HIPAA HITECH Compliance News - page 4

Ransomware Attack is a HIPAA Breach

A ransomware attack can trigger a series of bad events leading to a huge HIPAA fine. The slippery slope: Ransomware attack is a HIPAA breach, which when reported triggers an audit, that discovers a lack of an up to date risk assessment, which leads to a fine for willful neglect.

Finish Reading…

Posted May 16, 2017 by Jack Anderson

No HIPAA Risk Assessment? $400,000 Fine

Metro Community Provider Network received a $400,000 fine and a corrective action plan for failing to do a risk assessment prior to a phishing incident that exposed 3200 employee files. Doing the risk assessment a month after the breach didn't work.

Finish Reading…

Posted April 13, 2017 by Jack Anderson

Are You HIPAA Audit Ready Today>

A HIPAA breach caused by a ransomware attack on a solo physician practice proves that it can happen to anyone. Will the audit reveal that the practice was in HIPAA compliance or willful neglect?

Finish Reading…

Posted April 12, 2017 by Jack Anderson

The HIPAAssure® NIST Framework vs HITRUST

Compliance Helper offers the NIST framework at a fraction of the cost of HITRUST. Assure compliance with HIPAAssure®, built on the NIST framework, delivered in the SaaS method, and with the Helper methodology to reduce cost.

Finish Reading…

Posted March 6, 2017 by Jack Anderson

HIPAA Risk Assessment: Get Out Of Jail Free Card

An up to date HIPAA risk assessment is the one single proof of HIPAA compliance that can prevent huge fines and possible jail time. No matter what else you have done if you don't have an official (NIST) and up to date (at least annually) HIPAA risk assessment you are probably in willful neglect.

Finish Reading…

Posted January 24, 2017 by Jack Anderson

HIPAA Willful Neglect Can Cause Bankruptcy

Willful Neglect of HIPAA compliance has caused companies to go bankrupt. How would you handle a six figure penalty from OCR?

Finish Reading…

Posted January 13, 2017 by Jack Anderson

Demand Quarterly Risk Assessments From BAs

One wonders what would be revealed if all companies accessing ePHI were to do a comprehensive risk assessment today. How many breaches would be discovered? A breach of nearly 400,000 patient records occurred on a server maintained by a BA. The breach was discovered by an outside person 11 months after it occurred.

Finish Reading…

Posted December 27, 2016 by Jack Anderson

OCR Steps Up Investigation of Smaller HIPAA Breaches

“We’re doing more investigations of smaller breaches … I think you’re going to see more of that in terms of entities with whom we enter corrective action plans,” reiterated Deven McGraw, Esq., OCR deputy director of health information privacy at the [88th annual American Health Information Management (AHIMA) conference](http://www.ahima.org/events/~/link.aspx?_id=07CB00ACC48D4D4D9446155086C6A05F&_z=z) held October 16-19 in Baltimore, MD

Finish Reading…

Posted December 21, 2016 by Jack Anderson

Risk Assessment Critical for MACRA

An up do date risk assessment is a key element in your MIPS Composite Performance Score. The MACRA Act which was passed with bilateral support in Congress uses the MIPS score to determine reimbursement for practices.

Finish Reading…

Posted November 22, 2016 by Jack Anderson

Storing encrypted ePHI in the Cloud? Still Need HIPAA Compliance

If you create, receive, maintain, or transmit ePHI you are a business associate and must be HIPAA compliant, even if the data is encrypted and you don't have the key. Thus saith OCR.

Finish Reading…

Posted November 9, 2016 by Jack Anderson