Idaho State University Settles HIPAA Security Case For $400,000
According to the Department of Health and Human Services (HHS), Idaho State University has agreed to pay them $400,000 for violations of the HIPAA Security rule. The settlement was reached after 17,500 patients of an ISU clinic’s health records were compromised. You can read more about it here. The Office for Civil Rights (OCR) opened …
Kim Kardashian’s HIPAA Privacy case – A HIPAA Law by Law Perspective
Hi, this is Steven Marco. I wanted to post this article as a great example of how Hospitals and Clinics can protect the organization from inappropriate actions of its staff. And always am thinking on what HIPAA laws are touched with this case. This case provides a shining example of how requiring unique user IDs …
Ready or Not, Here Come HIPAA Audits!
After running a successful pilot program in 2012 The Department of Health and Human Services’ Office for Civil Rights (OCR) is looking to launch a national HIPAA compliance audit program by the end of this year to ensure that all health care providers and business associates are compliant with HIPAA privacy and HIPAA security rules …
OCR gives an important 2013 update on their HIPAA Security and Privacy Enforcement status
The resumption of the HIPAA compliance audit program is on hold while regulators analyze pilot audit project results and implement the HIPAA Omnibus Rule, says Susan McAndrew of the HHS Office for Civil Rights.
OCR Issues First Fine for Non-Major Breach – Hospice of North Idaho
The Department of Health and Human Services’ Office for Civil Rights for the first time is financially punishing an organization for a breach of protected health information that affected less than 500 individuals. This is a new policy as OCR has previously limited issuance of hefty fines–and publicity of the fines–against several organizations following a …
HIPAA Privacy Audits begin – 20 “initial” audits to 150 audits by end of 2012
Is attestation means to hold providers accountable for expenditure of public funds and protect against fraud and abuse? The Office for Civil Rights has engaged KPMG using $9M of their $52M budget for this year enforcing HIPAA compliance and investigating breaches for the CMS. The covered entities in scope for KPMG audits are those that have received …
UPDATE: Risks beyond ARRA, HITECH and HIPAA: PHI = $1,000 per individual = $4.9 Billion charge to TriCare
This is an example of a “hole” allowing unencrypted backup tapes to leave the facility and led to one of the largest ePHI breaches in history. Had they a solid HIPAA Risk Analysis covering encryption and ePHI disclosure policies, this breach would not had been a breach. Or shown due diligence to help convince the judge …
Stanford University Hospital breach – UPDATE – From $250K file to $2.1M
Earlier in September, 2011, Stanford University Hospital was fined $250K under HIPAA by the State of California. As Stanford U.H. filed an appeal, they were served papers with a $20M lawsuit. That is 20,000 (ePHI records) times $1,000 per record equals $20,000,000. http://www.healthdatamanagement.com/news/breach-hospital-notification-hipaa-privacy-43379-1.html?ET=healthdatamanagement:e2051:197714a:&st=email&utm_source=editorial&utm_medium=email&utm_campaign=HDM_Daily_101411 Per the article, “The lawsuit, seeking a $1,000 award for each affected patient, alleges violation of state law that …
CMS to Again Explain Medicare/Medicaid Meaningful Use Programs
Very useful information for Medical Practice Offices and Eligible Providers looking to acheive Meaningful Use and get their first payment for Stage 1: http://www.eventsvc.com/palmettogba/register/c8cee047-136b-489e-a54e-b5d184be16c2 They should also discuss Stage 2 set for release this week.
Are you Aware of the Registration Deadlines for the EHR Incentive Programs?
The CMS wants to remind all eligible professionals, eligible hospitals, and critical access hospitals of the registration dates for the EHR (electronic health record) inventive programs. They also want to help them successfully register and start their path to payment for 2011. Registration Dates to Remember November 30, 2011 – last day for eligible hospitals …
Let HIPAA One do the heavy lifting for your company when it comes to compliance. Make us part of your team to stay up-to-date, stay automatically compliant, and most importantly, protect your client's information.