<?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
	xmlns:content="http://purl.org/rss/1.0/modules/content/"
	xmlns:wfw="http://wellformedweb.org/CommentAPI/"
	xmlns:dc="http://purl.org/dc/elements/1.1/"
	xmlns:atom="http://www.w3.org/2005/Atom"
	xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
	xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
	>

<channel>
	<title>HIPAA Secure Now!</title>
	<atom:link href="http://www.hipaasecurenow.com/feed/" rel="self" type="application/rss+xml" />
	<link>https://www.hipaasecurenow.com/</link>
	<description>HIPAA Compliance Made Human</description>
	<lastBuildDate>Tue, 30 Jun 2026 05:55:56 +0000</lastBuildDate>
	<language>en-US</language>
	<sy:updatePeriod>
	hourly	</sy:updatePeriod>
	<sy:updateFrequency>
	1	</sy:updateFrequency>
	<generator>https://wordpress.org/?v=7.0</generator>

<image>
	<url>https://www.hipaasecurenow.com/wp-content/uploads/2019/05/cropped-HSN-Favicon-512px-32x32.png</url>
	<title>HIPAA Secure Now!</title>
	<link>https://www.hipaasecurenow.com/</link>
	<width>32</width>
	<height>32</height>
</image> 
	<item>
		<title>Don&#8217;t Wait for the Final HIPAA Rule: Start with Your Asset Inventory</title>
		<link>https://www.hipaasecurenow.com/dont-wait-for-the-final-hipaa-rule-start-with-your-asset-inventory/</link>
		
		<dc:creator><![CDATA[Kim Berardi]]></dc:creator>
		<pubDate>Wed, 01 Jul 2026 04:00:46 +0000</pubDate>
				<category><![CDATA[Healthcare Industry]]></category>
		<category><![CDATA[HIPAA]]></category>
		<category><![CDATA[HIPAA Audits]]></category>
		<category><![CDATA[HIPAA Violations]]></category>
		<category><![CDATA[HSN News]]></category>
		<category><![CDATA[Policies and Procedures]]></category>
		<category><![CDATA[Risk Assessment]]></category>
		<category><![CDATA[Security]]></category>
		<category><![CDATA[Security Reminders]]></category>
		<category><![CDATA[Security Training]]></category>
		<category><![CDATA[featured]]></category>
		<guid isPermaLink="false">https://hsnstg.wpengine.com/?p=19557</guid>

					<description><![CDATA[<p>While the HIPAA Security Rule update is not final yet, small healthcare practices can start preparing now by building or updating an asset inventory. This simple step can improve visibility, strengthen risk analysis, and support stronger ePHI protection.</p>
<p>The post <a href="https://www.hipaasecurenow.com/dont-wait-for-the-final-hipaa-rule-start-with-your-asset-inventory/">Don&#8217;t Wait for the Final HIPAA Rule: Start with Your Asset Inventory</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p><img fetchpriority="high" decoding="async" class="wp-image-20345 size-full aligncenter" src="https://www.hipaasecurenow.com/wp-content/uploads/2026/06/dont-wait-for-the-final-hipaa-rule-start-with-your-asset-inventory.webp" alt="HIPAA Inventory" width="1200" height="675" srcset="https://www.hipaasecurenow.com/wp-content/uploads/2026/06/dont-wait-for-the-final-hipaa-rule-start-with-your-asset-inventory.webp 1200w, https://www.hipaasecurenow.com/wp-content/uploads/2026/06/dont-wait-for-the-final-hipaa-rule-start-with-your-asset-inventory-300x169.webp 300w, https://www.hipaasecurenow.com/wp-content/uploads/2026/06/dont-wait-for-the-final-hipaa-rule-start-with-your-asset-inventory-1024x576.webp 1024w, https://www.hipaasecurenow.com/wp-content/uploads/2026/06/dont-wait-for-the-final-hipaa-rule-start-with-your-asset-inventory-768x432.webp 768w" sizes="(max-width: 1200px) 100vw, 1200px" /></p>
<p>&nbsp;</p>
<p><span data-contrast="auto">The proposed HIPAA Security Rule update has not been finalized yet, but small healthcare practices should not wait until the deadline is set to start preparing.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<p><span data-contrast="auto">One practical step your organization can take now is to begin building, reviewing, or updating your asset inventory.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<p><span data-contrast="auto">An asset inventory is a documented list of the systems, devices, software, vendors, and access points that may create, receive, maintain, or transmit electronic protected health information, also known as ePHI. While asset inventories have not historically been listed as a specific HIPAA Security Rule requirement, the proposed updates could make them a much more formal expectation.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<p><span data-contrast="auto">More importantly, an asset inventory is a smart foundation for your overall security and compliance program.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<p><span data-contrast="auto">Why does it matter?</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<p><span data-contrast="auto">Because you cannot protect what you do not know exists. If your practice does not have a clear picture of where ePHI lives, how it moves, and who can access it, your risk analysis may miss important gaps. That can make it harder to identify vulnerabilities, update policies, manage vendor risk, and show that your organization is taking reasonable steps to protect patient data.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<p>&nbsp;</p>
<h2><span data-contrast="auto">A strong asset inventory should include:</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></h2>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="auto">Hardware, such as computers, laptops, mobile devices, servers, medical devices, and equipment that touches ePHI</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="2" data-aria-level="1"><span data-contrast="auto">Software and applications, including EHR/EMR systems, billing platforms, cloud tools, and other SaaS applications</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="3" data-aria-level="1"><span data-contrast="auto">Data flows that show where ePHI is stored, transmitted, and accessed</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="4" data-aria-level="1"><span data-contrast="auto">Vendors and business associates that interact with your systems or patient data</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="5" data-aria-level="1"><span data-contrast="auto">Network components, such as routers, firewalls, remote access tools, and other connection points</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="1" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="6" data-aria-level="1"><span data-contrast="auto">User access, including who has access to what and at what permission level</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<p><span data-contrast="auto">The goal is not perfection on day one. The goal is visibility.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<p><span data-contrast="auto">Starting now gives your practice time to identify what you use, where patient data may be exposed, and which areas may need stronger safeguards. It can also make future compliance work easier if the proposed rule is finalized and organizations have a shorter window to act.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<p><span data-contrast="auto"><strong>HIPAA Secure Now</strong> is here to help healthcare organizations take practical steps before the clock starts. For more information, or to request a sample Asset Inventory, please reach out to our compliance team.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<p>The post <a href="https://www.hipaasecurenow.com/dont-wait-for-the-final-hipaa-rule-start-with-your-asset-inventory/">Don&#8217;t Wait for the Final HIPAA Rule: Start with Your Asset Inventory</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>What the Proposed HIPAA Security Rule Changes Could Mean for Your Organization</title>
		<link>https://www.hipaasecurenow.com/what-the-proposed-hipaa-security-rule-changes-could-mean-for-your-organization/</link>
		
		<dc:creator><![CDATA[Zach Morrison]]></dc:creator>
		<pubDate>Thu, 25 Jun 2026 04:00:44 +0000</pubDate>
				<category><![CDATA[Download]]></category>
		<category><![CDATA[HIPAA]]></category>
		<category><![CDATA[HIPAA Audits]]></category>
		<category><![CDATA[HIPAA Violations]]></category>
		<category><![CDATA[HSN News]]></category>
		<category><![CDATA[Policies and Procedures]]></category>
		<category><![CDATA[Security]]></category>
		<category><![CDATA[Security Reminders]]></category>
		<category><![CDATA[Security Training]]></category>
		<category><![CDATA[Uncategorized]]></category>
		<category><![CDATA[featured]]></category>
		<guid isPermaLink="false">https://www.hipaasecurenow.com/?p=19550</guid>

