HIPAA Blog Posts: HIPAA Covered Entity

HIMSS Study: 25% of Medical Practices Don't Do Risk Assessments (I think it's 80%)

"According to the survey, 75 percent of all respondents stated they perform a risk assessment at their organization, similar to the findings of the 2009 survey. However, this year's survey included a greater representation of medical practices, where twice as many respondents reported that their practice does not conduct a risk analysis (33 percent) compared to those who work at a hospital (14 percent)."

Continue reading…

HIPAA HITECH Compliance: The Cost

Case studies reveal cost of HIPAA HITECH compliance is much less than expected.

Continue reading…

Covered Entities Asking Business Associates for HIPAA HITECH Proof

"Covered entities should request due diligence documentation from their business associates and ask their system vendor(s) to provide the new accounting of disclosures functionality and have it tested by Jan. 1, 2011, to accommodate their consumers, if only a few, who ask for an accounting of disclosures.

We also recommend that covered entities begin to review their current NPP and P+Ps, and begin to draft changes that accommodate the new accounting of disclosures requirements. Once the new NPP and P+Ps become final, covered entities should train their work force accordingly." HITECH Accounting of Disclosures, Gerry Blass and Susan Miller JD

Continue reading…

100th HIPAA HITECH Blog: How To Manage Your Business Associates and Sub-Contractors

The major shift has been the law firms acknowledging that covered entities are responsible for their business associates and their sub-contractors.  Compliance Helper has developed the Compliance Meter tm  and The Compliance CO-OP for effectively managing BAs and Subs.

Continue reading…

Business Associates Cause 42% of HIPAA HITECH Data Breaches

 The Ponemon Institute’s 2009 study of data breach costs indicates that 42 percent of the breach incidents studied were caused by third-party mistakes, and the involvement of those third parties increased the cost of the breaches by 12 percent.

Continue reading…

HIPAA Violations Not Always Due to Patient Data Breaches

You don't have to have a patient data breach to be guilty of HIPAA violations.  If you don't have a compliant privacy and security program in place today you are probably already in breach of HIPAA rules.

Continue reading…

HIPAA Medical data breaches most often caused by theft

An analysis of HHS information finds the biggest security leaks come from stolen laptops and removable memory technology. The take-home message: Keep devices locked up.By Pamela Lewis Dolan, amednews staff. Posted Sept. 3, 2010.

Continue reading…

HIPAA Violations with Paper Records by Business Associate and Sub-Contractor

Four Massachusetts community hospitals are investigating how thousands of patient health records, some containing Social Security numbers and sensitive medical diagnoses, ended up in a pile at a public dump.  The unshredded records included pathology reports with patients’ names, addresses, and results of breast, bone, and skin cancer tests, as well as the results of lab work following miscarriages.  By Liz Kowalczyk Globe Staff / August 13, 2010

Continue reading…

Healthcare Leads in Data Breaches:Transparency Needed

Of the 385 organizations hit with data breaches so far this year, 113 were in health care, according to the Identity Theft Resource Center's report for July 28. Just 39 breaches have been reported in banking and finance according to the ITRC. Experts cite a lack of compliance and improper data access by insiders as culprits.

Continue reading…

"My Credit Card is Being Used Fradulently after Anthem Blue Cross HIPAA Data Breach"

 "Three days ago, my credit card number was used fraudulently. Today I received a letter from Anthem telling me a breach had occured, leaking my social security number, name & credit card number."

Continue reading…