Steven Marco

OCR Issues First Fine for Non-Major Breach – Hospice of North Idaho

The Department of Health and Human Services’ Office for Civil Rights for the first time is financially punishing an organization for a breach of protected health information that affected less than 500 individuals. This is a new policy as OCR has previously limited issuance of hefty fines–and publicity of the fines–against several organizations following a …

OCR Issues First Fine for Non-Major Breach – Hospice of North Idaho Read More »

HIPAA Privacy Audits begin – 20 “initial” audits to 150 audits by end of 2012

Is attestation means to hold providers accountable for expenditure of public funds and protect against fraud and abuse? The Office for Civil Rights has engaged KPMG using $9M of their $52M budget for this year enforcing HIPAA compliance and investigating breaches for the CMS.  The covered entities in scope for KPMG audits are those that have received …

HIPAA Privacy Audits begin – 20 “initial” audits to 150 audits by end of 2012 Read More »

UPDATE: Risks beyond ARRA, HITECH and HIPAA: PHI = $1,000 per individual = $4.9 Billion charge to TriCare

This is an example of a “hole” allowing unencrypted backup tapes to leave the facility and led to one of the largest ePHI breaches in history. Had they a solid HIPAA Risk Analysis covering encryption and ePHI disclosure policies, this breach would not had been a breach.  Or shown due diligence to help convince the judge …

UPDATE: Risks beyond ARRA, HITECH and HIPAA: PHI = $1,000 per individual = $4.9 Billion charge to TriCare Read More »

Stanford University Hospital breach – UPDATE – From $250K file to $2.1M

Earlier in September, 2011, Stanford University Hospital was fined $250K under HIPAA by the State of California.  As Stanford U.H. filed an appeal, they were served papers with a $20M lawsuit.    That is 20,000 (ePHI records) times $1,000 per record equals $20,000,000. http://www.healthdatamanagement.com/news/breach-hospital-notification-hipaa-privacy-43379-1.html?ET=healthdatamanagement:e2051:197714a:&st=email&utm_source=editorial&utm_medium=email&utm_campaign=HDM_Daily_101411 Per the article, “The lawsuit, seeking a $1,000 award for each affected patient, alleges violation of state law that …

Stanford University Hospital breach – UPDATE – From $250K file to $2.1M Read More »

CMS to Again Explain Medicare/Medicaid Meaningful Use Programs

Very useful information for Medical Practice Offices and Eligible Providers looking to acheive Meaningful Use and get their first payment for Stage 1: http://www.eventsvc.com/palmettogba/register/c8cee047-136b-489e-a54e-b5d184be16c2 They should also discuss Stage 2 set for release this week.

Are you Aware of the Registration Deadlines for the EHR Incentive Programs?

The CMS wants to remind all eligible professionals, eligible hospitals, and critical access hospitals of the registration dates for the EHR (electronic health record) inventive programs. They also want to help them successfully register and start their path to payment for 2011. Registration Dates to Remember November 30, 2011 – last day for eligible hospitals …

Are you Aware of the Registration Deadlines for the EHR Incentive Programs? Read More »

Indiana University Health Data Breach Affects 3,000+

Ok my blog isn’t dedicated solely to reporting breaches but another breach hit the news. Here is a statement from Indiana University: http://medicine.iu.edu/research/clinical-trials/media-alert-faqs/ HIPAA Risk Analysis requires any PCs that move around (i.e. laptop) be encrypted. This is item #1 on risks using laptops with ePHI on them. Bitlocker anyone? A related article on the …

Indiana University Health Data Breach Affects 3,000+ Read More »

ePHI Patient Data Posted Online in Major Breach of Privacy at Stanford University Hospital

Failure to comply with HIPAA-compliance includes detection and notification procedures in the event of a breach. This is a nightmare scenario and illustrates the consequences of not having a comprehensive risk-management initiative. Read all about it on this New York Times article: http://www.nytimes.com/2011/09/09/us/09breach.html?_r=1&hp No one is immune from breaches – could the legal, financial and …

ePHI Patient Data Posted Online in Major Breach of Privacy at Stanford University Hospital Read More »

National Provider Call – September 9, 2011 Slide Deck and Q&A Summary

The CMS held an informative call on how to realize Meaningful Use incentives. Here is a post for those who were unable to make it. Here is the slide-deck: http://www.cms.gov/EHRIncentivePrograms/55_EducationalMaterials.asp#TopOfPage If you would like to request a summary of the Q&A discussion including useful information on dates, Dental, Optometrist qualifications, Audit strategies, etc., please contact …

National Provider Call – September 9, 2011 Slide Deck and Q&A Summary Read More »

Scroll to Top