The Audits Are Coming! The Audits Are Coming!

OCR Phase 2 Audits Have Begun As of March 22, 2016, the Office for Civil Rights (OCR) has officially begun their Phase 2 HIPAA Privacy, Security, and Breach Notification Audit Program. This announcement comes after months of speculation and preparation for the eventual roll-out of this new program. Luckily, with Compliancy Group you won't have to go it alone. Just like Paul Revere on his [...]

2021-08-25T13:59:49-04:00March 24th, 2016|

OCR Settles for $5.5 Million in Business Associate Agreement Violation and PHI Breach

OCR Investigates North Memorial Health System of Minnesota and Feinstein Institute for Medical Research for Missing Laptop, Discovers Rampant Privacy and Security Violations for a combined $5.55 Million Settlement On March 17, 2016 the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reached a settlement with the North Memorial Health System of Minnesota for $1.55 million after it improperly disclosed the protected [...]

2021-08-25T13:59:49-04:00March 18th, 2016|

Understanding HIPAA for Mail Service Providers as Business Associates

Many private services and companies that deal with the transit, storage, or distribution of protected health information (PHI) are beholden to HIPAA regulations as business associates (BAs). Though the scope of your business might not touch upon direct medical care, any organization that is paid to come into contact with PHI must comply with federal regulations regarding the privacy and security of that information while it passes through [...]

2022-05-06T12:08:21-04:00March 15th, 2016|

February 29 Deadline for Reporting HIPAA Breaches 2015: What You Need to Know

The deadline for reporting HIPAA breaches is 60 days from the end of the calendar year for Covered Entities (CEs) that have had breaches in unsecured protected health information (PHI). The ruling here applies to CEs that have had breaches that affected fewer than 500 individuals, whereas larger breaches must be reported within 60 days of the breach itself. With that 60 day deadline falling on February 29th, it’s [...]

2019-10-29T16:05:08-04:00February 16th, 2016|

OCR Plans for Permanent HIPAA Enforcement Program Following Phase 2 Audits in 2016

The Office of Inspector General (OIG) of the U.S. Department of Health and Human Services (HHS) released two reports last week urging the Office of Civil Rights (OCR) to retool its HIPAA enforcement efforts by the start of 2016. OIG outlined a number of inefficiencies in the current HIPAA compliance audit procedures, the most alarming of which called for the implementation of a permanent audit program. The report [...]

2022-05-06T12:13:34-04:00October 9th, 2015|

Webinar: Business Associates and the Omnibus Rule

Join us for "Business Associates and the Omnibus rule" presented by Frank Ruelas. Following the release of the HIPAA Omnibus Rule, business associates are now in a position of greater responsibility and direct liability to comply with the privacy and security rules as described in these Final Rules. However, since the beginning of HIPAA there has always been the challenge of covered entities answering the question, “Is this entity [...]

2022-05-06T12:08:22-04:00July 16th, 2013|

HHS/Office for Civil Rights to Ask for an Additional 1 Million Dollars for HIPAA Enforcement

Although some 3.5 million was collected from 2012 HIPAA fines, and OCR expects that to rise to 5.5 million in 2014 and 6.5 in 2015, OCR is requesting additional funds to pursue investigations of suspected non-compliers. This will allow, as Mr. Rodriguez states in his Budget plan for 2014, increased travel and additional supplies to audit the suspected sites.

2019-10-28T14:24:51-04:00April 15th, 2013|

Is this a reprieve or a wake-up call?

This all depends on where you are with your HIPAA compliance plan and the necessity to have on in place. This article, taken from an interview with Leon Rodriguez from HHS, Office or Civil Rights, highlights critical thinking covered entities, business associates and their subcontractors should be looking into and taking notice of. Leon Rodriguez from HHS says: "What we've been learning from the monetary settlement cases we've done [...]

2022-05-06T12:08:22-04:00January 7th, 2013|

Omnibus Final HIPAA Rule Nears Publication

The HHS Office for Civil Rights has sent the HIPAA omnibus final rule to the Office of Management and Budget for review, one of the last steps before publication in the Federal Register. The final omnibus rule would make changes mandated under the HITECH Act to the HIPAA privacy, security, breach notification and enforcement rules, as well as the Genetic Information Nondiscrimination Act of 2008. Major changes in the HIPAA [...]

2019-10-28T13:46:24-04:00October 2nd, 2012|

BIG FINE, small breach.

Another large HIPAA fine has been issued by the HHS due to an OCR investigation that took place over the theft of an unencrypted laptop. Massachusetts Eye and Ear was fined $1.5 million and has agreed to a corrective action plan that requires the hospital to review, maintain, and revise policies along with submitting semi-annual reports to the HHS for the next 3 years. With fines like this occurring [...]

2019-10-28T13:39:02-04:00September 19th, 2012|