’t mitigate some of these risks to data during offboarding, then the company may face a much more significant challenge down the road.

In October, the settlements include a large not-for-profit hospital, a small private practice and one of the largest health insurers in the country.

In a world where there are new software solutions for every task and issue, healthcare providers may wonder what exactly practice management software can do for them and whether it is a necessary product for them.

In light of COVID-19 as well as emerging digital technologies there have been several proposed updates to HIPAA that would require additional security requirements, software, and administrative procedures.

Traditionally, medical records were kept on paper and were manually filed. EHR Systems revolutionized patient care by enabling patient and treatment data to be accessed by a multitude of caregivers. But how does systems affect HIPAA compliance?

A HIPAA Risk Assessment is crucial to your compliance with HIPAA. Not only will it help identify risks and threats, its required by HIPAA. Read on to discover how to conduct a risk analysis.

In September, the HHS and OCR had their busiest month of HIPAA resolution agreements in a long time - reporting eight separate settlements in the last two weeks of the month.

Learn how the HIPAA Omnibus Final Rule modified the Privacy Rule, Security Rule, Enforcement Rule and Breach Notification Rule.

During the pandemic, there has been no shortage of headlines about Coronavirus. But why do we know the who and how in some cases, but in other situations that data is secret?

The accounting industry is subject to changes in privacy rules and regulations and one of those key laws to pay attention to is HIPAA. But how does HIPAA apply to accountants?

Working Remotely isn’t going to go away anytime soon, and the new vulnerabilities from working remotely mean that security will continue to face new challenges and obstacles.

Phishing scams are not a new threat to data security, but they are becoming increasingly risky as hackers are constantly improving the complexity of their scams. Now is the time to learn how to spot them, report them and keep your important information safe.

Complying with GDPR and HIPAA has raised many questions among organizations as they look to meet the necessary demands of each of these laws.

There are many do's and don'ts when it comes to marketing healthcare services yet complying with HIPAA. Learn about the challenges (and solutions) here!

Would you violate HIPAA For money? A recent study showed that many graduates are willing to do so. Minimize opportunities for violations and Hire wisely.

Medical Interpreters serve as the middle ground between patients and doctors. But how does HIPAA apply to them?

The Office of Civil Rights waived penalties for some HIPAA violations that could arise from using Telehealth during the Covid-19. These waivers are bound to end. What comes next?