HIPAA Blog Posts: HIPAA HITECH Act
A 234 page NPRM document was released into the Federal Register, which I will wait for the experts to analyze.
Connecticut has settled a lawsuit with an insurance company involving a massive security breach that compromised financial and medical records for half-a-million state residents. Health Net still has to deal with OCR to determine further fines and penalties.
Failing to Train Business Associates on HIPAA Can be Described as Willful Neglect, Amy Leopard , Walter & Haverfield LLP
"Willful neglect generally can be described as knowing HIPAA rules but not properly training employees -- and now, business associates -- in them." Amy Leopard, a partner at the Cleveland law firm Walter & Haverfield LLPibed
Siemens to FedEx to Lincoln will never replace Tinkers to Evers to Chance, the famous baseball double play trio, since they dropped the ball, in fact 130,495 balls. Once again we have business associates causing a big breach.
"Anthem officials said its corporate website had been revamped in October by a third-party vendor that, according to the health insurer, failed to secure sections of the site to ensure visitors couldn't access members' medical records and Social Security numbers." from a blog by Larry Barrett to eplanetsecurity, June 25, 2010
As we have been saying for months your business associates (BA) represent the highest risk to your PHI and just having a BA agreement in place isn't going to protect you in the event of a breach.
In the same announcement that stated that enforcement of HIPAA HITECH and particularly sections relating to business associate liablity were delayed, it was announced that breach notification was being enforced. Isn't this the cart before the horse?
Lucy is telling all of us Charlie Browns that the HITECH regulations will be delivered by July 8th, hah!
Another entrant on OCR's Wall of Shame as Anthem Blue Cross of Orange County California breaches 200,000 records.