HIPAA Compliance
$2.5 million settlement shows that not understanding HIPAA requirements creates risk
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced a Health Insurance Portability and Accountability Act of 1996 (HIPAA) settlement based on the impermissible disclosure of unsecured electronic protected health information (ePHI). CardioNet has agreed to settle potential noncompliance with the HIPAA Privacy and Security Rules by paying $2.5…
Read More$5.5 million HIPAA settlement shines light on the importance of audit controls
Memorial Healthcare System (MHS) has paid the U.S. Department of Health and Human Services (HHS) $5.5 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules and agreed to implement a robust corrective action plan. MHS is a nonprofit corporation which operates six hospitals, an…
Read MoreUPDATED SECURITY RISK ASSESSMENT TOOL RELEASED BY ONC
OCR prefers to settle HIPAA compliance issues through voluntary compliance and non-punitive means, although financial penalties are now becoming more commonplace. If OCR investigators uncover HIPAA violations, financial penalties may be issued. Fines of up to $1.5 million can be issued for each violation category discovered. One of the most common reasons for a financial…
Read MoreOCR Commences Phase 2 of HIPAA Compliance Audit Program
HIPAA Privacy, Security, and Breach Notification Audit Program As a part of our continued efforts to assess compliance with the HIPAA Privacy, Security and Breach Notification Rules, the HHS Office for Civil Rights (OCR) has begun its next phase of audits of covered entities and their business associates. The 2016 Phase 2 HIPAA Audit Program…
Read MoreHIPAA Compliance Still A Problem for Small Practices
While large healthcare systems have come to grips with HIPAA Rules and have implemented controls to safeguard ePHI from external and internal threats, small practices are still struggling with their compliance efforts, according to a recent survey conducted by NueMD. NueMD surveyed 900 healthcare professionals last month to gain an insight into how small healthcare organizations…
Read MoreOCR Confirms Next Round of HIPAA Compliance Audits Will Be Published in April
Office for Civil Rights deputy director of health information privacy, Deven McGraw, has provided an update on the OCR’s planned HIPAA compliance audits, saying the revised protocol for the long-awaited second round of compliance audits will be published next month. Late last year, OCR Director Jocelyn Samuels announced that the next round of audits would…
Read MoreSurvey Indicates Law Firms Are Not Complying With HIPAA Rules
The Health Insurance Portability and Accountability Act (HIPAA) covers healthcare providers, health insurers, and healthcare clearinghouses, and all covered entities are required to comply with HIPAA Privacy, Security, and Breach Notification Rules. HIPAA also applies to vendors and other companies doing business with covered entities, which are classed as HIPAA Business Associates (BAs). If a…
Read MoreTriple-S Management Corporation Settles HHS Charges by Agreeing to $3.5 Million HIPAA Settlement
Triple-S Management Corporation (“TRIPLE-S”), on behalf of its wholly owned subsidiaries, Triple-S Salud Inc., Triple-C Inc. and Triple-S Advantage Inc. , formerly known as American Health Medicare Inc., has agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules with the U.S. Department of Health…
Read MoreOIG Criticizes OCR for Lax Enforcement Standards and Poor Oversight of Covered Entities
Take a look at the Department of Health and Human Services’ Office for Civil Rights website and you will discover relatively few financial penalties have been issued for HIPAA Privacy violations. Even apparently serious violations of HIPAA Rules have not always resulted in financial penalties being issued. Out of the thousands of data breaches listed…
Read MoreMarch Sees Massive Hike in Healthcare Data Hacking
The number of successful cyber attacks spiked in March, with 11 incidents reported to the Office for Civil Rights, although since HIPAA-covered entities have up to 60 days from the discovery of a data breach until a breach notification must be submitted, that figure may yet rise. In February, there were 4 reported hacking incidents…
Read More