HIPAA and Workers Compensation: When Privacy Rules Apply to Workplace Injuries
HIPAA and Workers’ Compensation: When Privacy Rules Apply to Workplace Injuries When an employee is injured on the job, their medical information moves through a chain of parties — the treating provider, the employer, the workers’ compensation insurer, and often a state administrative board. Workers’ compensation is one of the few areas where HIPAA explicitly […]
HIPAA and Provider Credentialing: Protecting Physician Data
HIPAA and Provider Credentialing: Protecting Physician Data Provider credentialing occupies an unusual place under HIPAA, and understanding that nuance is the heart of compliance here. Credentialing is primarily about the provider, not the patient — verifying a clinician’s education, training, board certifications, NPI and DEA registrations, malpractice history, work history, and peer references. Because protected […]
HIPAA Compliance for Clinical Research: Using PHI in Studies
HIPAA Compliance for Clinical Research: Using PHI in Studies Quick Answer: Clinical research using PHI requires either patient authorization, a waiver from an Institutional Review Board, or de-identified data sets. The HIPAA Privacy Rule permits PHI use for research with appropriate safeguards including limited data set agreements, minimum necessary provisions, and accounting of disclosures to […]
HIPAA Compliance for Telehealth in 2026: A Provider’s Playbook
HIPAA Compliance for Telehealth in 2026: A Provider’s Playbook The 2026 HIPAA Security Rule update is the first time HIPAA’s technical safeguards have been rewritten with a video-visit, mobile-first care model in mind. For telehealth providers, that means encryption, MFA, session logging, and BAA inventory are no longer best practice — they’re the floor. Here’s […]
HIPAA Compliance for Nurse Practitioners: 2026 Security Rule Update for Solo NP Practices and NP-Owned Clinics
HIPAA Compliance for Nurse Practitioners: 2026 Security Rule Update for Solo NP Practices and NP-Owned Clinics Why Nurse Practitioners Are an OCR Audit Target in 2026 Nurse practitioners now provide primary care for over 1 in 4 American patients. With expanded scope-of-practice laws across more than two dozen states authorizing full practice authority, NP-owned clinics […]
The HIPAA Business Associate Agreement (BAA): What’s Required, What’s Optional, and How to Track Yours in 2026
The HIPAA Business Associate Agreement (BAA): What’s Required, What’s Optional, and How to Track Yours in 2026 A Business Associate Agreement is a contract between a HIPAA-covered entity and any vendor that creates, receives, maintains, or transmits protected health information (PHI) on its behalf. It’s required — not optional — under 45 CFR 164.504(e). Without […]
HIPAA Compliance in Revenue Cycle Management: From Intake to Collections
HIPAA Compliance in Revenue Cycle Management: From Intake to Collections Revenue cycle management (RCM) is where protected health information (PHI) travels the farthest. From the moment a patient is registered, the same data flows through eligibility verification, coding, claim submission, clearinghouses, payer adjudication, patient statements, and — when accounts go unpaid — collections. Every handoff […]
HIPAA Compliance for Healthcare Websites: Forms, Chat, and Patient Portals
HIPAA Compliance for Healthcare Websites: Forms, Chat, and Patient Portals Quick Answer: Healthcare websites collecting PHI through contact forms, appointment scheduling, live chat, or patient portals must implement SSL encryption, secure form handling, access controls, and BAAs with web hosting and third-party widget providers. Analytics tools like Google Analytics require careful configuration to avoid tracking […]
HIPAA Compliance for Multi-Location Healthcare Organizations
HIPAA Compliance for Multi-Location Healthcare Organizations HIPAA compliance gets harder the moment your organization runs more than one location. The rules do not change from site to site, but the Office for Civil Rights almost always treats a single legal entity as one covered entity. That means a lapse at your smallest satellite clinic is, […]
HIPAA Disaster Recovery Planning: Protecting PHI During Emergencies
HIPAA Disaster Recovery Planning: Protecting PHI During Emergencies Disaster recovery under HIPAA is not generic business continuity with a healthcare label. What makes it distinct is that the asset you are protecting is electronic protected health information (ePHI), and the Security Rule treats the ability to recover that data as a compliance obligation in its […]