					<description><![CDATA[<p>&#160; HIPAA compliance has always required ongoing attention. But with proposed changes to the HIPAA Security Rule now on the table, healthcare organizations may need to prepare for a higher standard of cybersecurity, documentation, and ePHI protection.  In January 2025, the U.S. Department of Health and Human Services Office for Civil Rights proposed major updates to the [&#8230;]</p>
<p>The post <a href="https://www.hipaasecurenow.com/what-the-proposed-hipaa-security-rule-changes-could-mean-for-your-organization/">What the Proposed HIPAA Security Rule Changes Could Mean for Your Organization</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p><img decoding="async" class="aligncenter wp-image-19551 size-full" src="https://www.hipaasecurenow.com/wp-content/uploads/2026/06/what-the-proposed-hipaa-security-rule-changes-could-mean-for-your-organization.webp" alt="HIPAA Changes" width="1200" height="675" srcset="https://www.hipaasecurenow.com/wp-content/uploads/2026/06/what-the-proposed-hipaa-security-rule-changes-could-mean-for-your-organization.webp 1200w, https://www.hipaasecurenow.com/wp-content/uploads/2026/06/what-the-proposed-hipaa-security-rule-changes-could-mean-for-your-organization-300x169.webp 300w, https://www.hipaasecurenow.com/wp-content/uploads/2026/06/what-the-proposed-hipaa-security-rule-changes-could-mean-for-your-organization-1024x576.webp 1024w, https://www.hipaasecurenow.com/wp-content/uploads/2026/06/what-the-proposed-hipaa-security-rule-changes-could-mean-for-your-organization-768x432.webp 768w" sizes="(max-width: 1200px) 100vw, 1200px" /></p>
<p>&nbsp;</p>
<p><span data-contrast="none">HIPAA compliance has always required ongoing attention. But with proposed changes to the HIPAA Security Rule now on the table, healthcare organizations may need to prepare for a higher standard of cybersecurity, documentation, and ePHI protection.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<p><span data-contrast="none">In January 2025, the U.S. Department of Health and Human Services Office for Civil Rights proposed major updates to the HIPAA Security Rule. If finalized as proposed, the updates could raise expectations around cybersecurity, documentation, workforce training, and how electronic protected health information, or ePHI, is protected.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:0,&quot;335559739&quot;:160}"> </span></p>
<p><span data-contrast="none">For small and mid-sized healthcare organizations, that can feel like a lot to take on. You may already be balancing patient care, staffing, billing, vendor relationships, insurance requirements, and daily operations. Adding new compliance expectations to the list can feel like one more thing you don’t have time to manage.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:0,&quot;335559739&quot;:160}"> </span></p>
<p><span data-contrast="none">That is exactly why preparation matters. </span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<h2><b>What Could Change?</b></h2>
<p><span data-contrast="none">The proposed updates focus on safeguards healthcare organizations should already be evaluating, including:</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="none">Technology asset inventories</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="2" data-aria-level="1"><span data-contrast="none">Risk analysis</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="3" data-aria-level="1"><span data-contrast="none">Multifactor authentication</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="4" data-aria-level="1"><span data-contrast="none">Encryption</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="5" data-aria-level="1"><span data-contrast="none">Vulnerability management</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="6" data-aria-level="1"><span data-contrast="none">Contingency planning</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="7" data-aria-level="1"><span data-contrast="none">Documented policies and procedures</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="8" data-aria-level="1"><span data-contrast="none">Stronger incident response planning</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="9" data-aria-level="1"><span data-contrast="none">Business associate oversight</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="3" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="10" data-aria-level="1"><span data-contrast="none">Workforce training</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<p><span data-contrast="none">Some of these areas may already be part of your compliance program. Others may need more documentation, stronger processes, or closer review if the rule is finalized as proposed.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:0,&quot;335559739&quot;:160}"> </span></p>
<p><span data-contrast="none">The proposed updates point to a clear theme: healthcare organizations may need to show that safeguards are not only in place, but also documented, reviewed, and maintained over time.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:0,&quot;335559739&quot;:160}"> </span></p>
<h2><b>Why This Matters Now</b></h2>
<p><span data-contrast="none">The response across the healthcare industry has been mixed. Many healthcare organizations have raised concerns about cost, timing, operational burden, and the potential impact on smaller or rural providers. At the same time, federal lawmakers continue to discuss stronger cybersecurity expectations across healthcare, including legislation aimed at improving cybersecurity resilience throughout the industry.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<p><span data-contrast="none">Those developments may seem to pull in different directions, but they point to the same reality: healthcare organizations should be paying close attention to cybersecurity and HIPAA compliance.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<p><span data-contrast="none">The timeline is what makes this especially important. If the proposed rule is finalized as written, covered entities and business associates may have as little as 180 days to demonstrate compliance.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<p><span data-contrast="none">That is a short runway for organizations that may need to:</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="1" data-aria-level="1"><span data-contrast="none">Identify compliance and security gaps</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="2" data-aria-level="1"><span data-contrast="none">Update policies and procedures</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="3" data-aria-level="1"><span data-contrast="none">Implement or strengthen security controls</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="4" data-aria-level="1"><span data-contrast="none">Train employees</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="5" data-aria-level="1"><span data-contrast="none">Review vendor and business associate relationships</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<ul>
<li aria-setsize="-1" data-leveltext="" data-font="Symbol" data-listid="4" data-list-defn-props="{&quot;335552541&quot;:1,&quot;335559683&quot;:0,&quot;335559684&quot;:-2,&quot;335559685&quot;:720,&quot;335559991&quot;:360,&quot;469769226&quot;:&quot;Symbol&quot;,&quot;469769242&quot;:[8226],&quot;469777803&quot;:&quot;left&quot;,&quot;469777804&quot;:&quot;&quot;,&quot;469777815&quot;:&quot;hybridMultilevel&quot;}" data-aria-posinset="6" data-aria-level="1"><span data-contrast="none">Document compliance efforts</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></li>
</ul>
<p><span data-contrast="none">For organizations without a dedicated compliance officer or internal HIPAA expert, waiting could make the process more stressful than it needs to be.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<h2><b>Preparation Doesn&#8217;t Have to Happen All at Once</b></h2>
<p><span data-contrast="none">The good news is that preparing for what may be coming doesn’t mean everything overnight.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<p><span data-contrast="none"> It starts with understanding what has been proposed, reviewing where your compliance program stands today, and taking practical steps to strengthen the safeguards that protect patient data.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></p>
<p><span data-contrast="none">That may include reviewing your Security Risk Assessment, confirming policies and procedures are current, checking how your organization manages employee training, and looking more closely at areas like MFA, encryption, vendor oversight, and incident response.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:0,&quot;335559739&quot;:160}"> </span></p>
<p><span data-contrast="none">It also means helping employees understand their role in protecting patient data, especially as cyber threats, AI tools, and Microsoft 365 usage continue to shape daily healthcare operations.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:0,&quot;335559739&quot;:160}"> </span></p>
<h2><b><span data-contrast="none">HIPAA Secure Now Can Help</span></b><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"> </span></h2>
<p><span data-contrast="none">Since 2010, HIPAA Secure Now has helped more than 5,000 healthcare organizations strengthen HIPAA compliance, protect patient data, and reduce cyber risk.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:0,&quot;335559739&quot;:160}"> </span></p>
<p><span data-contrast="none">We provide HIPAA training, Security Risk Assessments, policies and procedures, phishing awareness, vulnerability tools, AI training, Microsoft 365 productivity training, and compliance support designed specifically for healthcare organizations.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:0,&quot;335559739&quot;:160}"> </span></p>
<p><span data-contrast="none">Our connected compliance and training platform helps make HIPAA easier to understand, document, and maintain over time, so your organization can take practical steps before the deadline is set.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:0,&quot;335559739&quot;:160}"> </span></p>
<p><span data-contrast="none">Protecting patient data is about more than meeting a requirement. It’s about knowing you can answer with confidence when someone asks, “Can you show me your HIPAA compliance program?”</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:0,&quot;335559739&quot;:160}"> </span></p>
<p><span data-contrast="none">The proposed rule is not final yet. The time to prepare is before the deadline is set.</span><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:0,&quot;335559739&quot;:160}"> </span></p>
<p style="text-align: center;"><span data-ccp-props="{&quot;134233117&quot;:false,&quot;134233118&quot;:false,&quot;335559738&quot;:240,&quot;335559739&quot;:240}"><a class="blog-cta-button" href="https://hubs.ly/Q04mvz-Y0" target="_blank" rel="noopener"><strong>Download the Industry Brief</strong></a></span></p>
<p><span class="TextRun SCXW63559522 BCX0" lang="EN-US" xml:lang="EN-US" data-contrast="none"><span class="NormalTextRun SCXW63559522 BCX0">Learn what may be changing, why it matters, and how HIPAA Secure Now can help your organization prepare.</span></span></p>
<p>The post <a href="https://www.hipaasecurenow.com/what-the-proposed-hipaa-security-rule-changes-could-mean-for-your-organization/">What the Proposed HIPAA Security Rule Changes Could Mean for Your Organization</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>What Is Acceptable Use in a Medical Office?</title>
		<link>https://www.hipaasecurenow.com/what-is-acceptable-use-in-a-medical-office/</link>
		
		<dc:creator><![CDATA[Art Gross]]></dc:creator>
		<pubDate>Mon, 28 Jul 2025 21:08:40 +0000</pubDate>
				<category><![CDATA[HIPAA]]></category>
		<category><![CDATA[Policies and Procedures]]></category>
		<category><![CDATA[Security]]></category>
		<guid isPermaLink="false">https://www.hipaasecurenow.com/?p=19538</guid>

					<description><![CDATA[<p>Walk into any medical office today, and you’ll probably hear the soft ping of an email, maybe a Teams message popping up on someone’s screen. Chances are someone else is copying patient instructions into a word processor or using a chatbot to summarize notes. It all blends in with the workday. The tools feel familiar. [&#8230;]</p>
<p>The post <a href="https://www.hipaasecurenow.com/what-is-acceptable-use-in-a-medical-office/">What Is Acceptable Use in a Medical Office?</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p data-start="642" data-end="936"><img decoding="async" class="alignnone size-full wp-image-19539" src="https://www.hipaasecurenow.com/wp-content/uploads/2025/07/HSN-Blog-Covers-38.png" alt="" width="1200" height="400" srcset="https://www.hipaasecurenow.com/wp-content/uploads/2025/07/HSN-Blog-Covers-38.png 1200w, https://www.hipaasecurenow.com/wp-content/uploads/2025/07/HSN-Blog-Covers-38-300x100.png 300w, https://www.hipaasecurenow.com/wp-content/uploads/2025/07/HSN-Blog-Covers-38-1024x341.png 1024w, https://www.hipaasecurenow.com/wp-content/uploads/2025/07/HSN-Blog-Covers-38-768x256.png 768w" sizes="(max-width: 1200px) 100vw, 1200px" /></p>
<p data-start="642" data-end="936">Walk into any medical office today, and you’ll probably hear the soft ping of an email, maybe a Teams message popping up on someone’s screen. Chances are someone else is copying patient instructions into a word processor or using a chatbot to summarize notes. It all blends in with the workday.</p>
<p data-start="938" data-end="982">The tools feel familiar. That’s the problem.</p>
<p data-start="984" data-end="1282">When something feels routine, it’s easy to forget how much risk it carries. Especially when the systems involved are handling patient data. Most teams aren’t doing anything malicious—they’re just moving fast, solving problems, and trying to get through the day. That’s exactly when mistakes happen.</p>
<p data-start="1284" data-end="1447">An acceptable use policy helps with that. Not by scaring people, but by drawing clear lines around what’s appropriate, what’s not, and what should trigger a pause.</p>
<h2 data-start="1454" data-end="1490">Where Most People Slip Up: Email</h2>
<p data-start="1492" data-end="1685">Email feels harmless. It’s the go-to for appointment reminders, referral requests, lab results, and staff communication. But it’s also one of the easiest places for <a href="https://www.hhs.gov/hipaa/for-professionals/privacy/index.html" target="_blank" rel="noopener">patient information to leak</a>.</p>
<p data-start="1687" data-end="1701">Some examples:</p>
<ul data-start="1702" data-end="1876">
<li data-start="1702" data-end="1752">
<p data-start="1704" data-end="1752">Sending the wrong attachment to the right person</p>
</li>
<li data-start="1753" data-end="1791">
<p data-start="1755" data-end="1791">Forgetting to BCC on a group message</p>
</li>
<li data-start="1792" data-end="1876">
<p data-start="1794" data-end="1876">Forwarding a sensitive message to a personal inbox so it’s easier to print at home</p>
</li>
</ul>
<p data-start="1878" data-end="1957">None of these actions start with bad intentions. But they create real exposure.</p>
<p data-start="1959" data-end="2228">A policy needs to call that out, plainly. Staff should know when it’s okay to send PHI over email, and when it’s not. If encryption isn’t automatic, that needs to be clear too. Some offices go further and restrict emailing PHI altogether unless a secure system is used.</p>
<p data-start="2230" data-end="2309">Make sure people understand the rules before a mistake forces the conversation.</p>
<h2 data-start="2316" data-end="2342">AI Use Is Growing Fast</h2>
<p data-start="2344" data-end="2521">There’s no shortage of tools that promise to speed things up. From grammar checkers built into browsers to full-blown AI assistants, people are using them. Often without asking.</p>
<p data-start="2523" data-end="2677">And here’s the thing: many of these platforms collect and store the input they’re given. That includes copy-pasted notes, emails, and yes—patient details.</p>
<p data-start="2679" data-end="2872">If an employee pastes a progress note into an AI tool to rewrite it “more clearly,” that data leaves your system. You don’t get it back. There’s no agreement in place, no guarantee of security.</p>
<p data-start="2874" data-end="3147">This isn’t about banning technology altogether. Some AI tools are safe to use for general writing help. But the line needs to be clear: don’t feed these systems sensitive information, ever. The policy should say so in plain terms. No fine print, no room for interpretation.</p>
<h2 data-start="3154" data-end="3203">Personal Devices and Apps: Another Blind Spot</h2>
<p data-start="3205" data-end="3487">Most people don’t think twice about checking work email on their phone. Or jotting a reminder in their Notes app. Maybe they message a coworker a patient name to coordinate care. All of it seems efficient—until something gets lost, copied, or accidentally sent to the wrong contact.</p>
<p data-start="3489" data-end="3722">If personal devices are allowed, <a href="https://www.hipaasecurenow.com/byod-policy/" target="_blank" rel="noopener">that has to come with conditions</a>. Require passcodes. Disable app syncing for certain platforms. Clarify which apps are approved and which aren’t. And make sure everyone knows where the boundaries are.</p>
<p data-start="3724" data-end="3818">Without a shared understanding, people fill in the blanks themselves. That’s where risk lives.</p>
<h2 data-start="3825" data-end="3874">The Policy Only Works If People Understand It</h2>
<p data-start="3876" data-end="4019">A 12-page acceptable use document full of legalese won’t help your team avoid trouble. Nobody reads it. And if they do, they won’t remember it.</p>
<p data-start="4021" data-end="4270">Keep it short. Use plain language. Give real examples of what’s allowed and what’s not. Review it regularly, not just during onboarding. Post the top five takeaways where people will actually see them—break rooms, log-in screens, onboarding packets.</p>
<p data-start="4272" data-end="4387">Training helps too. Not a video once a year, but small, repeatable reminders tied to the tools people actually use.</p>
<h2 data-start="4394" data-end="4427">Before You Rework Your Policy</h2>
<p data-start="4429" data-end="4577">If any of this feels familiar, that’s probably a good thing. It means you’re noticing where gaps exist—and that’s the first step toward fixing them.</p>
<p data-start="4579" data-end="4811">HIPAA Secure Now offers real-world training and policy templates that make acceptable use more than just a document. We help healthcare teams apply these rules to the tools they use every day, like email, Microsoft 365, and even AI.</p>
<p data-start="4813" data-end="4907">Want to build a policy that actually sticks? <a class="" href="http://hipaasecurenow.com/sales-support/" target="_blank" rel="noopener" data-start="4858" data-end="4872">Reach out</a>. We’ll help you get it done right.</p>
<p>The post <a href="https://www.hipaasecurenow.com/what-is-acceptable-use-in-a-medical-office/">What Is Acceptable Use in a Medical Office?</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Most Healthcare Leaders See the Promise of GenAI—Only 36% Feel Ready</title>
		<link>https://www.hipaasecurenow.com/gen-ai-2025-survey/</link>
		
