ABYDE FOR FLORIDA CHAPTER OF THE AMERICAN ACADEMY OF PEDIATRICS MEMBERS

It's time for stress-free compliance.

Request a demo
  • EASIEST SOFTWARE YOU’LL EVER USE

    And if we’re being honest, easy is an understatement. All companies say it, but we are so confident in the simplicity of our software that we will prove it.

  • ‘HANDS OFF’ APPROACH

    We automate it all – from notifications about training to policy generation. Can you imagine not having to set your own reminders?! Go ahead, focus on your patients – we will ping you with the important stuff.

  • CUSTOMER SUCCESS TEAM LIKE NO OTHER

    We will meet you where you are – whether that’s by phone, chat, or email. It’s tough stuff in the tech space, but our customers love us as much as we love them.

  • STATE BY STATE, LAW BY LAW

    No matter what state your practice is in, our solution is for you — from sea to shining sea. We know our stuff and dedicate ourselves to staying on top of the latest state and federal changes so you don’t have to.

  • MORE THAN JUST SOFTWARE

    With us, you get more than policies and software. We offer Master Classes, newsletters, and more to keep you up to date. At the end of the day, we are proud to lead with education.

"The toughest part of HIPAA is complying with the rules. Abyde’s step by step system removes the complexity and therefore the worry of complying with the rules. Plus, Abyde reminds me to stay up to date, keeping me in continual compliance!"
Dr. Robert Bass
"The ease of the Risk Assessment is definitely my favorite. Abyde is very good at keeping us on track. The training programs are great as well."
Brenda Anderson
"I love how Abyde continually sends notifications to update information so we can stay current with all compliance issues. Above all, you will not find a more economical choice that provides all of the resources needed for compliance in your medical practice."
Amy Rogers

LATEST COMPLIANCE NEWS

Top of the World Ranch Treatment Center HIPAA Settlement

2026 HIPAA Compliance Alert: $103,000 Settlement for Risk Analysis Failure

February 23, 2026   The Office for Civil Rights (OCR) is back with a massive settlement to start 2026.  A rehab center in Illinois, Top of the World Ranch Treatment Center (TWRTC), recently agreed to a $103,000 and 2-year Corrective Action Plan (CAP) settlement following a security breach that exposed major security vulnerabilities. This settlement is also the 11th enforcement of the Risk Analysis Initiative.  The Top of the World Ranch Treatment Center HIPAA settlement was announced just days after the OCR officially enacted the Part 2 changes to the Notice of Privacy Practices. As of Feb 16, all Covered Entities, regardless of scope of practice, must update their Notices of Privacy Practices (NPP) to include special provisions regarding the handling of Substance Use Disorder (SUD) Protected Health Information (PHI).    What Happened?  In March 2023, an employee’s email account was compromised in a phishing attack, exposing fewer than 2,000 records. In the world of healthcare data breaches, where numbers often reach the millions, this was a relatively small but still severe incident. However, the OCR’s enforcement was not based on the size of the breach, but on missing paperwork. This breach report initiated an investigation that led the OCR to find the SUD facility had failed to complete a compliant Security Risk Analysis (SRA). The SRA is the foundation of a HIPAA-compliant practice and an extensive assessment of the potential vulnerabilities your practice might face. The SRA reviews the administrative, physical, and technical safeguards your practice must have in place.  Since TWRTC hadn’t completed this proactive assessment, they missed the specific vulnerabilities in their technical defenses that eventually allowed a phishing email to succeed.   The Bottom Line The Top of the World Ranch Treatment Center HIPAA settlement proves that the OCR doesn’t punish based on how ‘big’ a mistake is, but for a lack of preparation. Breaches happen, but your team’s readiness and response are what determine whether you face an enforcement action. You might think your practice is too small to be a target, but this settlement shows that if you have a breach, no matter the size, the first thing the OCR will ask for is your SRA. If you don’t have it, the legal repercussions could be far more painful than the breach itself. Is your SRA current for 2026? If not, meet with our team of experts today to get compliant.

