OCR’s Strict Enforcement of HIPAA Laws on Healthcare Organizations

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was designed to protect individuals' health information. The HIPAA Privacy Rule ensures the protection of “individually identifiable health information” kept by a covered entity or a business associate. This protects patient information such as an individual’s physical or mental health, the distribution of healthcare, and the payment for healthcare. Such information is considered Protected Health Information (PHI).  OCR Settlements [...]

2019-09-19T09:10:01-04:00September 19th, 2019|

700,000 Patients Affected by August Healthcare Breaches

August was another month that saw several large healthcare breaches. There were a total of 44 breaches reported to the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) in August, affecting 710,279 patients. Most of the healthcare breaches occurring in August, were classified as Hacking/IT Incidents, accounting for 64% of reported breaches in August.  The following were the most impactful breaches in August: Hacking/IT Incidents [...]

2019-09-18T09:42:05-04:00September 18th, 2019|

OCR Reaches First Settlement Ever Under Right of Access Initiative

Earlier this year, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced an initiative. Under the initiative, OCR stated that a main area of HIPAA enforcement in 2019 would be HIPAA right of access violations, including covered entities’ untimely responses to access requests and overcharging for copies of medical records.In early September of 2019, OCR reached its first settlement with a covered entity under that [...]

2019-09-17T14:41:11-04:00September 17th, 2019|

HIPAA Security Risk Analysis Step 5: Determining the Potential Impact of Threat Occurrence

The HIPAA Security Rule requires that covered entities (health plans, health care clearinghouses, and health care providers who electronically transmit any health information in connection with a HIPAA-related transaction), and business associates (read more about business associates here), implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or [...]

2019-09-17T09:00:25-04:00September 17th, 2019|

3,259 Employees Affected by Phishing Attack

East Central Indiana School Trust (ECIST) is the latest victim of a healthcare phishing attack. A phishing attack occurs when a hacker sends an email, posing as a trusted individual, prompting the recipient to click a malicious link. When the recipient clicks the link, the hacker is able to access their email account, including emails sent and received, email attachments, and address books. They often use the information to [...]

2019-09-16T17:04:36-04:00September 16th, 2019|

What is MACRA?

MACRA, short for the Medicare Access and CHIP Reauthorization Act of 2015, is a federal law that changed the payment system for doctors who treat Medicare patients.  What is the MACRA Quality Payment Program? MACRA, commonly referred to as the Permanent Doc Fix, created a Quality Payment Program that: Repealed the Sustainable Growth Rate (SGR) formula. That formula had previously been used by the Centers for Medicare and Medicaid [...]

2019-09-16T09:25:23-04:00September 16th, 2019|

Automatic Logoff Procedures under the HIPAA Security Rule

Under the HIPAA Security Rule, covered entities (CEs) and business associates (BAs) are required to implement appropriate technical safeguards to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI). The Security Rule technical safeguards contain a series of standards whose requirements CEs and BAs must meet. Under the first of these standards, the Access Control standard, covered entities and business associates must, to the extent it [...]

2019-09-13T09:52:07-04:00September 13th, 2019|

Voice Technology in Healthcare: Privacy Implications

Companies such as Amazon are revolutionizing the way organizations conduct business. Alexa’s voice technology has vast healthcare application capabilities that Amazon is working diligently to expand. Voice technology in healthcare currently has limited applications such as describing symptoms, tracking prescription deliveries, scheduling appointments at urgent care, tracking blood glucose levels, and assessing instructions for post-surgical care. Amazon believes that in the future, Alexa can be used to diagnose medical [...]

2019-09-12T09:15:35-04:00September 12th, 2019|

Lost Device Exposed 27,000 Patients’ PHI in Healthcare Breach

An employee of Renown Health, the largest healthcare provider in Nevada, lost an unencrypted thumb drive containing the protected health information (PHI) of 27,004 patients, resulting in a healthcare breach. Compromised PHI included patient names, medical record numbers, diagnoses, dates of admission, physician's names, and clinical information. Individuals affected by the breach were patients at Renown South Meadows Medical Center that were seen between January 1, 2012 and June [...]

2019-09-11T08:41:35-04:00September 11th, 2019|

HIPAA Security Risk Analysis Step 4: Determining the Likelihood of Threat Occurrence

The HIPAA Security Rule requires that covered entities (health plans, health care clearinghouses, and health care providers who electronically transmit any health information in connection with a HIPAA-related transaction), and business associates (read more about business associates here), implement security safeguards. These security safeguards must protect the confidentiality, integrity, and availability of electronic protected health information (ePHI). ePHI is any protected health information that is created, stored, transmitted, or [...]

2019-09-10T14:31:40-04:00September 10th, 2019|

Want Visitors to Know Your

Organization is HIPAA Compliant?

NO THANKS,
I DON'T WANT TO BE HIPAA COMPLIANT.

Are you HIPAA compliant?  Download our checklist to find out!