2018 proved to be the strictest year for HIPAA fines in the history of enforcement, marking a new age of heightened risk for health care providers and vendors alike. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) set an all-time record in HIPAA enforcement activity in 2018. OCR levied a total of $28.7 million in settlements and judgments. This is a shocking 22% increase [...]
HIPAA enforcement activity reached an all-time record in 2018, according to The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS). In 2018, OCR levied $28.7 million in HIPAA fines. This record-breaking total surpassed 2016’s $23.5 million in fines by 22%--and as if that wasn’t impressive enough, OCR also issued the single largest fine in the history of HIPAA enforcement for $16 million [...]
Social media HIPAA violations are becoming a more and more common occurrence, especially in today's increasingly digital health care landscape. With news stories of social media HIPAA violations making headlines day after day, the risk to your patients' privacy and your practice's reputation can't be ignored. Let's look at a hypothetical situation that helps illustrate some HIPAA social media basics, and assess when a provider can disclose PHI. Imagine Dr. [...]
The protected health information (PHI) of more than 30,000 US patients may have been exposed in a data breach involving Managed Health Services (MHS) of Indiana. The breach occurred when unauthorized persons accessed employee email accounts at LCP Transportation, a partner of MHS, according to a recent security alert from the organization. MHS serves Indiana residents through the Hoosier Healthwise and Hoosier Care Connect Medicaid programs. The system was [...]
Cyber-security and data privacy have become increasingly critical issues facing health care over the past few years, and it seems that HHS OCR is ready to respond. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is seeking a Deputy Director for Health Information Privacy, as per a listing posting to USAJOBS on January 14, 2019. According to the job posting, the Deputy Director "leads, [...]
HIPAA compliance must be improved in the cloud but also be optimized in deskbound technology. You can take steps toward compliance through improvements of your security policies. Some changes are particularly important for HIPAA compliance. Steps that should be taken within Windows 10 settings, via Group Policy tweaks, are reviewed below. General Group Policy Tweaks to Improve Windows Security Windows Group Policy security can be utilized so that your [...]
The HIPAA Administrative Simplification Rules establish national standards for electronic transactions and code sets to maintain the privacy and security of protected health information (PHI). These standards are often referred to as electronic data interchange or EDI standards. The regulations, detailed in 45 CFR 160, 45 CFR 162, and 45 CFR 164, aim to make health care systems more efficient and effective by streamlining paperwork associated with billing, [...]
Anthem, Inc. will pay $16 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) to settle violations of the HIPAA Privacy and Security Rules. This settlement marks the largest ever HIPAA fine, in one of the most extensive health data breaches in history. Almost 79 million patients' electronic protected health information (ePHI) was exposed in the Anthem data breach. This is the [...]
Looking for a simple way to assess your HIPAA compliance? Download our new HIPAA Compliance Checklist for 2019! Compliancy Group's annual HIPAA compliance checklist gives you a robust summary of everything health care professionals, vendors, and IT service providers need to be HIPAA compliant. Download our latest HIPAA checklist now and find out where your organization stands! Click here to download the HIPAA [...]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued a letter calling the HIPAA physical security safeguards for electronic protected health information (ePHI), an "often overlooked" element of the HIPAA Security Rule. There is a common trend among health care professionals to favor cybersecurity safeguards over HIPAA physical security measures, which is the reason behind OCR's letter. HIPAA regulation clearly outlines the [...]