HIPAA HITETCH Compliance Blog Archive

Iatrogenic (Caused by a Physician) Medical Identity Theft

 Medical Identity Theft is an iatrogenic condition that could be caused by your physician's office.  If the office is not HIPAA compliant your medical record could be stolen and used for medical identity theft.  This could cause severe symptoms such as fiscal stress and anxiety.

Continue reading…

HIPAA Training: "We have met the enemy and he is us"

 “Based on the results of the study, human error continues to be the biggest source of healthcare data breaches, as 75 percent of organizations view employee negligence as the greatest breach threat.”  The Ponemon Institute’s fourth annual Patient Privacy & Data Study

Continue reading…

Cycle of HIPAA Compliance

 HHS has repeatedly emphasized that HIPAA complance is a process, not an event, but what is the basic  process? We call this the Cycle of Compliance and the basic elements are an initial risk assessment, risk remediation, training and awareness and then another risk assessment to measure your progress.  

Continue reading…

Medical Identity Theft Up 21.7%

 Medical Identity Theft up 21.7% (http://medidfraud.org/2014-fifth-annual-study-on-medical-identity-theft).  This makes even small clinics and practices targets if they are not HIPAA compliant.

Continue reading…

HIPAA Compliance is a Legal Standard of Care

 A lawsuit can be won against a company that does not maintain HIPAA compliance.  In a recent case:  “Reviewing a $1.44 million jury verdict, an Indiana appellate court affirmed that the plaintiff had raised a viable claim of negligence based on using HIPAA as the standard of care.”

Continue reading…

What Does Anthem HIPAA Breach Mean to You?

 If you store, access, transfer or create PHI you are a target.  “Hackers target health care as industry goes digital”, (PC World), “Anthem hack: 'Healthcare is a target'” (Healthcare IT News), “Why Hackers are Targeting The Medical Sector” (Washington Post).

Continue reading…

Anthem Hack and Physician Practices

Anthem was hacked, with exposure to 80 million patient files, which qualifies as a HIPAA breach, but what does that mean to a small physician practice?  The hack has been attributed to a program called "Deep Panda" and the Chinese Army, which is unlikely to target a small physician practice, but could trigger copycat attacks.

Continue reading…

HIPAA Risk Assessment: HHS Requires Progress not Perfection

Many small companies avoid a HIPAA risk assessment because they think it is too difficult, too expensive and will reveal their non-compliance.  The key is to use an on-line system that allows you to measure, remediate, and measure again so that you can show progress not perfection.

Continue reading…

How to Hack HIPAA Data

HIPAA Compliance is the industry standard.  Your patient medical data or EPHI is worth around $100 per record on the blackmarket.  Now according to this New York Times  article "Need Some Espionage Done? Hackers Are for Hire Online" criminals don't need hacker skills they can simply hire someone to hack your database. 

Continue reading…

Why Would Anyone Hack A Physician Practice?

 A medical record is worth10-20 times a credit card record on the black market.  The information is quiclky sold to an organizaton that will use it to get drugs and medical services.

Continue reading…

Will You Lose your HIPAA Compliance on September 22, 2014

 If you still have "grandfathered" HIPAA business associate agreements (BAA) in place they may expire on September 22, 2014.  BAAs that were in effect prior to January 25, 2013 were given until September 22, 2014 at the latest to be updated.  If this has not been done you will be out of HIPAA compliance at that time.

Continue reading…

HIPAA Compliance Depends on Documentation

 If you don't document your HIPAA compliance activities you can't prove HIPAA compliance.  Documentation of your HIPAA compliance activities is what builds the legal firewall around your company

Continue reading…

Why Would I Need a HIPAA Helper

 Unless you have a HIPAA expert on your staff you probably need a HIPAA Helper to answer your questions and make sure that you are HIPAA compliant.  The big question is how do you get a HIPAA Helper and how much do you pay?

Continue reading…

How do I know if I am HIPAA Compliant?

How do you as a manager or owner know whether you are HIPAA compliant at all times?  The Compliance Meter® from Compliance Helper is the answer. 
 

Continue reading…

Are Health Insurance Producers Your Greatest HIPAA Liability?

 Are Health Insurance Producers Your Greatest HIPAA Liability?  If you are a health insurance carrier, agent, broker, or managing general agent and don’t demand proof of HIPAA compliance from your producers you are taking a huge financial risk.

Continue reading…

The Health Insurance Industry is Leaking HIPAA Data

 The Health Insurance Industry is Leaking HIPAA Data: A cursory examination of the Wall of Shame which records HIPAA data breaches of more than 500 records reveals that insurance companies are leaking data, in fact by my calculations they have leaked over 3.5 million patient records.  

Continue reading…

HIPAA Checklist vs The Compliance Meter ®

 A HIPAA checklist such as the one we offer for free on our website at www.compliancehelper.com is a useful tool for getting a snapshot view of your HIPAA compliance but it does not assure your on-going compliance like our Compliance Meter ®. The Compliance Meter ® is your assurance that your organization is HIPAA compliant on an on-going basis and that you can prove it.  Thus our new product name HIPAAssure™, for which we have applied for a registered trademark, is symbolic of our commitment to on-going compliance.

Continue reading…

Hobson's Choice: HIPAA Audit by OCR or Business Partner?

One big item in the news today is increased HIPAA audits and fines coming from HHS and the other discusses monitoring of HIPAA business associates, which should you fear the most?  This is an example of Hobson's Choice or Morton's Fork where neither choice is good but the monitoring can cause an immediate loss of revenue versus a possible fine somewhere in the future in the case of a audit from HHS.

Continue reading…

61% of Small HIPAA Breaches are Paper Records

Big HIPAA breaches are primarily electronic (EPHI) but 61% of small HIPAA breaches (<500) are paper records.  Mass General paid a $1 million dollar fine for the loss of 192 paper patient records.  An employee left the paper records on the subway and they were never found.

Continue reading…

Insurance Carriers Requiring HIPAA Compliance of Producers

 Insurance producers as well as their agents are being asked to provide proof of HIPAA compliance by the insurance carriers.  They are asking for copies of policies and procedures as well as risk assessments.

Continue reading…