A failure to understand HIPAA requirements can be a very costly mistake, as CardioNet learned just a couple months ago. In April, the wireless health services provider agreed to a settlement of $2.5 million for a potential noncompliance with the HIPAA Privacy and Security Rules. (1) The violation occurred when a company laptop containing the...
Category: HIPAA Compliance
World’s Largest Cyber-Attack
Recently the world’s largest cyber-attack unleashed its havoc across 150 countries crippling more than 300,000 victims and hundreds of organizations worldwide. Hospitals, universities, government offices, and large business were among those affected, including sixteen NHS hospitals in the UK. Many of them had to cancel surgeries, appointments, and send patients elsewhere due to the fallout....
The Real Cost of a Data Breach
Healthcare data breaches are costing the U.S. healthcare industry nearly $6.2 billion each year. (2) In fact, healthcare has the highest cost per breached record of any other industry. Why? Healthcare is extremely attractive to hackers because medical records include everything they need such as: names, Social Security numbers, date of birth, credit card information,...
$5.5 Million Breach Settlement: Second Largest Fine to Date
Last month, Memorial Healthcare System (MHS) agreed to implement a comprehensive corrective action plan and pay a 5.5-million-dollar settlement for the breach of protected health information (PHI) that affected over 100,000 individuals. This is the second largest fine against a covered entity to date, sending a strong message that audit controls will be a key...
HIPAA Audits of Covered Entities and Business Associates
In August, Advocate Health Care Network agreed to pay a $5.55 million settlement with the U.S. Department of Health and Human Services Office for Civil Rights (OCR), for multiple HIPAA violations. In addition, HHS also recently announced a $650,000 resolution settlement against the Catholic Health Care Services of the Archdiocese of Philadelphia. These multi-million dollar...
The Basics on Business Associates and Contract Agreements
What is a Business Associate? Business associates are considered any third-party contractor that performs work or activities on behalf of a healthcare organization or covered entity that involve the use or disclosure of protected health information (1). A few examples may include: What are Business Associate Agreements? HIPAA and HITECH require practices to sign a...
Curiosity Has Its Cost
Back in June, the victims of the horrific Orlando shooting at Pulse Nightclub were also victims of a privacy breach when their personal health information was accessed without authorization by a few curious employees at Orlando Health Hospital. The hospital confirmed that employees have previously received HIPAA training on patient privacy. However, they are now...
HIPAA Section 1557 Language Access Requirements
Who does the rule apply to? Section 1557 is the non-discrimination provision of the Affordable Care Act (ACA) that protects individuals from discrimination in health care based on race, color, national origin, age, disability, and sex; including discrimination based on pregnancy, gender identity and sex stereotyping. The rule also protects individuals with disabilities and limited...
OCR Releases New HIPAA Guidance on Ransomware
In 2015, Ransomware cost the US Healthcare industry nearly 6 billion dollars. Even more concerning is that there has been a 300% increase in ransomware attacks in 2016, according to a recent report from the U.S. Government. Ransomware is a type of malicious software that encrypts data making it inaccessible to authorized users. After the...
A Patient’s Right to Access Medical Records
Most medical practices, healthcare organizations, and clinicians are very familiar with HIPAA rules and regulation. However, the law can be extensively complicated and is often a source of confusion and misinterpretation. According to the Office for Civil Rights (OCR), one of the most common complaints and frequently misunderstood parts of the law involves a patient’s...