HIPAA HITECH Data Breach: $1000 Per Patient?
With the new class action suit against UCLA for a HIPAA HITECH data breach it seems that the standard has been set at $1,000 per patient. Yet Another Class-Action Filed After Breaches of Patient Data
http://www.legalhie.com/lawsuits/yet-another-class-action-filed-for-breaches-of-patient-data/
Senate Hearings Focus on Lack of HIPAA Enforcement, Final HITECH Rule
“We need the regs, we need the regs, we need the regs.” The Senate Judiciary Subcommittee on Privacy, Technology, and Law
HIPAA HITECH In Effect for Business Associates: Since February 2010
Business associates, in particular, need to be aware that the HITECH Act's imposition of specific technical, administrative and physical safeguards onto their operations became effective in early 2010, one year after the HITECH Act was enacted:HITECH Act's changes to privacy and security regulations: key dates for covered entities and business associates,: Baker & Hostetler LLP, John S. Mulhollan, December 13 2011
HIPAA HITECH Data Breach Costs Small Business Associate $300,000
"One afternoon last spring, Micky Tripathi received a panicked call from an employee. Someone had broken into his car and stolen his briefcase and company laptop along with it. So began a nightmare that cost Mr. Tripathi’s small nonprofit health consultancy nearly $300,000 in legal, private investigation, credit monitoring and media consultancy fees. Not to mention 600 hours dealing with the fallout and the intangible cost of repairing the reputational damage that followed." Digital Data on Patients Raises Risk of Breaches
Nearly Half of HIPAA HITECH Data Breaches Caused By Business Associates (BA)
3 of the 6 List HIPAA HITECH Breaches (50%) that affected 1,000,000 or more individuals reportedly involved BAs of the reporting CEs and 13 of the 29 List Breaches (44.8%) that affected between 30,000 and 999,999 individuals reportedly involved BAs of the reporting CEs.
BA Tracker HIPAA HITECH Compliance Checklist
A HIPAA HITECH Compliance Checklist is a component of the profile of BAs maintained by BA Tracker. The BAs are surveyed monthly and If the answers reveal gaps in their privacy and security program they can sign up for help from Compliance Helper.
Third Parties (BAs) Second Leading Cause of HIPAA HITECH Data Breach: Ponemon Institute 2d Annual Study
Third parties, ie business associates, are the second leading cause of HIPAA HITECH data breaches and the percentage has increased from 34% in 2010 to 46% in 2011. Astoundingly the percentage of CEs that even have BA agreements in place has shrunk form 66% to 56%.
BAs Must Provide Proof of HIPAA HITECH Compliance: Hennepin County Medical Center privacy officer Kari Myrold
Hennepin County Medical Center has beefed up its agreements with business associates in light of the high number of breaches across the nation that have involved vendors. For example, the hospital requires business associates to strictly limit who has access to patient data as well as provide evidence of the results of an audit of their security procedures.
BAs Must Provide Proof of HIPAA HITECH Compliance: Hennepin County Medical Center privacy officer Kari Myrold
Hennepin County Medical Center has beefed up its agreements with business associates in light of the high number of breaches across the nation that have involved vendors. For example, the hospital requires business associates to strictly limit who has access to patient data as well as provide evidence of the results of an audit of their security procedures.
Monitor Business Associate's HIPAA HITECH Compliance: Security specialist Tom Walsh, president of Tom Walsh Consulting
Carefully monitor business associates. "A signed business associate agreement is probably not enough," Security specialist Tom Walsh, president of Tom Walsh Consulting says. "Obtain reasonable assurances through a checklist of security questions, require some type of certification or have an independent audit conducted to validate their security safeguards and controls. Build it into their contract."
HIPAA HITECH Breach Concerns Rise For Healthcare Firms: Judy Greenwald, Business Insurance
Lynn Sessions, counsel at law firm Baker & Hostetler L.L.P. and a former risk manager at Texas Children's Hospital, both in Houston, said HITECH's requirements make it easy to violate HIPAA. “We tell our clients it is not a matter of if” there will be a HIPAA violation, but of when; and in many situations, it is a matter of very small breaches.
$1 Billion Class Action Suite in Sutter HIPAA HITECH Data Breach
$1B suit filed against Sutter Health over data breach
The theft of a stolen computer during a break-in in October has spurred a $1B class action lawsuit against Sutter Health, according to a report published today by the Sacramento Bee. The computer contained data on more than 4 million patients.
HIPAA HITECH Documentation and Metrics
Starting with having documented policies and procedures, documentation is a critical part of HIPAA HITECH compliance. If you didn't document it, you can't measure it, and if you can't measure it, you can't prove it. In 2012 if you can't prove that you are HIPAA HITECH compliant it is going to be very difficult to work in the healthcare sector.
A lack of ongoing HIPAA compliance training increases the risk of internal breaches, says Terrell Herzig, information security officer at UAB Medicine.
A lack of ongoing HIPAA compliance training increases the risk of internal breaches, says Terrell Herzig, information security officer at UAB Medicine.
He also points out that another important way to prevent breaches is to ask business associates to demonstrate their information safeguards by providing copies of their third-party audits. The Health Information Security survey found that only 14 percent of organizations have taken this step.
