HIPAA Blog Posts: HIPAA Covered Entity
A ransomware attack can trigger a series of bad events leading to a huge HIPAA fine. The slippery slope: Ransomware attack is a HIPAA breach, which when reported triggers an audit, that discovers a lack of an up to date risk assessment, which leads to a fine for willful neglect.
Metro Community Provider Network received a $400,000 fine and a corrective action plan for failing to do a risk assessment prior to a phishing incident that exposed 3200 employee files. Doing the risk assessment a month after the breach didn't work.
Compliance Helper offers the NIST framework at a fraction of the cost of HITRUST. Assure compliance with HIPAAssure®, built on the NIST framework, delivered in the SaaS method, and with the Helper methodology to reduce cost.
“We’re doing more investigations of smaller breaches … I think you’re going to see more of that in terms of entities with whom we enter corrective action plans,” reiterated Deven McGraw, Esq., OCR deputy director of health information privacy at the 88th annual American Health Information Management (AHIMA) conference held October 16-19 in Baltimore, MD
An up do date risk assessment is a key element in your MIPS Composite Performance Score. The MACRA Act which was passed with bilateral support in Congress uses the MIPS score to determine reimbursement for practices.
OCR Director, Jocelyn Samuels, reinforced the need for an enterprise-wide assessment when she stated, “[a]ll too often we see covered entities with a limited risk analysis that focuses on a specific system such as the electronic medical record or that fails to provide appropriate oversight and accountability for all parts of the enterprise.”
If you qualify for our Jumpstart program you can get a Free HIPAA Risk Assessment here: www.compliancehelper.com/free-hipaa-risk-assessment/ . If you don't qualify but still need a risk assessment we would be happy to talk with you about our automated HIPAA risk assessment tool that is cost effective and meets the highest standards.
No HIPAA risk assessment, no HIPAA written policies and procedures, and no HIPAA training equals “willful neglect” and earned a $125,000 HIPAA fine for a Colorado compounding pharmacy.
The Indiana Attorney General filed a complaint for violation of the Indiana Disclosure of Security Breach Act and HIPAA against Dr. Beck. Dr. Beck had hired an outside vendor (business associate) to dispose of paper records but the records were discovered in a dumpster. In a consent decree he agreed to a $12,000 fine.
A recent Transunion Health survey showed that 65% of patients would consider changing providers if their provider had a HIPAA data breach. 73% of younger patients (18-35) would consider leaving.