		<dc:creator><![CDATA[Art Gross]]></dc:creator>
		<pubDate>Mon, 07 Jul 2025 16:02:26 +0000</pubDate>
				<category><![CDATA[Healthcare Industry]]></category>
		<category><![CDATA[Security Training]]></category>
		<guid isPermaLink="false">https://www.hipaasecurenow.com/?p=19533</guid>

					<description><![CDATA[<p>If you run or support a small healthcare organization, you’re probably used to doing more with less. You manage compliance, care, billing, and tech—often without a big team or deep pockets. So when you hear terms like “Generative AI training,” it might feel out of reach. But the 2025 Wolters Kluwer Future Ready Healthcare Survey [&#8230;]</p>
<p>The post <a href="https://www.hipaasecurenow.com/gen-ai-2025-survey/">Most Healthcare Leaders See the Promise of GenAI—Only 36% Feel Ready</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p data-start="552" data-end="814"><img loading="lazy" decoding="async" class="alignnone size-full wp-image-19535" src="https://www.hipaasecurenow.com/wp-content/uploads/2025/07/HSN-Blog-Covers-37.png" alt="" width="1200" height="400" srcset="https://www.hipaasecurenow.com/wp-content/uploads/2025/07/HSN-Blog-Covers-37.png 1200w, https://www.hipaasecurenow.com/wp-content/uploads/2025/07/HSN-Blog-Covers-37-300x100.png 300w, https://www.hipaasecurenow.com/wp-content/uploads/2025/07/HSN-Blog-Covers-37-1024x341.png 1024w, https://www.hipaasecurenow.com/wp-content/uploads/2025/07/HSN-Blog-Covers-37-768x256.png 768w" sizes="auto, (max-width: 1200px) 100vw, 1200px" /></p>
<p data-start="552" data-end="814">If you run or support a small healthcare organization, you’re probably used to doing more with less. You manage compliance, care, billing, and tech—often without a big team or deep pockets. So when you hear terms like “Generative AI training,” it might feel out of reach.</p>
<p data-start="816" data-end="890">But the<a href="https://www.wolterskluwer.com/en/know/future-ready-healthcare" target="_blank" rel="noopener"> 2025 Wolters Kluwer Future Ready Healthcare Survey</a> says otherwise.</p>
<p data-start="892" data-end="1004">Most healthcare leaders aren’t ahead of the curve—they’re still trying to figure it out. According to the study:</p>
<ul data-start="1006" data-end="1239">
<li data-start="1006" data-end="1060">
<p data-start="1008" data-end="1060"><strong data-start="1008" data-end="1015">80%</strong> say optimizing workflows is a top priority</p>
</li>
<li data-start="1061" data-end="1105">
<p data-start="1063" data-end="1105"><strong data-start="1063" data-end="1070">76%</strong> want to reduce clinician burnout</p>
</li>
<li data-start="1106" data-end="1179">
<p data-start="1108" data-end="1179">Only <strong data-start="1113" data-end="1120">36%</strong> feel truly prepared to use GenAI to solve those problems</p>
</li>
<li data-start="1180" data-end="1239">
<p data-start="1182" data-end="1239">And just <strong data-start="1191" data-end="1198">18%</strong> have policies in place to guide AI use</p>
</li>
</ul>
<p data-start="1241" data-end="1337">That gap between goals and action? It’s where risk lives and opportunity begins.</p>
<h2 data-start="1344" data-end="1391">When GenAI Shows Up Quietly, So Do the Risks</h2>
<p data-start="1393" data-end="1650">Here’s what’s happening in most healthcare environments right now: someone on the team uses ChatGPT to rewrite patient instructions. A front desk staffer asks it to draft a policy update. A manager tries out an AI-based transcription tool for meeting notes.</p>
<p data-start="1652" data-end="1779">They’re not doing anything wrong—they’re just trying to move faster. But without training or guardrails, things get risky fast:</p>
<ul data-start="1781" data-end="1942">
<li data-start="1781" data-end="1813">
<p data-start="1783" data-end="1813"><strong data-start="1783" data-end="1811">PHI slips into a chatbot</strong></p>
</li>
<li data-start="1814" data-end="1871">
<p data-start="1816" data-end="1871"><strong data-start="1816" data-end="1869">Sensitive notes end up stored on external servers</strong></p>
</li>
<li data-start="1872" data-end="1942">
<p data-start="1874" data-end="1942"><strong data-start="1874" data-end="1942">AI-generated content gets mistaken for accurate medical guidance</strong></p>
</li>
</ul>
<p data-start="1944" data-end="2068">These aren’t theoretical risks. They’re happening now. And in healthcare, even small mistakes can have serious consequences.</p>
<h2 data-start="2075" data-end="2139">The Survey’s Real Takeaway? No One Has This Fully Figured Out</h2>
<p data-start="2141" data-end="2377">The most surprising part of the Wolters Kluwer survey isn’t that AI is rising. It’s that even major health systems aren’t fully prepared. Less than 1 in 5 organizations have formal GenAI policies. Fewer than 1 in 4 offer staff training.</p>
<p data-start="2379" data-end="2514">That means smaller practices and business associates have a real chance to lead—not by doing more, but by doing the right things first.</p>
<h2 data-start="2521" data-end="2557">What That Could Look Like for You</h2>
<p data-start="2559" data-end="2636">Let’s keep it simple. Here’s what “taking the lead” might mean for your team:</p>
<ul data-start="2638" data-end="3040">
<li data-start="2638" data-end="2746">
<p data-start="2640" data-end="2746">Start by <strong data-start="2649" data-end="2692">talking about where AI already shows up</strong>—in Microsoft 365, in browser tools, in EHR plug-ins</p>
</li>
<li data-start="2747" data-end="2852">
<p data-start="2749" data-end="2852">Create a basic <strong data-start="2764" data-end="2789">acceptable use policy</strong> to help staff understand what’s safe to share and what’s not</p>
</li>
<li data-start="2853" data-end="2936">
<p data-start="2855" data-end="2936">Offer short, <strong data-start="2868" data-end="2896">practical GenAI training</strong> that explains risks in plain language</p>
</li>
<li data-start="2937" data-end="3040">
<p data-start="2939" data-end="3040">Review tools you’re already using to see if any of them now include AI features you didn’t plan for</p>
</li>
</ul>
<p data-start="3042" data-end="3161">You don’t need a full-time AI officer. You need awareness, clarity, and some shared language to keep your team aligned.</p>
<h2 data-start="3168" data-end="3216">Moving Slowly Isn’t the Same as Moving Safely</h2>
<p data-start="3218" data-end="3381">A lot of healthcare leaders are taking the “wait and see” approach. That’s understandable. But it won’t stop your staff—or your vendors—from adopting GenAI anyway.</p>
<p data-start="3383" data-end="3630">The Wolters Kluwer survey makes this clear: the pressure to adopt AI is already here. But most organizations aren’t matching that pressure with preparation. That’s where risk starts to grow—quietly, in day-to-day tools, far from the IT department.</p>
<p data-start="3632" data-end="3730">The solution isn’t to rush. It’s to educate. A little clarity now can prevent a lot of mess later.</p>
<h2 data-start="2516" data-end="2553">Want a Simple Way to Move Forward?</h2>
<p data-start="2555" data-end="2725">At HIPAA Secure Now, we’ve helped healthcare organizations build strong foundations around security, compliance, and training for years. Now we’re doing the same with AI.</p>
<p data-start="2727" data-end="2836">Our <strong data-start="2731" data-end="2757">Generative AI Training</strong> is built specifically for covered entities and business associates. It covers:</p>
<ul data-start="2838" data-end="3054">
<li data-start="2838" data-end="2875">
<p data-start="2840" data-end="2875">What GenAI is (and what it’s not)</p>
</li>
<li data-start="2876" data-end="2933">
<p data-start="2878" data-end="2933">How to use it safely in a HIPAA-regulated environment</p>
</li>
<li data-start="2934" data-end="2991">
<p data-start="2936" data-end="2991">The right way to talk about it with staff and vendors</p>
</li>
<li data-start="2992" data-end="3054">
<p data-start="2994" data-end="3054">And how to introduce it without overcomplicating the process</p>
</li>
</ul>
<p data-start="3056" data-end="3159">It’s short, practical, and designed to help you stay in control of where GenAI shows up next.</p>
<p data-start="3161" data-end="3240"><strong data-start="3161" data-end="3240">→ Want to start the conversation inside your organization? <a class="" href="https://www.hipaasecurenow.com/sales-support/" target="_blank" rel="noopener" data-start="3222" data-end="3238">Let’s talk.</a></strong></p>
<p>The post <a href="https://www.hipaasecurenow.com/gen-ai-2025-survey/">Most Healthcare Leaders See the Promise of GenAI—Only 36% Feel Ready</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>How to Use Microsoft 365 Securely in a Shared Office Environment</title>
		<link>https://www.hipaasecurenow.com/microsoft365-shared-office-environment/</link>
		
		<dc:creator><![CDATA[Art Gross]]></dc:creator>
		<pubDate>Mon, 23 Jun 2025 19:19:04 +0000</pubDate>
				<category><![CDATA[Healthcare Industry]]></category>
		<category><![CDATA[Policies and Procedures]]></category>
		<category><![CDATA[Remote Workforce]]></category>
		<guid isPermaLink="false">https://www.hipaasecurenow.com/?p=19527</guid>