Read More »
Notice of Privacy Practices Update

2026 HIPAA Deadline: How to Update Your Notice of Privacy Practices (NPP) for SUD Records (42 CFR Part 2)

February 16, 2026 The latest HIPAA change is the latest updates to the Notice of Privacy Practices (NPP).        As of February 16, 2026, the newest version of the NPP must include further information about how Substance Use Disorder (SUD) Protected Health Information (PHI) is handled and secured. While this was initially ruled under the Biden administration in 2024, the updated content has seen significant changes, including the removal of proposed legislation that would treat reproductive healthcare PHI differently. However, while some states still have additional requirements for handling reproductive care PHI, those requirements were struck down at the federal level by a court ruling in 2025. Now that the deadline is here, it’s essential to understand what these changes actually mean for your practice. What’s Actually Changing in the Document? The Final Rule requires practices to update this document for patients (posted on the website and provided in-person) by February 16, 2026. Your practice must also review whether your state has additional legislation regarding reproductive healthcare PHI. Expanded Scope for SUD Information: SUD records must now be included in the NPP for all Covered Entities, regardless of whether the practice focuses specifically on SUD treatment. Standard Disclosure Language: The notice must explicitly state how the practice discloses SUD records for Treatment, Payment, and Healthcare Operations (TPO). Legal Proceeding Protections: The NPP must state that SUD records cannot be disclosed in legal proceedings without specific written patient consent or a formal court order. Single consent for TPO: The rule does allow patients to sign one consent for all future uses/disclosures of TPO. Previously, SUD records were discussed in a separate document for patients to review. Fundraising Opt-Outs: If your practice uses SUD records for fundraising communications, the NPP must clearly provide patients with the opportunity to opt out. For example, if a rehabilitation center is seeking to raise money for a new facility, it cannot reach out to former patients who have clearly opted out. Redisclosure Warning: The notice must highlight that once PHI (including SUD records) is shared with an outside party, it may be subject to redisclosure by the recipient. In other words, once it’s shared, it’s tough to control how it is shared again by third parties. Universal Accessibility: To remain compliant, practices must ensure the NPP is accessible to all patients, which includes providing translated copies. State-Specific Requirements: Depending on your state, additional protections for reproductive health PHI may still be in place. Where do I start? First, ensure your Notice of Privacy Practices (NPP) is already specific to your practice. Your final notice must be specific, include your office address, and provide clear contact information for your Compliance or Privacy Officer. To remain compliant, this notice must also be prominently displayed on your website so patients can easily access and understand their rights. Your NPP should now include a section that addresses these SUD records directly. The federal government provides model language similar to this: When applicable, we may use or disclose 42 CFR Part 2 substance use disorder records for treatment, payment, and health care operations as permitted by law. Part 2 records will not be used or disclosed in legal or administrative proceedings against you without your specific written consent or a court order. Your NPP should now include a section that mentions fundraising as well. The federal government provides model language similar to this: If we were to use or disclose substance use disorder records protected by 42 CFR Part 2 in connection with fundraising, you have the right to opt out of receiving fundraising communications in advance, before any such communications are sent. Simplify Compliance Updating your NPP can feel like just another complicated task on an already full plate. For practices where you’re wearing many hats, finding the resources for a legal deep-dive is tough. The simplest way to handle the February 16, 2026, deadline is to lean on experts. Abyde has already done the heavy lifting, automating the necessary HIPAA and SUD record updates so you can focus on what you do best: take care of patients. Reach out to our team of experts to learn more about HIPAA updates affecting your practice. Disclaimer: This post is for informational purposes only and does not constitute legal advice. Health care privacy laws are subject to frequent change and vary by state. Consult with a qualified health care attorney or compliance officer to ensure your Notice of Privacy Practices meets all current federal and state requirements.

Read More »
Read more

READY TO BE STRESS-FREE?

schedule a demo