HIPAA Compliance
8 Arrested in Southern California Hospice Fraud Takedown — $50 Million in Losses Highlight the Real Cost of Healthcare Non-Compliance
Eight defendants — including nurses, a chiropractor, and a psychologist — were arrested in Southern California for a $50 million Medicare hospice fraud scheme. Here’s what it means for legitimate healthcare organizations and the compliance infrastructure they need.
Read MoreWhat Your Business Associate Agreement Doesn’t Cover — And Should
If your organization handles protected health information and uses cloud storage, a signed Business Associate Agreement is a legal requirement — not a differentiator. What determines whether your PHI is actually protected is everything that comes after the signature. Many covered entities treat the BAA as the end of their due diligence on a cloud…
Read MoreIs Your Cloud Storage Actually HIPAA Compliant? 5 Things Healthcare Organizations Get Wrong
When a healthcare organization says their cloud storage is “HIPAA compliant,” what does that actually mean? The phrase gets thrown around constantly in vendor marketing, but HIPAA compliance isn’t a certification you earn once and carry forever. It’s an ongoing operational and contractual commitment — and a surprising number of covered entities and their business…
Read MoreConcentra Inc. Pays $112,500 to Settle HIPAA Right of Access Violations
HHS Office for Civil Rights announced a $112,500 settlement with Concentra, Inc., a national occupational health services company, to resolve potential violations of the HIPAA Right of Access Rule. OCR’s Right of Access Initiative, launched in 2019, continues to hold covered entities accountable for failing to provide patients timely and affordable access to their own…
Read MoreGulf Coast Pain Consultants Hit with $1.1 Million HIPAA Civil Monetary Penalty
HHS Office for Civil Rights imposed a $1.1 million civil monetary penalty (CMP) against Gulf Coast Pain Consultants, a Florida-based pain management practice, for widespread failures to comply with the HIPAA Security Rule. OCR’s investigation found that Gulf Coast Pain Consultants had not implemented the foundational administrative, physical, and technical safeguards required to protect electronic…
Read MoreFive HIPAA Compliance Tips for Small-Medium Sized Businesses
Maintaining round-the-clock HIPAA compliance is a constant challenge for healthcare providers and other HIPAA covered entities. For small and medium-sized organizations, the challenge of HIPAA compliance can be particularly difficult due to a lack of skilled personnel, resources, and budget. To make matters worse, just over a year ago, the OCR announced an initiative to…
Read MoreMedical Records from OB/GYN Found Dumped At Recycling Center After Anonymous Tip
Paper files containing names, Social Security numbers, and medical histories, including details of cancer diagnoses and sexually transmitted diseases, have been dumped at a recycling center in Allentown, Pennsylvania. The files appear to have come from Women’s Health Consultants, an obstetrics and gynecology practice that had centers in South Whitehall Township and Hanover Township, PA.…
Read MoreOver $1 Billion in Damages Sought in Lawsuit Against 60 Hospitals for HITECH Act Violations
A recently unsealed complaint, filed in a U.S. District Court in Indiana in 2016, seeks more than $1 billion in damages from 60 hospitals that received HITECH Act meaningful use incentive payments for transitioning to electronic health records, yet failed to meet the requirements of the HITECH Act with respect to providing patients, and their…
Read MoreHIPAA Compliance for Human Resource Departments
Businesses not directly involved in the healthcare or healthcare insurance industries should none-the-less pay close attention to HIPAA compliance for HR departments. It has been estimated a third of all workers and their dependents who receive occupation healthcare benefits do so through a self-insured group health plan. Although this does not mean a self-insuring business…
Read MoreCareless handling of HIV information jeopardizes patient’s privacy, costs hospital $387k
St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) has paid the U.S. Department of Health and Human Services (HHS) $387,200 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and agreed to implement a comprehensive corrective action plan. St. Luke’s operates the Institute for Advanced Medicine, formerly Spencer…
Read More