Ready or Not, Here Come HIPAA Audits!
After running a successful pilot program in 2012 The Department of Health and Human Services’ Office for Civil Rights (OCR) is looking to launch a national HIPAA compliance audit program by the end of this year to ensure that all health care providers and business associates are compliant with HIPAA privacy and HIPAA security rules …
OCR gives an important 2013 update on their HIPAA Security and Privacy Enforcement status
The resumption of the HIPAA compliance audit program is on hold while regulators analyze pilot audit project results and implement the HIPAA Omnibus Rule, says Susan McAndrew of the HHS Office for Civil Rights.
OCR Issues First Fine for Non-Major Breach – Hospice of North Idaho
The Department of Health and Human Services’ Office for Civil Rights for the first time is financially punishing an organization for a breach of protected health information that affected less than 500 individuals. This is a new policy as OCR has previously limited issuance of hefty fines–and publicity of the fines–against several organizations following a …
HIPAA Privacy Audits begin – 20 “initial” audits to 150 audits by end of 2012
Is attestation means to hold providers accountable for expenditure of public funds and protect against fraud and abuse? The Office for Civil Rights has engaged KPMG using $9M of their $52M budget for this year enforcing HIPAA compliance and investigating breaches for the CMS. The covered entities in scope for KPMG audits are those that have received …
UPDATE: Risks beyond ARRA, HITECH and HIPAA: PHI = $1,000 per individual = $4.9 Billion charge to TriCare
This is an example of a “hole” allowing unencrypted backup tapes to leave the facility and led to one of the largest ePHI breaches in history. Had they a solid HIPAA Risk Analysis covering encryption and ePHI disclosure policies, this breach would not had been a breach. Or shown due diligence to help convince the judge …
Stanford University Hospital breach – UPDATE – From $250K file to $2.1M
Earlier in September, 2011, Stanford University Hospital was fined $250K under HIPAA by the State of California. As Stanford U.H. filed an appeal, they were served papers with a $20M lawsuit. That is 20,000 (ePHI records) times $1,000 per record equals $20,000,000. http://www.healthdatamanagement.com/news/breach-hospital-notification-hipaa-privacy-43379-1.html?ET=healthdatamanagement:e2051:197714a:&st=email&utm_source=editorial&utm_medium=email&utm_campaign=HDM_Daily_101411 Per the article, “The lawsuit, seeking a $1,000 award for each affected patient, alleges violation of state law that …
CMS to Again Explain Medicare/Medicaid Meaningful Use Programs
Very useful information for Medical Practice Offices and Eligible Providers looking to acheive Meaningful Use and get their first payment for Stage 1: http://www.eventsvc.com/palmettogba/register/c8cee047-136b-489e-a54e-b5d184be16c2 They should also discuss Stage 2 set for release this week.
Are you Aware of the Registration Deadlines for the EHR Incentive Programs?
The CMS wants to remind all eligible professionals, eligible hospitals, and critical access hospitals of the registration dates for the EHR (electronic health record) inventive programs. They also want to help them successfully register and start their path to payment for 2011. Registration Dates to Remember November 30, 2011 – last day for eligible hospitals …
Changes to HIPAA Rules: OCR Increasing Financial Penalties
Just a quick update that the OCR is looking at the possibility of increasing civil money penalties for violations of requirements to ensure that protected health information stays private and is secure. Those who are found in violation may face fines of up to $1.5 million in a single calendar year. You can read more …
Indiana University Health Data Breach Affects 3,000+
Ok my blog isn’t dedicated solely to reporting breaches but another breach hit the news. Here is a statement from Indiana University: http://medicine.iu.edu/research/clinical-trials/media-alert-faqs/ HIPAA Risk Analysis requires any PCs that move around (i.e. laptop) be encrypted. This is item #1 on risks using laptops with ePHI on them. Bitlocker anyone? A related article on the …
Let HIPAA One do the heavy lifting for your company when it comes to compliance. Make us part of your team to stay up-to-date, stay automatically compliant, and most importantly, protect your client's information.