HIPAA Blog Posts: HIPAA HITECH Act
Falsely attesting to meaningul use earned Joe White, former CFO of a Texas hospital group a 23 month sentence in federal prison plus restituion of $4.5 million dollars. This should strike fear in the hearts of many who signed similar attestations without satisfying the meaningful use requirements, particularly Core Measure 15.
The study found that the healthcare was most at risk for costly breaches, with an average cost per record lost or stolen as high as $363, more than twice the average for all sectors of $154.
Congratulations, you have just been entered, without your permission, in the HHS OCR HIPAA audit lottery! The first stage will be being one of 500 covered entities or 200 business associates who receive an OCR screening survey in the mail. From this pool an undisclosed number will be chosen for an unannounced HIPAA audit.
“Based on the results of the study, human error continues to be the biggest source of healthcare data breaches, as 75 percent of organizations view employee negligence as the greatest breach threat.” The Ponemon Institute’s fourth annual Patient Privacy & Data Study
If you don't document your HIPAA compliance activities you can't prove HIPAA compliance. Documentation of your HIPAA compliance activities is what builds the legal firewall around your company
Unless you have a HIPAA expert on your staff you probably need a HIPAA Helper to answer your questions and make sure that you are HIPAA compliant. The big question is how do you get a HIPAA Helper and how much do you pay?
The FTC’s complaint alleges that GMR held itself out as a “HIPAA Compliant Medical Transcription Service” and overpromised customers “You can be assured that the materials going through our system are highly secure and are never divulged to anyone.” Beware the self described "HIPAA Compliant" company. You need proof of on-going HIPAA compliance from a trusted third party such as Complianc Helper and their Compliance Meter(tm).
Health insurance carriers must drive HIPAA compliance. General agents and producers are waiting for a signal that they must be able to prove compliance to their carriers. This means doing more than amending business associate agreements.
Accretive Health gets 20 years of outside monitoring of privacy and security efforts for HIPAA breach. " Additionally, Accretive Health agreed to initial and biennial third-party auditing of their security measures and to maintain those records and make them available to the FTC upon request. The settlement will be in effect for 20 years." Winston & Strawn LLP, Steven Grimes
"Based on reinvigoration of the HIPAA Audit Program and signals from OCR, it appears that 2014 will be the year of heightened OCR enforcement." OCR lacks insight into HIPAA security rule compliance, Epstein Becker Green, Alaap B. Shah