This coming November, the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) is slated to discuss an “advance notice of proposed rulemaking” that is requesting for public input on how OCR could share HIPAA fines with the victims of security breaches. This is not the first time OCR has called this action, as this is the 13th time since fall of 2012 that they [...]
2018 marks the year that Connecticut citizens are now allowed to file HIPAA lawsuits against providers for unwarranted release of their protected health information (PHI). This ruling was issued for a HIPAA violation case between the Avery Center for Obstetrics and Gynecology in Westport, Connecticut, and one of their patients, Emily Byrne. Byrne sued Avery Center for negligence and breach of contract after the Center sent Byrne’s medical records [...]
If you are a healthcare organization, business associate or covered entity that uses email, you know that any form of communication containing protected health information (PHI) needs to be encrypted to be HIPAA compliant. For some secure messaging solutions, that means sending an email portal to an end-recipient to access the encrypted message. Typically, the subject line will indicate that the contents inside include sensitive information as a reasonable [...]
Understanding security and compliance is essential for health care providers and health care IT professionals alike. Security and compliance go hand-in-hand to keep sensitive health care data safe. Managed service providers (MSPs) and IT service providers are posed particularly well to take advantage of this interrelationship and grow new business in health care. Health care is currently one of the fastest growing sectors of the US economy--and with the [...]
Confidentiality, integrity, and availability are essential components of any effective information security program. Sometimes referred to as the 'CIA triad,' confidentiality, integrity, and availability are guiding principles for health care organizations to tailor their compliance with the HIPAA Security Rule. HIPAA regulation sets specific guidelines for maintaining the privacy and security of protected health information (PHI). These guidelines are organized into a collection of HIPAA Rules. The HIPAA [...]
Criminal HIPAA violations are becoming more and more commonplace--and this recent example proves that the risks may be growing. A gynecologist based out of Springfield, Massachusetts was convicted of a criminal violation of HIPAA, relating to the illegal distribution of protected health information (PHI) with pharmaceutical sales representatives. The physician received kick-backs from pharmaceuticals company, Warner Chilcott, amounting to $23,500. The physician purportedly shared confidential PHI with Warner [...]
Compliancy Group is proud of our commitment to advocacy work--and this recent sponsorship continues that tradition. Compliancy Group has sponsored New York University's Tandon School of Engineering Robotic Design Team (NYU RDT) as they compete in the NASA Robotic Mining Competition 2018. The Competition takes place annually at the Kennedy Space Center in Cape Canaveral, Florida, from May 14th-May 18th, 2018. The NYU RDT is a collegiate research and [...]
Whether you're a marketing firm looking to break into health care, or a practitioner looking to start an email marketing campaign, understanding HIPAA compliant marketing is absolutely essential to finding success in this increasingly digital age. The HIPAA Rules set specific regulatory standards that must be upheld during the marketing process. HIPAA marketing standards should form the backbone of any health care marketing effort. The reason HIPAA marketing standards [...]
The most recent HIPAA settlement out of the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) proves that care needs to be taken every step of the way to protect your business from HIPAA violation breaches and fines. The Illinois-based Filefax, Inc. was fined $100,000 to settle violations regarding improper document disposal. The fact that makes this case so different than any other HIPAA settlement [...]
Ransomware breaches are becoming commonplace in healthcare settings, and this most recent attack is just another part of that pattern. Allscripts is an electronic health records (EHR) platform that provides services to hospitals, pharmacies, and ambulatory services across the country. In late January 2018, Allscripts was hit by a ransomware attack that shut down its Professionals EHR and Electronic Prescriptions for Controlled Substances (EPCS), among other services. Of the [...]