OCR Reaches First Settlement Ever Under Right of Access Initiative

Earlier this year, the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) announced an initiative. Under the initiative, OCR stated that a main area of HIPAA enforcement in 2019 would be HIPAA right of access violations, including covered entities’ untimely responses to access requests and overcharging for copies of medical records. In early September of 2019, OCR reached its first settlement [...]

2023-04-06T14:26:20-04:00September 17th, 2019|

HIPAA Audits: 3 Lessons Learned

The Health Insurance Portability and Accountability Act (HIPAA) dictates healthcare standards for how protected health information (PHI) is handled and safeguarded. The Department of Health and Human Services (HHS) estimates that 70% of organizations are not HIPAA compliant. There’s a lot of confusion on who needs to be HIPAA compliant, but the easiest way to explain this is if you are dealing with PHI in [...]

2023-04-06T14:26:49-04:00July 25th, 2019|

Double Trouble: Indiana Engineering Company Hit with Federal AND Multistate Data Breach Fines

Medical Informatics Engineering, Inc. (MIE) is an Indiana-based company that develops and offers solutions enabling the exchange of electronic protected health information (ePHI). In May of 2019, the company paid the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) $100,000 to settle potential HIPAA Privacy Rule and Security Rule violations.  The events causing the violations are now commonplace, MIE had discovered [...]

2023-04-06T14:26:50-04:00July 24th, 2019|

Business Associate Agrees to Pay $100K for Potential HIPAA Violations

A HIPAA risk assessment is an essential component of HIPAA compliance. HIPAA risk and security assessments give your business a strong foundation when it comes to protecting your patients’ data.  Without performing this assessment, how will you know where you are deficient? More importantly, what will you know to fix? When an organization does not implement proper security measures, a data breach can occur and the results can [...]

2023-04-06T14:27:06-04:00June 11th, 2019|

$3 Million HIPAA Fine Underscores Importance of HIPAA Risk Assessment

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has just levied a $3,000,000 HIPAA fine against Touchstone Medical Imaging. The HIPAA fine comes after a breach of the HIPAA Security Rule and HIPAA Breach Notification Rule that affected more than 300,000 patients. Touchstone is a diagnostic medical imaging company based in Franklin, Tennessee, providing services in Texas, Colorado, Nebraska, Florida, and Arkansas. In May [...]

2023-04-06T14:27:08-04:00May 7th, 2019|

New Random HIPAA Audits on the Horizon: CMS Compliance Review

HIPAA enforcement has been on the rise for the past few years, totaling over $70 million in fines since 2016 alone. And now, a new round of random HIPAA audits is on the horizon. Now, the Centers for Medicare & Medicaid Services (CMS) Division of National Standards, on behalf of the Department of Health and Human Services (HHS), is instituting a CMS Compliance Review Program of random HIPAA [...]

2023-04-06T14:27:12-04:00April 24th, 2019|

Florida HIPAA Fine: No BAA Results in $500,000 Fine

A recent $500,000 Florida HIPAA fine is just another example of the growing trend of HIPAA violations cropping up across the country, all stemming from the lack of properly executed business associate agreements. Advanced Care Hospitalists PL (ACH) has agreed to pay a $500,000 HIPAA fine to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) after a HIPAA investigation [...]

2023-04-06T14:27:57-04:00March 5th, 2019|

HIPAA Fines Are Just the Beginning: Civil HIPAA Lawsuits On the Rise

Community Health Systems (CHS) was issued a $4,500,000 HIPAA fine for a reported 2014 data breach. It looks like the data breach resulted from malware which was installed by Chinese hackers on CHS’s computer system. This incident exposed approximately 4.5 million patients’ names, dates of birth, addresses, telephone numbers, and Social Security numbers. But that was just the beginning of the monetary penalties that CHS was about to [...]

2023-04-06T14:27:58-04:00March 4th, 2019|

Business Associate HIPAA Violation, 20,000 Records Breached

Business associates are continually finding themselves in a state of turmoil when it comes to security and HIPAA compliance. Recently, Stanford University Hospital in Palo Alto, California experienced a breach of 20,000 patients’ medical records due to a business associate HIPAA violation. The medical records were made accessible online to the public for almost a year after an error was made by one of Stanford [...]

2023-04-06T14:27:59-04:00February 28th, 2019|

Georgia Eye Care Email Data Breach Impacts 24,000 Patients

This recent email data breach affecting a Georgia-based eye care group is yet another indicator that threats to data security are becoming more commonplace for healthcare professionals in every industry. Large-scale data breaches are no longer confined to hospitals and enterprise health systems. It’s more important than ever before for small-to-mid-size healthcare providers to start addressing their data security and HIPAA compliance to avoid data [...]

2023-04-06T14:28:00-04:00February 21st, 2019|