27 04, 2017

HHS Secretary Tom Price Suggests Changes to HHS Guidance on EHRs

2017-06-19T13:11:34+00:00 April 27th, 2017|

Secretary of Health and Human Services (HHS) Tom Price stressed major changes to health care IT under the Trump Administration during his opening remarks at Health Datapalooza 2017. "People, patients, and partnerships" are going to be the major driving forces behind upcoming changes to data security and privacy. Secretary Price stressed that HHS' goal will be reducing the burden of health care IT to physicians by focusing on patient [...]

13 04, 2017

It’s Time to Throw Out Your HIPAA Manual

2017-05-24T19:20:07+00:00 April 13th, 2017|

Here’s the truth: using a HIPAA compliance manual for your compliance program is like using Windows 96 computers to run your practice. HIPAA compliance manuals were the first iteration of the HIPAA compliance program 20 years ago when HIPAA was first enacted. For their time, compliance manuals did a fine job. However, HIPAA has undergone drastic additions and revisions in the past two decades, and you need [...]

1 03, 2017

Upcoming HIPAA Enforcement to Target Business Associates and MSPs

2017-03-01T16:49:29+00:00 March 1st, 2017|

More Fines Ahead for HIPAA Business Associates As HIPAA business associates, MSPs doing work in the health care space are at risk of increased enforcement efforts from the federal government. In 2016 alone, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued almost $24 million in fines. Among those fines was the first ever settlement reached with a HIPAA business associate. Catholic Health Care [...]

28 02, 2017

Simplifying HIPAA and Human Resources

2017-10-11T17:07:43+00:00 February 28th, 2017|

Whether you're a covered entity with an HR department or a third-party HR consultant looking to make your clients HIPAA compliant, Human resources and HIPAA compliance interact in numerous ways–and can be a challenge to properly integrate. HIPAA pertains to the privacy and security of protected health information (PHI), which includes patient health data such as names, dates of birth, social security numbers, and financial information. Many businesses handle this [...]

16 02, 2017

March 1st HIPAA Breach Report Deadline to HHS Approaching

2017-11-06T11:13:42+00:00 February 16th, 2017|

The March 1st HIPAA breach report deadline is fast approaching. HIPAA regulation mandates that health care providers must report breaches of unsecured protected health information (PHI) to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). All breaches that occurred in 2015 must be reported no later than 60 days from the end of the calendar year. The rule here applies to Covered Entities (CEs) [...]

13 02, 2017

EHR Vendors at Risk of 2017 HIPAA Enforcement Actions

2017-07-12T15:36:11+00:00 February 13th, 2017|

The threat of a HIPAA investigation is only one of the exposures that EHR vendors face when it comes to the implementation of privacy and security standards. One of the most recent examples came in June of 2016 when EHR vendor Practice Fusion Inc. was fined for deceptive privacy practices revealed over the course of an FTC investigation. The trend toward civil monetary penalties and other government fines is [...]

7 02, 2017

HIPAA Compliance Survey

2017-07-12T15:55:19+00:00 February 7th, 2017|

NueMD (Atlanta, GA), a cloud-based medical billing service, administered a HIPAA Compliant Survey in 2014. In 2016, they issued a follow-up survey to measure the change in HIPAA compliance and awareness over time. The 2016 NueMD survey received 927 total responses, 86% from medical practices and 6% from billing companies. Of these respondents, 462 reported involvement with patient care, while 465 reported involvement with administrative duties. The survey measures knowledge [...]

4 02, 2017

Multi-Million Dollar HIPAA Fines Underscore Widespread Security Violations

2017-02-07T20:47:08+00:00 February 4th, 2017|

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued two HIPAA fines totaling $5.4 million. In both cases, OCR investigations revealed widespread violations of the HIPAA Privacy and Security Rules. Both cases demonstrate OCR's commitment to continued enforcement under the Trump administration. In 2016, fines totaled almost $24 million. Since the start of 2017 alone, OCR has levied over $5.8 million in fines [...]

12 01, 2017

First Settlement for Violation of HIPAA Breach Notification Rule

2017-09-07T17:11:10+00:00 January 12th, 2017|

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced its first HIPAA settlement of 2017 with Presence Health for $475,000. This settlement is the first in the history of HIPAA enforcement to be levied for failure to properly notify patients of a breach of unsecured protected health information (PHI). The breach first occurred in October 2013. Under the HIPAA Breach Notification Rule, breaches affecting [...]

20 12, 2016

Over Half a Million Affected by Data Breach at Georgia-based Orthopedic Firm

2017-01-30T16:35:32+00:00 December 20th, 2016|

The Atlanta, Georgia-based Peachtree Orthopedics reported that the records of over half a million patients were compromised in a cyber-attack in September of 2016. The firm first notified patients affected by the breach in October after reporting the incident to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR). At the time the breach occurred Peachtree had yet to release an official statement on the [...]