					<description><![CDATA[<p>Shared office spaces are common in healthcare. Practices rent suites in the same building. Some share front desks, printers, and even Wi-Fi. It’s convenient—but it comes with risk. Microsoft 365 makes it easy to access email, files, calendars, and patient documents from anywhere. That’s part of the appeal. But in a shared environment, the same [&#8230;]</p>
<p>The post <a href="https://www.hipaasecurenow.com/microsoft365-shared-office-environment/">How to Use Microsoft 365 Securely in a Shared Office Environment</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p data-start="352" data-end="532"><img loading="lazy" decoding="async" class="alignnone size-full wp-image-19529" src="https://www.hipaasecurenow.com/wp-content/uploads/2025/06/HSN-Blog-Covers-35.png" alt="How to Use Microsoft 365 Securely in a Shared Office Environment" width="1200" height="400" srcset="https://www.hipaasecurenow.com/wp-content/uploads/2025/06/HSN-Blog-Covers-35.png 1200w, https://www.hipaasecurenow.com/wp-content/uploads/2025/06/HSN-Blog-Covers-35-300x100.png 300w, https://www.hipaasecurenow.com/wp-content/uploads/2025/06/HSN-Blog-Covers-35-1024x341.png 1024w, https://www.hipaasecurenow.com/wp-content/uploads/2025/06/HSN-Blog-Covers-35-768x256.png 768w" sizes="auto, (max-width: 1200px) 100vw, 1200px" /></p>
<p data-start="352" data-end="532">Shared office spaces are common in healthcare. Practices rent suites in the same building. Some share front desks, printers, and even Wi-Fi. It’s convenient—but it comes with risk.</p>
<p data-start="534" data-end="761"><a href="https://www.microsoft.com/en-us/microsoft-365/business/?msockid=229ae68f8b8e6750214af2678a9c66b4" target="_blank" rel="noopener">Microsoft 365</a> makes it easy to access email, files, calendars, and patient documents from anywhere. That’s part of the appeal. But in a shared environment, the same tools that simplify your work can also create vulnerabilities.</p>
<p data-start="763" data-end="873">The good news? You don’t need to overhaul your tech stack. You just need to use what you already have wisely.</p>
<h2 data-start="880" data-end="922">Use the Right Version of Microsoft 365</h2>
<p data-start="924" data-end="1063">Not all plans are built the same. Some are designed for home use. Others come with tools that help meet healthcare compliance requirements.</p>
<p data-start="1065" data-end="1316">Choose a version like Microsoft 365 Business Premium or Enterprise. These include features that protect data and help you stay in control. Think audit logs, device security, and built-in encryption. Without them, you&#8217;re operating without a safety net.</p>
<h2 data-start="1323" data-end="1362">Turn On Multi-Factor Authentication</h2>
<p data-start="1364" data-end="1453"><a href="https://www.hipaasecurenow.com/mastering-the-basics-password-security-faqs/" target="_blank" rel="noopener">Passwords</a> are often weak. People reuse them. They write them on sticky notes. It happens.</p>
<p data-start="1455" data-end="1626">Multi-factor authentication (MFA) adds a second layer. Even if someone gets a password, they can’t log in without the second step—usually a code sent to a phone or an app.</p>
<p data-start="1628" data-end="1769">In a shared space, this matters more than ever. Devices get left open. People come and go. MFA helps make sure only the right person gets in.</p>
<h2 data-start="1776" data-end="1808">Assign Access Based on Roles</h2>
<p data-start="1810" data-end="2028">Not every user needs access to every part of the system. Role-based access controls allow you to assign permissions according to job function. This helps minimize internal risks and keeps your data more secure overall.</p>
<p data-start="2030" data-end="2219">Microsoft 365 groups and SharePoint settings let you segment access to files, email, and calendars. If someone doesn’t need access to a type of data to do their job, they shouldn’t have it.</p>
<h2 data-start="2226" data-end="2268">Secure the Devices People Actually Use</h2>
<p data-start="2270" data-end="2352">Staff use laptops. They check messages on phones. Some access calendars from home.</p>
<p data-start="2354" data-end="2566">With Microsoft Intune or other <a href="https://www.hipaasecurenow.com/best-practices-for-mdm/" target="_blank" rel="noopener">mobile device management</a> tools, you can create basic protections. You can block copy-paste between apps. You can require a screen lock. If a phone is lost, you can wipe it remotely.</p>
<p data-start="2568" data-end="2637">None of this takes much time to set up—but it makes a big difference.</p>
<h2 data-start="2644" data-end="2689">Use Data Loss Prevention to Stop Mistakes</h2>
<p data-start="2691" data-end="2779">It’s easy to send the wrong email. Or upload a document to a personal drive by accident.</p>
<p data-start="2781" data-end="3026">Microsoft 365 has a feature called Data Loss Prevention (DLP). It flags risky actions before they happen. For example, if someone tries to send a spreadsheet with patient info to an outside email address, DLP can alert them—or block it entirely.</p>
<p data-start="3028" data-end="3081">You set the rules. Microsoft 365 does the monitoring.</p>
<h2 data-start="3088" data-end="3132">Watch What’s Happening in the Background</h2>
<p data-start="3134" data-end="3270">Audit logs show who accessed what and when. You can see if a file was edited, shared, or downloaded. You can check for strange sign-ins.</p>
<p data-start="3272" data-end="3385">If you’re ever audited—or just want peace of mind—these logs help you understand how people are using the system.</p>
<p data-start="3387" data-end="3511">They don’t take much effort to review. Once you get used to them, they become a normal part of running a secure environment.</p>
<h2 data-start="3518" data-end="3554">Teach the Basics Again and Again</h2>
<p data-start="3556" data-end="3591">Technology helps. So does training.</p>
<p data-start="3593" data-end="3792">Remind staff to log out of shared computers. Teach them not to leave printouts on the copier. Show them how to spot phishing emails. These aren’t one-time lessons. They’re habits that form over time.</p>
<p data-start="3794" data-end="3914">The most secure teams aren’t the ones with the fanciest software. They’re the ones that know how to use the basics well.</p>
<h2 data-start="3921" data-end="3948">A Quick Note on Support</h2>
<p data-start="3950" data-end="4219">If setting this all up feels overwhelming, that’s okay. You don’t have to do it alone. HIPAA Secure Now provides training, policy templates, and risk assessments built for healthcare. We help teams use tools like Microsoft 365 safely—without adding more to their plate.</p>
<p data-start="4221" data-end="4313">If you want to train your team to use Microsoft 365 more efficiently and securely, we’d love to help. <a class="" href="http://hipaasecurenow.com/sales-support/" target="_blank" rel="noopener" data-start="334" data-end="349">Contact us</a> to learn how we make compliance practical and <em>people-first.</em></p>
<p>The post <a href="https://www.hipaasecurenow.com/microsoft365-shared-office-environment/">How to Use Microsoft 365 Securely in a Shared Office Environment</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Why Your HIPAA Policies Shouldn’t Live in a Drawer</title>
		<link>https://www.hipaasecurenow.com/dynamic-hipaa-policies/</link>
		
		<dc:creator><![CDATA[Art Gross]]></dc:creator>
		<pubDate>Thu, 05 Jun 2025 18:19:50 +0000</pubDate>
				<category><![CDATA[Policies and Procedures]]></category>
		<category><![CDATA[Risk Assessment]]></category>
		<category><![CDATA[Security]]></category>
		<guid isPermaLink="false">https://www.hipaasecurenow.com/?p=19522</guid>

					<description><![CDATA[<p>Many healthcare providers treat HIPAA policies like fire extinguishers: necessary, but rarely revisited unless there’s an emergency. The problem is that static policies don’t reduce real-world risk. If they aren’t updated, understood, and actively used, they’re just paper—no matter how well written. HIPAA policies only work when they’re built into daily operations. That means customizing [&#8230;]</p>
<p>The post <a href="https://www.hipaasecurenow.com/dynamic-hipaa-policies/">Why Your HIPAA Policies Shouldn’t Live in a Drawer</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p data-start="421" data-end="721"><img loading="lazy" decoding="async" class="alignnone size-full wp-image-19523" src="https://www.hipaasecurenow.com/wp-content/uploads/2025/06/HSN-Blog-Covers-31.png" alt="Why Your HIPAA Policies Shouldn't Live in a Drawer Dynamic Policies" width="1200" height="400" srcset="https://www.hipaasecurenow.com/wp-content/uploads/2025/06/HSN-Blog-Covers-31.png 1200w, https://www.hipaasecurenow.com/wp-content/uploads/2025/06/HSN-Blog-Covers-31-300x100.png 300w, https://www.hipaasecurenow.com/wp-content/uploads/2025/06/HSN-Blog-Covers-31-1024x341.png 1024w, https://www.hipaasecurenow.com/wp-content/uploads/2025/06/HSN-Blog-Covers-31-768x256.png 768w" sizes="auto, (max-width: 1200px) 100vw, 1200px" /></p>
<p data-start="421" data-end="721">Many healthcare providers treat HIPAA policies like fire extinguishers: necessary, but rarely revisited unless there’s an emergency. The problem is that static policies don’t reduce real-world risk. If they aren’t updated, understood, and actively used, they’re just paper—no matter how well written.</p>
<p data-start="723" data-end="916"><strong data-start="723" data-end="793"><a href="https://www.hhs.gov/hipaa/for-professionals/index.html" target="_blank" rel="noopener">HIPAA policies</a> only work when they’re built into daily operations.</strong> That means customizing them to your systems, reviewing them consistently, and reinforcing them through practical training.</p>
<h2 data-start="918" data-end="961">Dormant Policies Create Compliance Gaps</h2>
<p data-start="963" data-end="1107">When an OCR investigation begins, regulators ask two questions. First, are HIPAA policies in place? Second, are they being followed in practice?</p>
<p data-start="1109" data-end="1244">Without consistent implementation, even the best policy documents won’t protect your organization. Enforcement cases frequently reveal:</p>
<ul data-start="1245" data-end="1501">
<li data-start="1245" data-end="1310">
<p data-start="1247" data-end="1310">Language that doesn’t reflect current technology or workflows</p>
</li>
<li data-start="1311" data-end="1373">
<p data-start="1313" data-end="1373">Missing instructions for breach response or access control</p>
</li>
<li data-start="1374" data-end="1441">
<p data-start="1376" data-end="1441">Team members unfamiliar with the steps outlined in key policies</p>
</li>
<li data-start="1442" data-end="1501">
<p data-start="1444" data-end="1501">Long gaps between policy creation and meaningful review</p>
</li>
</ul>
<p data-start="1503" data-end="1693">In several recent cases, providers produced written policies but couldn’t show any evidence of use or training. That gap often shifts outcomes from corrective guidance to costly enforcement.</p>
<h2 data-start="1695" data-end="1744">Make HIPAA Policies Operational, Not Optional</h2>
<p data-start="1746" data-end="1968">To avoid that outcome, <a href="https://www.hipaasecurenow.com/comprehensive-incident-response-planning/" target="_blank" rel="noopener">HIPAA policies must go beyond documentation</a>. They should be reflected in behavior, supported by systems, and routinely updated. Consider the following four strategies to make your policies effective:</p>
<h3 data-start="1970" data-end="2016">1. <strong data-start="1978" data-end="2016">Customize for Real Tools and Teams</strong></h3>
<p data-start="2017" data-end="2291">First, make sure policies align with the actual tools and processes used in your practice. For example, if your team uses tablets at check-in or sends appointment reminders through Microsoft 365, those workflows should be addressed in your access and communication policies.</p>
<p data-start="2293" data-end="2414">Describing what is allowed—and how protections are implemented—helps ensure policies are both actionable and enforceable.</p>
<h3 data-start="2416" data-end="2462">2. <strong data-start="2424" data-end="2462">Review Annually, Track All Changes</strong></h3>
<p data-start="2463" data-end="2666">Next, treat policy reviews as a regular business process. Once a year, assign a team or individual to review each document and make updates based on regulatory changes, system updates, or team structure.</p>
<p data-start="2668" data-end="2838">Document every revision with a log of what changed and why. This transparency shows regulators that your HIPAA policies are actively maintained and not ignored over time.</p>
<h3 data-start="2840" data-end="2895">3. <strong data-start="2848" data-end="2895">Connect Policies to Training and Procedures</strong></h3>
<p data-start="2896" data-end="3106">Third, link each policy to the procedures staff follow. When someone learns how to report a suspected breach or securely email a patient document, that training should stem directly from your documented policy.</p>
<p data-start="3108" data-end="3325">This approach not only reinforces retention but also improves clarity. When policies flow into clear procedures, and those procedures are part of employee training, your team can act with confidence—even under stress.</p>
<h3 data-start="3327" data-end="3390">4. <strong data-start="3335" data-end="3390">Update for New Threats—and Use the SRA to Find Them</strong></h3>
<p data-start="3391" data-end="3621">Finally, be proactive about emerging risks. AI tools, mobile devices, and remote access are changing how healthcare teams work. If your HIPAA policies haven’t evolved to reflect these realities, there’s a gap that needs attention.</p>
<p data-start="3623" data-end="3954">Your <a href="https://www.hipaasecurenow.com/risk-assessment-guide/" target="_blank" rel="noopener"><strong data-start="3628" data-end="3662">Security Risk Assessment (SRA)</strong></a> plays a key role here. A thorough SRA can reveal weaknesses in your current processes—like unsecured data storage, third-party application use, or lack of audit logging. Use those findings to guide updates to your policies, ensuring they match both your infrastructure and your risk profile.</p>
<h2 data-start="3956" data-end="3989">Editable Doesn’t Mean Passive</h2>
<p data-start="3991" data-end="4205">At HIPAA Secure Now, we offer <strong data-start="4021" data-end="4054">fully editable HIPAA policies</strong>, but we go further. Our guided risk analysis, employee training, and support help turn those policies into tools your team can use—day in and day out.</p>
<p data-start="4207" data-end="4369"><strong data-start="4207" data-end="4271">A policy that lives in a drawer can’t protect your practice.</strong> One that’s reviewed, customized, and applied across departments can make a measurable difference.</p>
<p data-start="4371" data-end="4496"><a class="" href="http://hipaasecurenow.com/sales-support/" rel="noopener" data-start="4374" data-end="4496">See how our HIPAA policy templates, training, and risk assessments work together to keep your organization compliant.</a></p>
<p>The post <a href="https://www.hipaasecurenow.com/dynamic-hipaa-policies/">Why Your HIPAA Policies Shouldn’t Live in a Drawer</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Is Your Staff Prompting AI Safely? What You Need to Know Now</title>
		<link>https://www.hipaasecurenow.com/prompting-ai-safely/</link>
		
