Should Your Medical Practice Hire a HIPAA Compliance Officer?

Although healthcare facilities of all sizes and types are required to choose a HIPAA compliance officer to make sure that regulations are followed, some choose to blend the role with an existing one. For small to medium-sized practices, the thought of hiring a full-time HIPAA compliance officer may seem financially unfeasible. Continue reading Should Your Medical Practice Hire a HIPAA Compliance Officer?

Over 400 Nursing Home Residents have their PHI compromised, resulting in a Hefty Fine!

After the theft of a mobile device compromised the protected health information (PHI) of hundreds of nursing home residents. Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) must settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Continue reading Over 400 Nursing Home Residents have their PHI compromised, resulting in a Hefty Fine!

Is Your Business Associate Prepared for a Security Incident?

Despite the requirements of HIPAA, not only do a large percentage of covered entities believe they will not be notified of security breaches or cyber attacks by their business associates, they also think it is difficult to manage security incidents involving business associates, and impossible to determine if data safeguards and security policies and procedures at their business associates are adequate to respond effectively to a data breach.

Continue reading Is Your Business Associate Prepared for a Security Incident?

April 20, 2016 $750,000 settlement highlights the need for HIPAA business associate agreements

Raleigh Orthopaedic Clinic, P.A. of North Carolina (Raleigh Orthopaedic) has agreed to pay $750,000 to settle charges that it potentially violated the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule by handing over protected health information (PHI) for approximately 17,300 patients to a potential business partner without first executing a business associate agreement. Continue reading April 20, 2016 $750,000 settlement highlights the need for HIPAA business associate agreements

Healthcare Data Crisis – What HIPAA Should Do.

The HIPAA Omnibus Rule has implemented the HITECH Act for the most part. However, the ever growing concern of data crisis in the healthcare industry can’t be solved that easily. With emerging technologies (cloud computing, social media) and updates in the existing ones, we are bound to face new challenges and risks over time. Continue reading Healthcare Data Crisis – What HIPAA Should Do.

Stolen laptops lead to important HIPAA settlements

Two entities have paid the U.S. Department of Health and Human Services Office for Civil Rights (OCR) $1,975,220 collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.  These major enforcement actions underscore the significant risk to the security of patient information posed by unencrypted laptop computers and other mobile devices.

Continue reading Stolen laptops lead to important HIPAA settlements