You must complete a HIPAA risk assessment each year, and now is the time to do so. Conducting an annual HIPAA risk assessment is an important part of compliance, as well as being integral to protecting your business against breaches. This is because risk assessments reveal vulnerabilities, threats, and risks to protected health information (PHI), thus uncovering deficiencies in your current security practices. [...]
Dental office administrative staff are often overburdened with a multitude of tasks, especially as of late with staffing shortages across the country. These staff members are often required to wear many hats and are therefore more likely to fall victim to burnout. With their focus divided across several tasks, it is difficult to fully address the security needs of the modern dental practice. This is where dental IT [...]
In 2008, the National Institute of Standards and Technology (NIST) organization published guidance as to how covered entities and business associates were expected to implement HIPAA Security Rule requirements. At the end of April of 2021, the NIST organization announced that it is planning to update this cybersecurity guide. The NIST organization is seeking public comment as to what should be included in the new cybersecurity guide. The [...]
Are you worried about completing your HIPAA risk assessment? Many organizations are. To provide you with guidance, 5 tips on how to complete a risk assessment are discussed. Educate yourself on the HIPAA Security Rule Identify risks and vulnerabilities Create and implement remediation plans Use a risk assessment tool Repeat annually How to Complete a Risk Assessment Completing your [...]
In 2020, the Department of Health and Human Services’ (HHS) Office for Civil Rights issued a record 19 fines for failure to comply with the HIPAA regulations. Six of the fines announced in 2020 were principally issued for failure to comply with the HIPAA Security Rule’s requirement to conduct a security risk assessment and to track and inventory network devices. The message of OCR 2020: Keep patient records [...]
The Department of Health and Human Services (HHS) Office for Civil Rights has entered into a settlement with the Excellus Health Plan, under which Excellus has agreed to pay $5.1 million and to enter into a corrective action plan. The settlement was prompted by an OCR investigation that found widespread noncompliance with provisions of the HIPAA Privacy and Security Rules. As a result of the noncompliance, the data [...]
The OCR seems to be on a fines spree, with a record number of fines issued in September. There were eight September OCR fines issued, amounting to $10,736,500. More details on September OCR fines are discussed below. September OCR Fines: Violating HIPAA Right of Access The HIPAA Right of Access gives patients the right to request copies of their medical records from their healthcare provider. Requested records must [...]
In April of 2014, CHSPSC’s information system was hacked. The healthcare hack ended up affecting 6.1 million individuals, exposing their protected health information. As a result, CHSPSC has agreed to settle numerous HIPAA Security Rule violations with OCR. More details are discussed below. CHSPSC, LLC (“CHSPSC”) provides business associate services, including IT and health information management, to hospitals and physician clinics affiliated [...]
HIPAA Policies and Procedures Templates are form documents that relate to a particular area of HIPAA compliance. HIPAA Policies and Procedures templates provide information on what an organization must do to be compliant in that area. As an example, HIPAA Policies and Procedures Templates include a Policy and Procedure Template for Breach Notification. The HIPAA compliance policy template contains general language about how to detect and report a [...]
HIPAA experts include individuals who provide expert consulting services to healthcare providers. One common form of consulting services is expert witness testimony. HIPAA experts can serve as expert witnesses in court cases where the issues consist of whether a party did or did not comply with HIPAA law and regulations. Why are HIPAA Experts Needed? HIPAA itself does not contain a “private right of action.” This means that [...]