		<dc:creator><![CDATA[Art Gross]]></dc:creator>
		<pubDate>Fri, 23 May 2025 15:56:32 +0000</pubDate>
				<category><![CDATA[Healthcare Industry]]></category>
		<category><![CDATA[HIPAA]]></category>
		<category><![CDATA[Security]]></category>
		<category><![CDATA[Security Training]]></category>
		<guid isPermaLink="false">https://www.hipaasecurenow.com/?p=19517</guid>

					<description><![CDATA[<p>AI tools like ChatGPT and Microsoft Copilot are finding their way into healthcare workflows—from drafting internal memos to summarizing meeting notes. While these tools offer convenience, they also introduce new compliance risks, particularly when staff members use them without structured guidance. The danger isn’t malicious misuse. It’s casual, well-intentioned tasks that quietly edge past HIPAA [&#8230;]</p>
<p>The post <a href="https://www.hipaasecurenow.com/prompting-ai-safely/">Is Your Staff Prompting AI Safely? What You Need to Know Now</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p data-start="351" data-end="650"><img loading="lazy" decoding="async" class="alignnone wp-image-19519 size-full" src="https://www.hipaasecurenow.com/wp-content/uploads/2025/05/HSN-Blog-Covers-30.png" alt="Is Your Staff Prompting AI Safely? What You Need to Know Now" width="1200" height="400" srcset="https://www.hipaasecurenow.com/wp-content/uploads/2025/05/HSN-Blog-Covers-30.png 1200w, https://www.hipaasecurenow.com/wp-content/uploads/2025/05/HSN-Blog-Covers-30-300x100.png 300w, https://www.hipaasecurenow.com/wp-content/uploads/2025/05/HSN-Blog-Covers-30-1024x341.png 1024w, https://www.hipaasecurenow.com/wp-content/uploads/2025/05/HSN-Blog-Covers-30-768x256.png 768w" sizes="auto, (max-width: 1200px) 100vw, 1200px" /></p>
<p data-start="351" data-end="650">AI tools like ChatGPT and Microsoft Copilot are finding their way into healthcare workflows—from drafting internal memos to summarizing meeting notes. While these tools offer convenience, they also introduce new compliance risks, particularly when staff members use them without structured guidance.</p>
<p data-start="652" data-end="763">The danger isn’t malicious misuse. It’s casual, well-intentioned tasks that quietly edge past <a href="https://www.hhs.gov/hipaa/for-professionals/index.html" target="_blank" rel="noopener">HIPAA</a> boundaries.</p>
<h2 data-start="765" data-end="800"><strong>Prompts Are the New Policy Risk</strong></h2>
<p data-start="802" data-end="843">Imagine a staff member asking an AI tool:</p>
<p data-start="802" data-end="843"><em data-start="847" data-end="999">“Summarize this intake form to identify follow-up questions. The patient noted past treatment for Lyme disease, chronic fatigue, and allergies to penicillin.”</em></p>
<p data-start="1001" data-end="1033"><strong>No names. No dates. Still risky.</strong></p>
<p data-start="1035" data-end="1300">Why? Because AI tools—unless configured specifically for healthcare with a <a href="https://www.hipaasecurenow.com/working-with-business-associates/" target="_blank" rel="noopener">Business Associate Agreement (BAA)</a>—may log that information or send it to third-party servers. Even de-identified text can pose a HIPAA risk if re-identification is possible based on context.</p>
<p data-start="1302" data-end="1413">And if that same employee uploads the actual form for summarization? You’ve crossed the line entirely.</p>
<h2 data-start="1415" data-end="1456"><strong>Practical Guidelines for Prompting AI Safely</strong></h2>
<p data-start="1458" data-end="1557">To reduce your compliance exposure, consider training staff with these specific, realistic tactics:</p>
<h3 data-start="1559" data-end="1604">1. Always Assume AI Tools Log Inputs</h3>
<p data-start="1605" data-end="1761">Unless you’re using a platform under a signed BAA, treat every prompt as public. Even enterprise tools like Copilot must be configured correctly before use.</p>
<p data-start="1605" data-end="1761"><img src="https://s.w.org/images/core/emoji/17.0.2/72x72/2705.png" alt="✅" class="wp-smiley" style="height: 1em; max-height: 1em;" /> Tip: Set internal defaults to “no uploads” and restrict AI use to templated tasks—not patient-specific queries.</p>
<h3 data-start="1880" data-end="1930">2. Use Synthetic or Coded Data in Prompts</h3>
<p data-start="1931" data-end="1998">Need to draft a policy update or procedure template? Use mock data.</p>
<p data-start="1931" data-end="1998"><img src="https://s.w.org/images/core/emoji/17.0.2/72x72/2705.png" alt="✅" class="wp-smiley" style="height: 1em; max-height: 1em;" /> Instead of: “Write a letter to a patient who missed their 3-month diabetes checkup”</p>
<p data-start="2002" data-end="2221">Try: “Write a template reminder for recurring chronic care appointments (e.g., diabetes) with flexible date and tone options.”</p>
<h3 data-start="2223" data-end="2273">3. Limit Tasks to Non-Sensitive Use Cases</h3>
<p data-start="2274" data-end="2426">AI is great for brainstorming, rewording standard copy, or summarizing industry news—not analyzing clinical notes or interpreting patient documentation.</p>
<p data-start="2274" data-end="2426"><img src="https://s.w.org/images/core/emoji/17.0.2/72x72/2705.png" alt="✅" class="wp-smiley" style="height: 1em; max-height: 1em;" /><strong> Safe use cases:</strong></p>
<ul data-start="2448" data-end="2590">
<li data-start="2448" data-end="2488">
<p data-start="2450" data-end="2488">Drafting generic FAQs for your website</p>
</li>
<li data-start="2489" data-end="2521">
<p data-start="2491" data-end="2521">Summarizing HIPAA rule changes</p>
</li>
<li data-start="2522" data-end="2590">
<p data-start="2524" data-end="2590">Rewriting patient onboarding instructions (after manual redaction)</p>
</li>
</ul>
<h3 data-start="2592" data-end="2631"><strong>4. Document Your AI Acceptable Use Policy</strong></h3>
<p data-start="2632" data-end="2758">Verbal direction isn’t enough. Create a short, clear policy on when, how, and why AI can be used—then make training mandatory.</p>
<p data-start="2632" data-end="2758"><img src="https://s.w.org/images/core/emoji/17.0.2/72x72/2705.png" alt="✅" class="wp-smiley" style="height: 1em; max-height: 1em;" /><strong> Include:</strong></p>
<ul data-start="2773" data-end="2868">
<li data-start="2773" data-end="2789">
<p data-start="2775" data-end="2789">Approved tools</p>
</li>
<li data-start="2790" data-end="2815">
<p data-start="2792" data-end="2815">Prohibited prompt types</p>
</li>
<li data-start="2816" data-end="2840">
<p data-start="2818" data-end="2840">Consequences of misuse</p>
</li>
<li data-start="2841" data-end="2868">
<p data-start="2843" data-end="2868">Review cycles for updates</p>
</li>
</ul>
<h3 data-start="2870" data-end="2915">5. Keep Training Active, Not Passive</h3>
<p data-start="2916" data-end="3027">Annual compliance refreshers won’t cover this. Staff need short, practical refreshers tied to actual workflows.</p>
<p data-start="2916" data-end="3027"><img src="https://s.w.org/images/core/emoji/17.0.2/72x72/2705.png" alt="✅" class="wp-smiley" style="height: 1em; max-height: 1em;" /> Tip: Use “prompt audits” quarterly to spot common missteps. Think of it like a phishing simulation—but for AI.</p>
<h2 data-start="3145" data-end="3195"><strong>The Role of AI Training in Compliance Strategy</strong></h2>
<p data-start="3197" data-end="3446">Smart policies don’t mean much if staff aren&#8217;t equipped to apply them. AI tools evolve fast, and so does the regulatory landscape. Without targeted AI training, even experienced team members can make assumptions that lead to serious compliance gaps.</p>
<p data-start="3448" data-end="3704">At <strong data-start="3451" data-end="3471">HIPAA Secure Now</strong>, our <strong>AI Awareness Suite </strong>was built s<span data-teams="true">pecifically configured for healthcare and covered under a Business Associate Agreement</span>—combining technical know-how with practical restraint. From prompt safety basics to acceptable use frameworks, it’s designed to scale across roles and risk levels.</p>
<p data-start="3706" data-end="3800"><strong data-start="3706" data-end="3800">Don’t wait for OCR guidance to catch up. Train your staff now and use AI with confidence.</strong></p>
<p data-start="3802" data-end="3915"><a class="" href="https://www.hipaasecurenow.com/sales-support/" target="_blank" rel="noopener" data-start="3805" data-end="3843">Explore our AI training solutions</a> to protect your practice from accidental exposure—one prompt at a time.</p>
<p>The post <a href="https://www.hipaasecurenow.com/prompting-ai-safely/">Is Your Staff Prompting AI Safely? What You Need to Know Now</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>One Click, $600K Lost: The HIPAA Lesson You Can&#8217;t Ignore</title>
		<link>https://www.hipaasecurenow.com/pih-health-hipaa-breach/</link>
		
