HIPAA Blog Posts: HIPAA Covered Entity

Medical Identity Theft Up 21.7%

 Medical Identity Theft up 21.7% (http://medidfraud.org/2014-fifth-annual-study-on-medical-identity-theft).  This makes even small clinics and practices targets if they are not HIPAA compliant.

Continue reading…

Why Would Anyone Hack A Physician Practice?

 A medical record is worth10-20 times a credit card record on the black market.  The information is quiclky sold to an organizaton that will use it to get drugs and medical services.

Continue reading…

Are Health Insurance Producers Your Greatest HIPAA Liability?

 Are Health Insurance Producers Your Greatest HIPAA Liability?  If you are a health insurance carrier, agent, broker, or managing general agent and don’t demand proof of HIPAA compliance from your producers you are taking a huge financial risk.

Continue reading…

FTC Has Authority in Addition to HIPAA HITECH

 In a recent ruling the FTC maintained its right to enforce their rules on covered entities in additon to the HIPAA rules, adding to the responsibility of covered entities to protect PHI.  LabMD’s Motion to Dismiss Complaint with Prejudice and to Stay Administrative Proceedings was denied and LabMD announced that they were closing down.

Continue reading…

Business Associate (BA) HIPAA Breach gets Wellpoint $1.4 Million Fine

" Whether systems upgrades are conducted by covered entities or their business associates, HHS expects organizations to have in place reasonable and appropriate technical, administrative and physical safeguards to protect the confidentiality, integrity and availability of electronic protected health information – especially information that is accessible over the Internet."   OS OCR PrivacyList, OCR (HHS/OS)

Continue reading…

Fallout from failing to conduct a HIPAA risk analysis, Epstein Becker Green, Alaap B. Shah

 Fallout from failing to conduct a HIPAA risk analysis, Epstein Becker Green, Alaap B. Shah

"There are many reasons a healthcare entity dealing with protected health information (“PHI”) should conduct a risk analysis. First and foremost, if conducted properly, a risk analysis should identify PHI-containing systems, assess vulnerabilities of those systems, evaluate and prioritize risks to those systems, and assist in developing mitigation strategies to safeguard the systems. These on-going efforts can help ensure adequate protection of patients’ health information.

Continue reading…

BA Tracker Helps Covered Entities and Business Associates with HIPAA HITECH Compliance

 Covered entities need "satisfactory assurances" that their business associates are HIPAA HITECH compliant and business associate need to be able to provide proof of on-going compliance.  BA Tracker helps both.

Continue reading…

How a Business Associate Cost a Practice $100,000 for HIPAA HITECH Breach

 Hundreds of thousands of small clinics and practices are ticking time bombs for a HIPAA HITECH data breach, and it could be their business associates that cause the explosion.  Let's take a look at Phoenix Cardiac Group again and see how their business associates cost them $100,000.

Continue reading…

Meaningful Use Core Measure #15 and HIPAA HITECH Compliance

It is estimated that the majority of MU attestations by practices and small clinics have falsely attested to core measure 15 of meaningful use.  It states the organization must: “Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308 (a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.”(FR Vol. 75, No. 144 / 7/28/2010, p 44568). 

 

 

Continue reading…

Lack of HIPAA HITECH Risk Assessment and Remediation Threatening Meaningful Use Funds

 Item 15 of Meaningful Use requirements is for a HIPAA risk assessment and remediation of risk discovered.  New estimates of 90% of covered entities that attested they qualify may have attested falsely threatens over $700 million in stimulus funds.  If they are found to have attested falsely they will be required to return the funds and may be subject to a fine.

Continue reading…