Tag: HIPAA violations

Over the past couple of years, the HIPAA Omnibus Rule has been hovering its head over health care organizations, Software-as-a-service (SaaS) companies and anyone holding, processing, or transmitting Electronic Protected Health Information (ePHI) and Electronic Health Records (EHRs). With 2014 in full swing, organizations that consider themselves to be Business Associates (BAs) and Covered Entities (CEs) need to be looking at their policies and procedures, because the OCR may be knocking on your door this upcoming year. So what did …

Reuter’s reports that WellPoint, Inc., the second largest U.S. health insurer, has reached a $1.7 million settlement with the Dept. of Health and Human Services as result of a data breach that exposed over 600k health records. WellPoint’s online database was found to be problematic for a few different reasons, as outlined in their resolution agreement. Read on for possible technical and strategic security solutions you can employ in your organization to avoid a similar fate: Problem 1: Lacking technical …

Online Tech is exhibiting HIPAA hosting solutions at booth #919 at the Health Care Compliance Association (HCCA)’s 17th Annual Compliance Institute Conference April 21-24 in National Harbor, MD. The conference draws in healthcare compliance professionals, risk managers, privacy officers, healthcare CFOs and CEOs, and more. Advanced Discussion Group: The Latest Trends in Data Breach Threats Speaker: Ted Kobus, Co-Leader, Privacy and Data Protection, BakerHostetler Ted directed an open roundtable discussion among twenty or so audience members who worked within either …

Online Tech is exhibiting HIPAA hosting solutions at booth #9 at the Indiana Health Information Management Association (IHIMA) 2013 Annual Meeting, Changing Times with IHIMA, held at the Indianapolis Marriott Downtown, in Indianapolis, IN on April 17-19. This session is about a lawsuit involving the breach of protected health information (PHI): The Future is Here: Lawsuits by Patients for Unauthorized Disclosure of Protected Health Information Speaker: Neal Eggeson, JD Neal gave his opening statement for a lawsuit in which he …

Business associates should be required to provide some type of evidence or proof of compliance to their covered entities. – Healthcare Information Security Today: 2013 Outlook Survey This quote comes from a study that reports only 32 percent of survey respondents of a healthcare director/manager of information technology demographic expressed confidence in the security controls maintained by their business associates – a dismal number considering the risk taken when partnering with a HIPAA cloud hosting or HIPAA colocation provider. When …

Of the HIPAA data breaches reported in 2013 so far, nearly 40 percent have involved a business associate. A look at the overall percentage of business associate involvement with data breaches dating back to 2009 reveals that almost 30 percent played a role in the reported cases. Clearly, the U.S. Dept. of Health and Human Services (HHS) has attempted to address the chronic issue by widening the HIPAA penalty net to include business associates and subcontractors this year, with the …

While no records were broken when it comes to number of health records disclosed per data breach, the top HIPAA breaches of last year still come with some hard lessons learned about technical and physical security. Learn from their mistakes and protect your healthcare organization from suffering the same fate: Who: Crescent Healthcare, a Walgreens company that manages and delivers pharmacy and nursing solutions in alternate site settings. What: Last December, someone broke into Crescent’s billing center and stole a …

Leon Rodriguez, Director Office for Civil Rights, U.S. Department of Health and Human Services shared unexpected insights from early analysis of breach statistics and the audit pilot at the American Healthcare Lawyers Association conference, HIPAA in a HITECH World, along with key messages the new ruling imparts to Covered Entities and Business Associates. This keynote address is summarized from the AHLA’s HIPAA in the HITECH World conference in Baltimore, Maryland: Since the HITECH Act, HIPAA complaint traffic geometrically increased. In …

In addition to redefining the scope and liabilities of business associates in the healthcare industry, the final HIPAA omnibus rule includes revisions to the penalties applied to each HIPAA violation category. While the American Recovery and Reinvestment Act of 2009 (ARRA) initially established a tiered penalty structure, it hasn’t been revised until now. Section 160.404 refers to the amount of civil monetary penalty as administered under the HITECH (Health Information Technology for Economic and Clinical Health) Act. The original penalty …

Join David Barton, Principal UHY Advisors, as he discusses the new OCR Audit Protocols and explains appropriate application for risk assessment against the standards and safeguards of the the HIPAA Security Act. These new OCR audit guidelines are based off of the pilot HIPAA audit program launched late last year by the government in partnership with auditing firm KPMG. The pilot program involved 150 audits of covered entities (healthcare organizations) in order to assess privacy and security policies against HIPAA Privacy and …

Get started now. Exceptional service awaits.

Live Chat