		<dc:creator><![CDATA[Art Gross]]></dc:creator>
		<pubDate>Wed, 07 May 2025 20:16:35 +0000</pubDate>
				<category><![CDATA[HIPAA Audits]]></category>
		<category><![CDATA[HIPAA Violations]]></category>
		<category><![CDATA[Legal]]></category>
		<category><![CDATA[Security]]></category>
		<guid isPermaLink="false">https://www.hipaasecurenow.com/?p=19513</guid>

					<description><![CDATA[<p>A recent HIPAA breach serves as a wake-up call for all businesses handling protected health information (PHI)—especially small and midsize organizations. On April 23, 2025 the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a $600,000 settlement with PIH Health, Inc., a California-based healthcare network. The reason? A phishing [&#8230;]</p>
<p>The post <a href="https://www.hipaasecurenow.com/pih-health-hipaa-breach/">One Click, $600K Lost: The HIPAA Lesson You Can&#8217;t Ignore</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p data-start="301" data-end="753"><img loading="lazy" decoding="async" class="alignnone size-full wp-image-19514" src="https://www.hipaasecurenow.com/wp-content/uploads/2025/05/HSN-Blog-Covers-29.png" alt="" width="1200" height="400" srcset="https://www.hipaasecurenow.com/wp-content/uploads/2025/05/HSN-Blog-Covers-29.png 1200w, https://www.hipaasecurenow.com/wp-content/uploads/2025/05/HSN-Blog-Covers-29-300x100.png 300w, https://www.hipaasecurenow.com/wp-content/uploads/2025/05/HSN-Blog-Covers-29-1024x341.png 1024w, https://www.hipaasecurenow.com/wp-content/uploads/2025/05/HSN-Blog-Covers-29-768x256.png 768w" sizes="auto, (max-width: 1200px) 100vw, 1200px" /></p>
<p class="" data-start="301" data-end="753"><strong data-start="301" data-end="470">A recent HIPAA breach serves as a wake-up call for all businesses handling protected health information (PHI)—especially small and midsize organizations.</strong> On April 23, 2025 the <a href="https://www.hhs.gov/hipaa/for-professionals/index.html" target="_blank" rel="noopener">U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR)</a> announced a $600,000 settlement with PIH Health, Inc., a California-based healthcare network. The reason? A phishing attack that compromised nearly 190,000 patients’ sensitive data.</p>
<p class="" data-start="755" data-end="1008">This case underscores a key truth: <strong data-start="790" data-end="853">cyber threats like phishing are no longer “if,” but “when.”</strong> And HIPAA-regulated entities that fail to proactively strengthen their cybersecurity posture face serious financial, legal, and reputational consequences.</p>
<h2 class="" data-start="1015" data-end="1055">The PIH Health HIPAA Breach: What Happened?</h2>
<p class="" data-start="1057" data-end="1180">In June 2019, a phishing email led to the compromise of 45 PIH employees&#8217; email accounts. The exposed information included:</p>
<ul data-start="1182" data-end="1346">
<li class="" data-start="1182" data-end="1205">
<p class="" data-start="1184" data-end="1205">Names and addresses</p>
</li>
<li class="" data-start="1206" data-end="1252">
<p class="" data-start="1208" data-end="1252">Dates of birth and Social Security numbers</p>
</li>
<li class="" data-start="1253" data-end="1304">
<p class="" data-start="1255" data-end="1304">Medical diagnoses, medications, and lab results</p>
</li>
<li class="" data-start="1305" data-end="1346">
<p class="" data-start="1307" data-end="1346">Financial and insurance claim details</p>
</li>
</ul>
<p class="" data-start="1348" data-end="1565">Despite discovering the breach in early 2020, OCR found PIH had delayed notifying affected individuals, HHS, and the media—an explicit violation of HIPAA’s <strong data-start="1504" data-end="1532">Breach Notification Rule</strong>. Additional violations included:</p>
<ul data-start="1567" data-end="1778">
<li class="" data-start="1567" data-end="1644">
<p class="" data-start="1569" data-end="1644"><a href="https://www.hipaasecurenow.com/risk-assessment-guide/" target="_blank" rel="noopener"><strong data-start="1569" data-end="1616">Failure to conduct a thorough risk analysis</strong> </a>of their ePHI environment</p>
</li>
<li class="" data-start="1645" data-end="1707">
<p class="" data-start="1647" data-end="1707"><strong data-start="1647" data-end="1672">Inadequate safeguards</strong> against unauthorized disclosures</p>
</li>
<li class="" data-start="1708" data-end="1778">
<p class="" data-start="1710" data-end="1778"><strong data-start="1710" data-end="1755">Lack of timely response and communication</strong> following the breach</p>
</li>
</ul>
<h2 class="" data-start="1785" data-end="1844">Why This Matters for Small and Midsize Businesses (SMBs)</h2>
<p class="" data-start="1846" data-end="2059">You may think breaches like this only happen to large hospital networks. But in reality, <strong data-start="1935" data-end="1961">SMBs are prime targets</strong>—often lacking the budget or in-house expertise to implement comprehensive cybersecurity measures.</p>
<p class="" data-start="2061" data-end="2297">Whether you’re a small clinic, dental office, or a business associate (like an IT provider or billing service), HIPAA holds you accountable. A single compromised account could mean massive liability if proper safeguards aren’t in place.</p>
<h2 class="" data-start="2304" data-end="2346">HIPAA Requirements You Shouldn&#8217;t Ignore</h2>
<p class="" data-start="2348" data-end="2469">OCR’s corrective action plan for PIH is a playbook every HIPAA-regulated business should study. Key requirements include:</p>
<ol data-start="2471" data-end="3075">
<li class="" data-start="2471" data-end="2579">
<p class="" data-start="2474" data-end="2579"><strong data-start="2474" data-end="2491">Risk Analysis</strong> – Know where your ePHI lives and identify security vulnerabilities across your systems.</p>
</li>
<li class="" data-start="2580" data-end="2693">
<p class="" data-start="2583" data-end="2693"><strong data-start="2583" data-end="2607">Risk Management Plan</strong> – Act on the findings of your risk analysis with clear, documented security measures.</p>
</li>
<li class="" data-start="2694" data-end="2792">
<p class="" data-start="2697" data-end="2792"><strong data-start="2697" data-end="2729">Policy and Procedure Updates</strong> – Ensure written HIPAA policies are current and comprehensive.</p>
</li>
<li class="" data-start="2793" data-end="2911">
<p class="" data-start="2796" data-end="2911"><strong data-start="2796" data-end="2826">Ongoing Workforce Training</strong> – Deliver job-specific, frequent HIPAA training to all employees with access to PHI.</p>
</li>
<li class="" data-start="2912" data-end="3000">
<p class="" data-start="2915" data-end="3000"><strong data-start="2915" data-end="2933">Audit Controls</strong> – Monitor system access and usage to detect unauthorized behavior.</p>
</li>
<li class="" data-start="3001" data-end="3075">
<p class="" data-start="3004" data-end="3075"><strong data-start="3004" data-end="3018">Encryption</strong> – Protect ePHI in transit and at rest whenever feasible.</p>
</li>
</ol>
<h2 class="" data-start="3082" data-end="3106">Action Steps for SMBs</h2>
<p class="" data-start="3108" data-end="3160">Want to stay off OCR’s radar? Here’s where to start:</p>
<ul data-start="3162" data-end="3494">
<li class="" data-start="3162" data-end="3247">
<p class="" data-start="3164" data-end="3247">Map out the flow of ePHI in your organization—from intake forms to billing systems.</p>
</li>
<li class="" data-start="3248" data-end="3318">
<p class="" data-start="3250" data-end="3318">Regularly review your access controls. Who really needs to see what?</p>
</li>
<li class="" data-start="3319" data-end="3406">
<p class="" data-start="3321" data-end="3406">Implement multi-factor authentication and phishing simulations to test your defenses.</p>
</li>
<li class="" data-start="3407" data-end="3494">
<p class="" data-start="3409" data-end="3494">Partner with a HIPAA compliance expert who understands the unique challenges of SMBs.</p>
</li>
</ul>
<h2 class="" data-start="3501" data-end="3518">Final Thoughts</h2>
<p class="" data-start="3520" data-end="3790">OCR Acting Director Anthony Archeval put it best: <em data-start="3570" data-end="3790">“HIPAA-regulated entities need to be proactive and remedy the deficiencies in their HIPAA compliance programs before those deficiencies result in the impermissible disclosure of patients’ protected health information.”</em></p>
<p class="" data-start="3792" data-end="3830">That’s not just advice—it’s a warning.</p>
<p class="" data-start="3837" data-end="4070"><strong data-start="3837" data-end="4068">At HIPAA Secure Now, we help SMBs like yours take the guesswork out of HIPAA compliance. From risk assessments to phishing simulations and employee training, we’ve got your back—so you can focus on your patients, not penalties.</strong></p>
<p class="" data-start="4072" data-end="4161"> <a class="" href="https://www.hipaasecurenow.com/sales-support/" target="_blank" rel="noopener" data-start="4075" data-end="4161">Learn more about our affordable compliance solutions today!</a></p>
<p>The post <a href="https://www.hipaasecurenow.com/pih-health-hipaa-breach/">One Click, $600K Lost: The HIPAA Lesson You Can&#8217;t Ignore</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>HIPAA Enforcement: What Every Healthcare Practice Needs to Know</title>
		<link>https://www.hipaasecurenow.com/hipaa-enforcement/</link>
		
		<dc:creator><![CDATA[Art Gross]]></dc:creator>
		<pubDate>Mon, 21 Apr 2025 14:35:51 +0000</pubDate>
				<category><![CDATA[HIPAA]]></category>
		<category><![CDATA[HIPAA Audits]]></category>
		<category><![CDATA[HIPAA Violations]]></category>
		<category><![CDATA[Security Reminders]]></category>
		<guid isPermaLink="false">https://www.hipaasecurenow.com/?p=19508</guid>

