All posts by Blanca Villareal

$750,000 HIPAA Fine For A Laptop?

$750,000 HIPAA settlement emphasizes the importance of risk analysis and device and media control policies

Cancer Care Group, P.C. agreed to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules with the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR). Cancer Care paid $750,000 and will adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program. Cancer Care Group is a radiation oncology private physician practice, with 13 radiation oncologists serving hospitals and clinics throughout Indiana.

On August 29, 2012, OCR received notification from Cancer Care regarding a breach of unsecured electronic protected health information (ePHI) after a laptop bag was stolen from an employee’s car. The bag contained the employee’s computer and unencrypted backup media, which contained the names, addresses, dates of birth, Social Security numbers, insurance information and clinical information of approximately 55,000 current and former Cancer Care patients.

OCR’s subsequent investigation found that, prior to the breach, Cancer Care was in widespread non-compliance with the HIPAA Security Rule. It had not conducted an enterprise-wide risk analysis when the breach occurred in July 2012. Further, Cancer Care did not have in place a written policy specific to the removal of hardware and electronic media containing ePHI into and out of its facilities, even though this was common practice within the organization. OCR found that these two issues, in particular, contributed to the breach, as an enterprise-wide risk analysis could have identified the removal of unencrypted backup media as an area of significant risk to Cancer Care’s ePHI, and a comprehensive device and media control policy could have provided employees with direction in regard to their responsibilities when removing devices containing ePHI from the facility.

“Organizations must complete a comprehensive risk analysis and establish strong policies and procedures to protect patients’ health information,” said OCR Director Jocelyn Samuels. “Further, proper encryption of mobile devices and electronic media reduces the likelihood of a breach of protected health information.”

Cancer Care has taken corrective action with regard to the specific requirements of the Privacy and Security Rules that are at the core of this enforcement action, as well as actions to come into compliance with the other provisions of the HIPAA Rules. The Resolution Agreement and Corrective Action Plan (CAP) can be found on the OCR website at: http://www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/cancercare.html

HHS offers guidance on how your organization can conduct a HIPAA Risk Analysis:http://www.healthit.gov/providers-professionals/security-risk-assessment

To learn more about non-discrimination and health information privacy laws, your civil rights, and privacy rights in health care and human service settings, and to find information on filing a complaint, visit us athttp://www.hhs.gov/ocr/office.

Read More
8 Examples of a HIPAA violation

8 Examples of HIPAA Violations

HIPAA, the Health Insurance Portability and Accountability Act of 1996, was passed to protect an employee’s health insurance coverage when they lose or change jobs. It also has provisions to ensure the privacy and confidentiality of identifiable health information.

Everyone’s medical situation is different; however, this article strives to help define HIPAA by providing you with an overview of some common HIPAA violations experienced by health care providers and patients. Links to HFailure to adhere to the authorization expiration date – Patients can set a date when their authorization expires. A violation would be releasing confidential records after that date.
Failure to promptly release information to patients – According to HIPAA, a patient has the right to receive electronic copies of medical records on demand.
Improper disposal of patient records – Shredding is necessary before disposing of patient’s record.
Insider snooping – This refers to family members or co-workers looking into a person’s medical records without authorization. This can be avoided with password protection, tracking systems and clearance levels.
Missing patient signature – Any HIPAA forms without the patient’s signature is invalid, so releasing information would be a violation.
Releasing information to an undesignated party – Only the exact person listed on the authorization form may receive patient information.
Releasing unauthorized health information – This refers to releasing the wrong document that has not been approved for release. A patient has the right to release only parts of their medical record.
Releasing wrong patient’s information – Through a careless mistake, someone releases information to the wrong patient. This sometimes happens when two patients have the same or similar name.
Right to revoke clause – Any forms a patient signs need to have a Right to Revoke clause or the form is invalid. Therefore, any information released to a third party would be in violation of HIPAA regulations.
Unprotected storage of private health information – A good example of this is a laptop that is stolen. Private information stored electronically needs to be stored on a secure device. This applies to a laptop, thumbnail drive, or any other mobile device.IPAA experts are provided at the end of this article for your specific questions.

8 Common HIPAA Violations

Read More
Fear Itself Speech 修改 文章 英文 click through the following web site | Advanced Trading Tools · Learn How to Trade opciones binarias demo click here now
Loan Canada go credit visit their website