EHR HIPAA compliance is a growing concern in the health care industry, especially in the aftermath of the US Department of Justice's (DOJ) recent settlement with eClinicalWorks. Pair this fine with hints out of the Department of Health and Human Services about forthcoming EHR HIPAA compliance guidance, and it seems likely that the trend in EHR HIPAA enforcement will continue to grow throughout the rest of 2017. A $155M [...]
The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has levied a $387,200 HIPAA settlement against St. Luke's-Roosevelt Hospital Center for unlawful disclosure of patient data. OCR was alerted to the breach in September of 2014. A patient at the Institute for Advanced Medicine (formerly the Spencer Cox Center for Health) reported that a staff member disclosed the patient's protected health information (PHI) to the patient's [...]
Jerry Godwin of OMS The optometric health care market is primed for tremendous growth. At least, that's what Jerry Godwin of Optometric Medical Solutions has to say. Optometric Medical Solutions (OMS) is a practice management, revenue cycle management, and consulting firm based out of San Antonio, Texas. Jerry, President and CEO, has been working in the eye care space for years now. OMS runs like a well-oiled [...]
Office for Civil Rights (OCR) Director Roger Severino made major suggestions into upcoming 2017 HIPAA enforcement in his opening talk at Health Datapalooza 2017. Severino is the newly appointed Director of the Department of Health and Human Services' (HHS) OCR. He said that OCR is "mindful of the regulatory side of things," and spoke about enforcement of the HIPAA Privacy and Security Rules in the changing face of medical [...]
Secretary of Health and Human Services (HHS) Tom Price stressed major changes to health care IT under the Trump Administration during his opening remarks at Health Datapalooza 2017. "People, patients, and partnerships" are going to be the major driving forces behind upcoming changes to data security and privacy. Secretary Price stressed that HHS' goal will be reducing the burden of health care IT to physicians by focusing on patient [...]
Here’s the truth: using a HIPAA compliance manual for your compliance program is like using Windows 96 computers to run your practice. HIPAA compliance manuals were the first iteration of the HIPAA compliance program 20 years ago when HIPAA was first enacted. For their time, compliance manuals did a fine job. However, HIPAA has undergone drastic additions and revisions in the past two decades, and you need [...]
More Fines Ahead for HIPAA Business Associates As HIPAA business associates, MSPs doing work in the health care space are at risk of increased enforcement efforts from the federal government. In 2016 alone, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued almost $24 million in fines. Among those fines was the first ever settlement reached with a HIPAA business associate. Catholic Health Care [...]
Whether you're a covered entity with an HR department or a third-party HR consultant looking to make your clients HIPAA compliant, Human resources and HIPAA compliance interact in numerous ways–and can be a challenge to properly integrate. HIPAA pertains to the privacy and security of protected health information (PHI), which includes patient health data such as names, dates of birth, social security numbers, and financial information. Many businesses handle this [...]
The March 1st HIPAA breach report deadline is fast approaching. HIPAA regulation mandates that health care providers must report breaches of unsecured protected health information (PHI) to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). All breaches that occurred in 2015 must be reported no later than 60 days from the end of the calendar year. The rule here applies to Covered Entities (CEs) [...]
The threat of a HIPAA investigation is only one of the exposures that EHR vendors face when it comes to the implementation of privacy and security standards. One of the most recent examples came in June of 2016 when EHR vendor Practice Fusion Inc. was fined for deceptive privacy practices revealed over the course of an FTC investigation. The trend toward civil monetary penalties and other government fines is [...]