					<description><![CDATA[<p>HIPAA enforcement isn&#8217;t just about avoiding fines—it&#8217;s about protecting patient trust and sustaining your business. For small and midsize healthcare organizations, understanding how the enforcement process works—and how recent audit trends affect you—is essential for staying secure and compliant. In this post, we’ll demystify the HIPAA enforcement process, highlight the recent rise in random audits, [&#8230;]</p>
<p>The post <a href="https://www.hipaasecurenow.com/hipaa-enforcement/">HIPAA Enforcement: What Every Healthcare Practice Needs to Know</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></description>
										<content:encoded><![CDATA[<p data-start="446" data-end="748"><img loading="lazy" decoding="async" class="alignnone size-full wp-image-19509" src="https://www.hipaasecurenow.com/wp-content/uploads/2025/04/HSN-Blog-Covers-28.png" alt="HIPAA Enforcement: What every healthcare practice needs to know" width="1200" height="400" srcset="https://www.hipaasecurenow.com/wp-content/uploads/2025/04/HSN-Blog-Covers-28.png 1200w, https://www.hipaasecurenow.com/wp-content/uploads/2025/04/HSN-Blog-Covers-28-300x100.png 300w, https://www.hipaasecurenow.com/wp-content/uploads/2025/04/HSN-Blog-Covers-28-1024x341.png 1024w, https://www.hipaasecurenow.com/wp-content/uploads/2025/04/HSN-Blog-Covers-28-768x256.png 768w" sizes="auto, (max-width: 1200px) 100vw, 1200px" /></p>
<p class="" data-start="446" data-end="748"><strong data-start="446" data-end="467">HIPAA enforcement</strong> isn&#8217;t just about avoiding fines—it&#8217;s about protecting patient trust and sustaining your business. For small and midsize healthcare organizations, understanding how the enforcement process works—and how recent audit trends affect you—is essential for staying secure and compliant.</p>
<p class="" data-start="750" data-end="929">In this post, we’ll demystify the <a href="https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/enforcement-process/index.html" target="_blank" rel="noopener">HIPAA enforcement process</a>, highlight the recent rise in random audits, and explain how you can safeguard your practice before OCR comes knocking.</p>
<h2 class="" data-start="936" data-end="981">The OCR’s HIPAA Enforcement: How It Starts</h2>
<p class="" data-start="983" data-end="1126">The Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules through a range of activities, including:</p>
<ul data-start="1128" data-end="1357">
<li class="" data-start="1128" data-end="1202">
<p class="" data-start="1130" data-end="1202"><strong data-start="1130" data-end="1158">Investigating complaints</strong> filed by patients, employees, or the public</p>
</li>
<li class="" data-start="1203" data-end="1286">
<p class="" data-start="1205" data-end="1286"><strong data-start="1205" data-end="1233">Reviewing breach reports</strong> submitted by covered entities or business associates</p>
</li>
<li class="" data-start="1287" data-end="1357">
<p class="" data-start="1289" data-end="1357"><strong data-start="1289" data-end="1322">Initiating compliance reviews</strong> triggered by patterns or red flags</p>
</li>
</ul>
<p class="" data-start="1359" data-end="1488">Each of these can lead to an official enforcement action—especially if there’s evidence of widespread or negligent noncompliance.</p>
<h2 class="" data-start="1495" data-end="1553">Random HIPAA Audits Are Back—and They&#8217;re Targeting SRAs</h2>
<p class="" data-start="1555" data-end="1760">In 2024, HHS revived its <a href="https://www.hipaasecurenow.com/2025-hipaa-security-updates/" target="_blank" rel="noopener"><strong data-start="1580" data-end="1610">random HIPAA audit program</strong></a>, with a sharp focus on the <strong data-start="1638" data-end="1661">HIPAA Security Rule</strong> and whether healthcare organizations are properly conducting <strong data-start="1723" data-end="1759">Security Risk Assessments (SRAs)</strong>.</p>
<p class="" data-start="1762" data-end="1945">These audits are not triggered by complaints or breaches—they are <strong data-start="1828" data-end="1849">randomly assigned</strong> and have already impacted small practices, clinics, and business associates across the country.</p>
<p class="" data-start="1947" data-end="2228">If selected, your organization will be asked to provide documentation of your last SRA, security measures, and evidence of ongoing compliance. Practices without up-to-date assessments or documented mitigation efforts face a higher risk of fines or required corrective action plans.</p>
<h2 class="" data-start="2235" data-end="2280">What Happens During a HIPAA Investigation?</h2>
<p class="" data-start="2282" data-end="2342">Here’s what you can expect if OCR opens an enforcement case:</p>
<h3 class="" data-start="2344" data-end="2369">1. <strong data-start="2351" data-end="2369">Initial Intake</strong></h3>
<p class="" data-start="2370" data-end="2456">OCR evaluates whether the issue falls under HIPAA and decides whether to move forward.</p>
<h3 class="" data-start="2458" data-end="2489">2. <strong data-start="2465" data-end="2489">Formal Investigation</strong></h3>
<p class="" data-start="2490" data-end="2619">You’ll be asked for detailed information on your compliance posture, including policies, training records, and security controls.</p>
<h3 class="" data-start="2621" data-end="2651">3. <strong data-start="2628" data-end="2651">Resolution Outcomes</strong></h3>
<ul data-start="2652" data-end="2988">
<li class="" data-start="2652" data-end="2703">
<p class="" data-start="2654" data-end="2703"><strong data-start="2654" data-end="2671">No Violation:</strong> Case closed, no further action.</p>
</li>
<li class="" data-start="2704" data-end="2766">
<p class="" data-start="2706" data-end="2766"><strong data-start="2706" data-end="2731">Voluntary Compliance:</strong> You correct the issues informally.</p>
</li>
<li class="" data-start="2767" data-end="2857">
<p class="" data-start="2769" data-end="2857"><strong data-start="2769" data-end="2802">Corrective Action Plan (CAP):</strong> You enter into a monitored plan with strict deadlines.</p>
</li>
<li class="" data-start="2858" data-end="2988">
<p class="" data-start="2860" data-end="2988"><strong data-start="2860" data-end="2893">Civil Money Penalties (CMPs):</strong> If violations are severe or unaddressed, you may face steep fines—up to $68,928 per violation.</p>
</li>
</ul>
<h2 class="" data-start="2995" data-end="3040">Why Small Healthcare Practices Are at Risk</h2>
<p class="" data-start="3042" data-end="3195">OCR’s enforcement actions don’t just target large hospital systems. In fact, <strong data-start="3119" data-end="3186">small and midsize practices are increasingly being investigated</strong> because:</p>
<ul data-start="3197" data-end="3324">
<li class="" data-start="3197" data-end="3241">
<p class="" data-start="3199" data-end="3241">They often lack dedicated compliance staff</p>
</li>
<li class="" data-start="3242" data-end="3267">
<p class="" data-start="3244" data-end="3267">They delay or skip SRAs</p>
</li>
<li class="" data-start="3268" data-end="3324">
<p class="" data-start="3270" data-end="3324">They fail to keep training or documentation up to date</p>
</li>
</ul>
<p class="" data-start="3326" data-end="3493">One solo practitioner was fined over $100,000 for not completing a proper risk analysis. Another was penalized after disposing of patient records in a public dumpster.</p>
<p class="" data-start="3495" data-end="3538"><strong data-start="3495" data-end="3538">No practice is too small to be audited.</strong></p>
<h2 class="" data-start="3545" data-end="3593">How to Protect Your Business from HIPAA Fines</h2>
<p class="" data-start="3595" data-end="3659">Proactive compliance is the best defense. Here&#8217;s how to prepare:</p>
<ul data-start="3661" data-end="3966">
<li class="" data-start="3661" data-end="3718">
<p class="" data-start="3663" data-end="3718"><img src="https://s.w.org/images/core/emoji/17.0.2/72x72/2705.png" alt="✅" class="wp-smiley" style="height: 1em; max-height: 1em;" /> <strong data-start="3665" data-end="3716">Conduct annual Security Risk Assessments (SRAs)</strong></p>
</li>
<li class="" data-start="3719" data-end="3789">
<p class="" data-start="3721" data-end="3789"><img src="https://s.w.org/images/core/emoji/17.0.2/72x72/2705.png" alt="✅" class="wp-smiley" style="height: 1em; max-height: 1em;" /> <strong data-start="3723" data-end="3787">Implement administrative, physical, and technical safeguards</strong></p>
</li>
<li class="" data-start="3790" data-end="3852">
<p class="" data-start="3792" data-end="3852"><img src="https://s.w.org/images/core/emoji/17.0.2/72x72/2705.png" alt="✅" class="wp-smiley" style="height: 1em; max-height: 1em;" /> <strong data-start="3794" data-end="3850">Train employees on HIPAA policies and phishing risks</strong></p>
</li>
<li class="" data-start="3853" data-end="3903">
<p class="" data-start="3855" data-end="3903"><img src="https://s.w.org/images/core/emoji/17.0.2/72x72/2705.png" alt="✅" class="wp-smiley" style="height: 1em; max-height: 1em;" /> <strong data-start="3857" data-end="3901">Keep compliance documentation up to date</strong></p>
</li>
<li class="" data-start="3904" data-end="3966">
<p class="" data-start="3906" data-end="3966"><img src="https://s.w.org/images/core/emoji/17.0.2/72x72/2705.png" alt="✅" class="wp-smiley" style="height: 1em; max-height: 1em;" /> <strong data-start="3908" data-end="3966">Develop a breach response and incident management plan</strong></p>
</li>
</ul>
<p class="" data-start="3968" data-end="4093">These steps ensure you respond confidently if you’re selected for an audit or investigation.</p>
<h2 class="" data-start="4100" data-end="4158">Partner with HIPAA Secure Now: Your SMB Compliance Ally</h2>
<p class="" data-start="4160" data-end="4252">Navigating HIPAA enforcement and random audits is complex—but you don’t have to go it alone.</p>
<p class="" data-start="4254" data-end="4371"><a href="https://www.hipaasecurenow.com/sales-support/" target="_blank" rel="noopener"><strong data-start="4254" data-end="4274">HIPAA Secure Now</strong></a> offers clear, simple compliance solutions for small to midsize healthcare businesses, including:</p>
<ul data-start="4373" data-end="4586">
<li class="" data-start="4373" data-end="4440">
<p class="" data-start="4375" data-end="4440">Security Risk Assessments (with documentation ready for audits)</p>
</li>
<li class="" data-start="4441" data-end="4492">
<p class="" data-start="4443" data-end="4492">Comprehensive HIPAA training for your workforce</p>
</li>
<li class="" data-start="4493" data-end="4524">
<p class="" data-start="4495" data-end="4524">Automated policy management</p>
</li>
<li class="" data-start="4525" data-end="4552">
<p class="" data-start="4527" data-end="4552">Breach response support</p>
</li>
<li class="" data-start="4553" data-end="4586">
<p class="" data-start="4555" data-end="4586">Ongoing compliance monitoring</p>
</li>
</ul>
<p class="" data-start="4588" data-end="4683">We’ve helped thousands of providers stay compliant, pass audits, and protect their reputations.</p>
<p class="" data-start="4690" data-end="4876"><strong data-start="4690" data-end="4734">Don’t let an audit be your wake-up call.</strong></p>
<p class="" data-start="4690" data-end="4876"><a href="https://www.hipaasecurenow.com/sales-support/" target="_blank" rel="noopener">Contact HIPAA Secure Now today</a> to safeguard your practice from costly HIPAA enforcement actions.</p>
<p>The post <a href="https://www.hipaasecurenow.com/hipaa-enforcement/">HIPAA Enforcement: What Every Healthcare Practice Needs to Know</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></content:encoded>
					
		
		
			</item>
		<item>
		<title>Simplifying HIPAA for Small Practices</title>
		<link>https://www.hipaasecurenow.com/hipaa-for-small-practices/</link>
		