HIPAA/HITECH update: the waiting is the hardest part, Wiley Rein LLP, Kirk J. Nahra, November 8 2011
"We also are seeing numerous situations where business associates are having security breaches that trigger notification obligations for covered entities, so it is particularly important to monitor the activities of business associates." HIPAA/HITECH update: the waiting is the hardest part, Wiley Rein LLP, Kirk J. Nahra, November 8 2011
Keeping an Eye on Business Associates (HIPAA HITECH)
Covered entities also will require business associates to conduct scheduled security rule risk assessments and revisit the assessments as warranted, Wiedemann (AHIMA) predicts. Keeping an Eye on Business Associates, , Health Data Management Magazine, 11/01/2011
Business Associate Proof of HIPAA HITECH Compliance
Proof of ongoing HIPAA HITECH compliance will be required of all business associates and sub-contractors in 2012. A bold statement, but true.
HIPAA Updates: Hurry Up!, Senator Al Franken at a Senate hearing
HIPAA Updates: What's the Hold Up? Senator Frustrated By Overdue Privacy Protections, November 10, 2011 - Howard Anderson
The nation's lead HIPAA enforcer was on the hot seat at a Senate subcommittee hearing Nov. 9 when he was called to task for delays in issuing privacy and security regulatory updates mandated under the HITECH Act.
HIPAA HITECH Webinar featuring Rebecca Herold
The Intensive Care Approach to Data and Compliance: The featued speaker, Rebecca Herold, CIPP, CISSP, CISM, CISA, FLMI was recently voted the 3rd best privacy advisor in the world by Computer World
Thursday, Oct. 27 1pm CT 
Law Firms Advising CEs to Monitor BAs for HIPAA HITECH Compliance
Over Half of Patient Data Records Breached Caused by Third Parties (BAs and Subs)
Bryan Cline, a vice president with the Health Information Trust Alliance, a nonprofit company that establishes privacy guidelines for health providers, said nearly 20 percent of breaches involved outside contractors, accounting for more than half of all the records exposed. Dr. Cline said health care providers depend unjustifiably on legal contracts with vendors to protect medical records. “That just doesn’t work, as we can see,” he said. “You have to do due diligence, something to assure yourself that the people you’re giving your data to can be trusted.”
HIPAA HITECH Compliance Metrics: Critical Tools
A recent webinar by ID Experts, Rebecca Herold & Associates, and Compliance Helper made a strong case for metrics in HIPAA HITECH compliance. If you can't measure it you can't prove it, and soon, if you can't prove it you can't do business in healthcare.
HIPAA HITECH Compliance: We Have Seen The Enemy and He is Us.
"Early results from the Healthcare Information Security Today survey show that insider threats, such as records snooping and ID theft, are perceived to be the most significant security threats to healthcare organizations." Howard Anderson, Healthcareinfosecurity
New NIST Emphasis on Privacy Changes HIPAA HITECH Compliance
Healthcare Information Security Articles: NIST Guidance: More Emphasis on Privacy,
Interview with NIST's Risk Management Leader Ron RossJuly 29, 2011 - Jeffrey Roman, Associate Editor
The NIST standards are the framework for HIPAA HITECH and other privacy and security standards. In this interview Ron Ross explains why NIST is expanding the privacy rules and how that will effect healthcare organizations. http://www.govinfosecurity.com/podcasts.php?podcastID=1196
The HIPAA HITECH Compliance Cycle: Risk Assessment, Remediation, Training
Three leading HIPAA HITECH compliance companies, ACR2 Solutions, Compliance Helper, and Rebecca Herold & Associates have linked their SaaS solutions to provide risk assessment, remediation, and training. The SaaS model allows them to deliver these services cost effectively and efficiently.
Business Associates Need Proof of HIPAA HITECH Compliance
Covered entities (CE) are asking business associates (BA) to provide proof that they are HIPAA HITECH compliant. The Compliance Meter(tm) is the best proof.
:Do Your Privacy, Security Policies Really Work? HIPAA HITECH Checklist
HIPAA Audits: Preparation Steps:Do Your Privacy, Security Policies Really Work?
July 18, 2011 - Howard Anderson, Executive Editor, HealthcareInfoSecurity.comBA Tracker (tm) Keep BAs HIPAA HITECH Compliant
Compliance Helper is pleased to announce a new service called BA Tracker(tm) that helps a CE track the current compliance level of all of their BAs and display it through the Compliance Meter (tm). This is a free service to the CE. If the BAs are not compliant Compliance Helper can help them set up a comprehensive privacy and information security program including customized policies, procedures, and forms. They are supported by a privacy and security expert we call a Helper.
Business Associate Management Tips: HIPAA HITECH Compliance
Business Associate Management Tips:
Key Steps Can Help Prevent Breaches,June 16, 2011 - Howard Anderson, Executive Editor, HealthcareInfoSecurity.com
Working with business associates to prevent health information breaches requires far more than writing detailed contract terms on privacy and security, says regulatory expert Christopher Hourihan.
Subscribe via RSSCategories
- HIPAA HITECH Act
- HIPAA Covered Entity
- HIPAA Business Associates
- Health Information Privacy
- HIPAA Compliance Online Software
- HIPAA Compliant Checklist
Recent Blog Posts
- Business Associates Need HIPAA HITECH Compliant Policies and Procedures, Now/1
- Minnesota Attorney General Sues Business Associate for HIPAA HITECH Data Breach
- HIPAA HITECH Data Breach Costs Small Business Associate $300,000
- HIPAA HITECH Rules De Facto Standard?
- HIPAA HITECH Data Breach: $1000 Per Patient?
- Senate Hearings Focus on Lack of HIPAA Enforcement, Final HITECH Rule
- more from the blog