		<dc:creator><![CDATA[Art Gross]]></dc:creator>
		<pubDate>Mon, 07 Apr 2025 17:55:34 +0000</pubDate>
				<category><![CDATA[Healthcare Industry]]></category>
		<category><![CDATA[HIPAA]]></category>
		<guid isPermaLink="false">https://www.hipaasecurenow.com/?p=19503</guid>

					<description><![CDATA[<p>Simplifying HIPAA for Small Practices For many small and mid-sized healthcare providers, HIPAA compliance can feel like navigating a maze—complex policies, technical jargon, and the looming threat of fines. If you’ve ever thought, “We’re too small for this,” or “I’m not even sure where to begin,” you’re not alone. But here’s a perspective shift: Compliance [&#8230;]</p>
<p>The post <a href="https://www.hipaasecurenow.com/hipaa-for-small-practices/">Simplifying HIPAA for Small Practices</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></description>
										<content:encoded><![CDATA[<h1 data-start="519" data-end="800"><img loading="lazy" decoding="async" class="alignnone size-full wp-image-19505" src="https://www.hipaasecurenow.com/wp-content/uploads/2025/04/HSN-Blog-Covers-27.png" alt="Simplifying HIPAA Compliance for Small Practices" width="1200" height="400" srcset="https://www.hipaasecurenow.com/wp-content/uploads/2025/04/HSN-Blog-Covers-27.png 1200w, https://www.hipaasecurenow.com/wp-content/uploads/2025/04/HSN-Blog-Covers-27-300x100.png 300w, https://www.hipaasecurenow.com/wp-content/uploads/2025/04/HSN-Blog-Covers-27-1024x341.png 1024w, https://www.hipaasecurenow.com/wp-content/uploads/2025/04/HSN-Blog-Covers-27-768x256.png 768w" sizes="auto, (max-width: 1200px) 100vw, 1200px" /></h1>
<h1 data-start="519" data-end="800"><strong>Simplifying HIPAA for Small Practices</strong></h1>
<p class="" data-start="519" data-end="800">For many small and mid-sized healthcare providers, HIPAA compliance can feel like navigating a maze—complex policies, technical jargon, and the looming threat of fines. If you’ve ever thought, “We’re too small for this,” or “I’m not even sure where to begin,” you’re not alone.</p>
<p class="" data-start="802" data-end="979">But here’s a perspective shift: Compliance isn’t just about avoiding penalties—it&#8217;s about empowering your team to protect what matters most: your patients and your business.</p>
<p class="" data-start="981" data-end="1135">When your staff understands their role in compliance and has the tools to succeed, HIPAA becomes less intimidating and more manageable. Let’s explore how to simplify HIPAA for small practices.</p>
<h2 data-start="270" data-end="318"><strong>1. Make Training Engaging—Not Exhausting</strong></h2>
<p class="" data-start="320" data-end="521">Let’s face it: most compliance training is dry, dense, and easy to forget. But when training is <em data-start="416" data-end="447">entertaining and story-driven</em>, it becomes something your team actually pays attention to—and remembers.</p>
<p class="" data-start="523" data-end="755">That’s why <a href="https://www.hipaasecurenow.com/training-reduces-errors/" target="_blank" rel="noopener">narrative-based learning is so effective</a>. Rather than handing staff a checklist of “don’ts,” it immerses them in real-world situations, characters, and decisions. It feels more like a short film or episode than a lecture.</p>
<p class="" data-start="757" data-end="920">This style of “info-tainment” works especially well for small healthcare teams that don’t have hours to spare but still need to retain critical security behaviors.</p>
<p class="" data-start="922" data-end="975"><strong data-start="922" data-end="937">Instead of:</strong> Long, text-heavy courses</p>
<p class="" data-start="922" data-end="975"><strong data-start="965" data-end="973">Try:</strong></p>
<ul data-start="976" data-end="1156">
<li class="" data-start="976" data-end="1028">
<p class="" data-start="978" data-end="1028">Short, high-impact videos with a clear storyline</p>
</li>
<li class="" data-start="1029" data-end="1091">
<p class="" data-start="1031" data-end="1091">Relatable characters who model both good and bad decisions</p>
</li>
<li class="" data-start="1092" data-end="1156">
<p class="" data-start="1094" data-end="1156">Suspense and humor to reinforce key concepts in memorable ways</p>
</li>
</ul>
<p><strong>Check out our 2025 HIPAA training trailer below:</strong></p>
<div style="width: 1140px;" class="wp-video"><video class="wp-video-shortcode" id="video-19503-1" width="1140" height="641" preload="metadata" controls="controls"><source type="video/mp4" src="https://www.hipaasecurenow.com/wp-content/uploads/2024/11/HIPAA-Adventures-Trailer.mp4?_=1" /><a href="https://www.hipaasecurenow.com/wp-content/uploads/2024/11/HIPAA-Adventures-Trailer.mp4">https://www.hipaasecurenow.com/wp-content/uploads/2024/11/HIPAA-Adventures-Trailer.mp4</a></video></div>
<h2 data-start="2101" data-end="2163"></h2>
<h2 data-start="2101" data-end="2163"><strong>2. Create a Culture Where Compliance Is Everyone’s Job</strong></h2>
<p class="" data-start="2165" data-end="2380">In small practices, it’s common for one person—often the office manager or physician—to become the “compliance person.” But HIPAA compliance shouldn’t live with just one individual. It should be a team-wide mindset.</p>
<p class="" data-start="2382" data-end="2418">Make compliance visible and routine:</p>
<ul data-start="2419" data-end="2686">
<li class="" data-start="2419" data-end="2494">
<p class="" data-start="2421" data-end="2494">Use team huddles to briefly touch on recent security reminders or updates</p>
</li>
<li class="" data-start="2495" data-end="2611">
<p class="" data-start="2497" data-end="2611">Assign each staff member a “privacy point of focus” for the week (like checking that all patient files are locked)</p>
</li>
<li class="" data-start="2612" data-end="2686">
<p class="" data-start="2614" data-end="2686">Encourage staff to ask questions or <a href="https://www.hhs.gov/hipaa/for-professionals/breach-notification/breach-reporting/index.html" target="_blank" rel="noopener">report potential issues</a> without fear</p>
</li>
</ul>
<h2><strong>3. Implement Tools That Remove Guesswork</strong></h2>
<p class="" data-start="2945" data-end="3039">Technology can be a powerful ally—but only when it supports your workflow, not complicates it.</p>
<p class="" data-start="3041" data-end="3061">Look for tools that:</p>
<ul data-start="3062" data-end="3318">
<li class="" data-start="3062" data-end="3125">
<p class="" data-start="3064" data-end="3125">Provide automatic reminders for HIPAA training renewals</p>
</li>
<li class="" data-start="3126" data-end="3180">
<p class="" data-start="3128" data-end="3180">Include risk assessments and document tracking</p>
</li>
<li class="" data-start="3181" data-end="3259">
<p class="" data-start="3183" data-end="3259">Integrate with platforms you already use (like Microsoft Teams or Outlook)</p>
</li>
<li class="" data-start="3260" data-end="3318">
<p class="" data-start="3262" data-end="3318">Help employees report incidents quickly and securely</p>
</li>
</ul>
<h2><strong>4.</strong> <strong data-start="3604" data-end="3649">Recognize and Reward Compliance Champions</strong></h2>
<p class="" data-start="3651" data-end="3799">Most people want to do the right thing. Recognizing staff who model good security habits builds morale and reinforces a positive compliance culture.</p>
<p class="" data-start="3801" data-end="3814">Ideas to try:</p>
<ul data-start="3815" data-end="4115">
<li class="" data-start="3815" data-end="3902">
<p class="" data-start="3817" data-end="3902">Acknowledge team members during meetings for noticing and correcting risky situations</p>
</li>
<li class="" data-start="3903" data-end="3979">
<p class="" data-start="3905" data-end="3979">Include HIPAA best practices in your employee reviews or development goals</p>
</li>
<li class="" data-start="3980" data-end="4115">
<p class="" data-start="3982" data-end="4115">Host quarterly “compliance challenges” with small prizes (like spotting a phishing email or properly handling a walkaway workstation)</p>
</li>
</ul>
<h2 data-start="4335" data-end="4381"><strong>5.</strong> <strong data-start="4342" data-end="4381">Break It Down Into Manageable Steps</strong></h2>
<p class="" data-start="4383" data-end="4495">Trying to overhaul your entire compliance program at once can be paralyzing. Instead, tackle one area at a time.</p>
<p class="" data-start="4497" data-end="4519">Use a phased approach:</p>
<ul data-start="4520" data-end="4842">
<li class="" data-start="4520" data-end="4586">
<p class="" data-start="4522" data-end="4586"><strong data-start="4522" data-end="4533">Week 1:</strong> Review and update your Notice of Privacy Practices</p>
</li>
<li class="" data-start="4587" data-end="4721">
<p class="" data-start="4589" data-end="4721"><strong data-start="4589" data-end="4600">Week 2:</strong> Conduct a walkthrough to assess physical safeguards (locked file cabinets, screens facing away from public view, etc.)</p>
</li>
<li class="" data-start="4722" data-end="4791">
<p class="" data-start="4724" data-end="4791"><strong data-start="4724" data-end="4735">Week 3:</strong> Audit user access levels for EHR and billing software</p>
</li>
<li class="" data-start="4792" data-end="4842">
<p class="" data-start="4794" data-end="4842"><strong data-start="4794" data-end="4805">Week 4:</strong> Complete <a href="https://www.hipaasecurenow.com/risk-assessment-guide/" target="_blank" rel="noopener">Security Risk Assessment (SRA)</a></p>
</li>
</ul>
<p class="" data-start="4844" data-end="4903">This structure makes HIPAA feel actionable, not impossible.</p>
<h2 data-start="4910" data-end="4973"><strong>Empowered Teams Make Compliance Sustainable</strong></h2>
<p class="" data-start="240" data-end="448">HIPAA compliance may be required by law—but for your small healthcare practice, it’s also a powerful opportunity. It’s a chance to strengthen your team, safeguard your patients, and build trust in your brand.</p>
<p class="" data-start="450" data-end="619">When you empower employees with the knowledge, tools, and confidence to do the right thing, compliance becomes less about stress—and more about sustainable, secure care.</p>
<p class="" data-start="621" data-end="858">If you’re wondering where to start, or how to make HIPAA feel more manageable for your team, we’re here to help. Our solutions are designed with small practices in mind—simple, effective, and built to fit into your existing workflow.</p>
<p class="" data-start="860" data-end="1023"><a href="http://hipaasecurenow.com/sales-support/" target="_blank" rel="noopener">Contact our team</a> to learn more about how we can support your practice with training, tools, and guidance tailored to your needs. Let’s simplify HIPAA together.</p>
<p>The post <a href="https://www.hipaasecurenow.com/hipaa-for-small-practices/">Simplifying HIPAA for Small Practices</a> appeared first on <a href="https://www.hipaasecurenow.com">HIPAA Secure Now!</a>.</p>
]]></content:encoded>
					
		
		<enclosure url="https://www.hipaasecurenow.com/wp-content/uploads/2024/11/HIPAA-Adventures-Trailer.mp4" length="82211793" type="video/mp4" />

			</item>
	</channel>
</rss>
