All posts by Victoria V

Case Study – HIPAA Privacy for a Group Home. Brought to you by: CAM HIPAA Solutions 888-959-0220

Case Study – HIPAA Privacy for a Group Home

HIPAA Privacy at L’Arche Cleveland
Appropriate Disclosures in a Group Home for the Developmentally Disabled

 

L’Arche Cleveland Director Becky Brady, like many others, attended a seminar on HIPAA Privacy which was offered by her industry trade association. She received a set of sample policies and procedures which were designed for an intermediate care facility, which was a very different type of organization. She heard talk about locking up files, shredding documents, and not revealing even the name of their clients. This type of secrecy concerned her as harmful to the heart and spirit of the L’Arche philosophy. L’Arche is built on the concept of disabled and non-disabled living together in community, sharing both life’s burdens and victories. L’Arche groups engage in the larger community, including the workplace, religious congregations, and even in political campaigns. Was it possible to comply with these new regulations without destroying the essence of their agency?

Read More
HIPAA Compliant E-mails, and Texts . Brought to you by: CAM HIPAA Solutions 888-959-0220

HIPAA Compliant Communication

The HIPAA Privacy and Security Rules require covered entities (including healthcare providers and health plans) and their business associates to implement certain safeguards when e-mailing or texting electronic protected health information (“e-PHI”) to patients or others. Are you using HIPAA Compliant communication?

Read More
Think Your Practice is HIPAA Compliant? Think Again. Brought to you by: CAM HIPAA Solutions- 888-959-0220

Think Your Practice is HIPAA Compliant? Think Again.

You may think you know HIPAA inside and out, but experts say many practices and physicians are making mistakes regarding protected health information (PHI) that could get them into big trouble with the law. Here are nine of the most common compliance missteps they say practices and physicians are making.

Read More
Accidental and Unauthorized Emails Create PHI Security Issues Brought to you by: CAM HIPAA Solutions- (888) 959-0220

Accidental and Unauthorized Emails Create PHI Security Issues

No covered entity wants to notify patients of a potential PHI security incident, yet even with the appropriate safeguards in place, problems could still occur. When this happens, it is important to properly notify potentially affected individuals and then make the necessary changes in existing safeguards to ensure that the same issue does not occur again.

Two different facilities recently dealt with a variety of health data security issues, which is a perfect example of how organizations need a well-rounded approach to security. Anything from human error to cyber attacks could create potential PHI security issues that will need to be handled in a timely manner.

 
New York facility notifies 90,000 patients of PHI data breach

A former employee at HHC Jacobi Medical Center in the Bronx reportedly put the PHI of 90,000 patients at risk after she improperly accessed and transmitted files containing PHI to her personal email account. The individual also sent the information to her email account at her new employer, which is a New York City agency, according to a New York City Health and Hospitals Corporation (HHC) statement from April 28.

Potentially exposed information includes patient names, addresses, dates of birth, telephone numbers, medical record numbers, treatment dates and types of services, and limited sensitive health information. HHC said that health insurance identification numbers, which may have included Social Security numbers, were also potentially exposed for some patients.

“The unauthorized disclosure was discovered by HHC’s information governance and security program that, among other things, monitors and detects all email communications that contain PHI and other confidential information that are sent from HHC’s information systems without proper authorization,” the statement read.

HHC added that there is no evidence showing that the data was misused in any way, or that it was viewed or sent to anyone other than the former employee.

“HHC has taken immediate measures to prevent the recurrence of this incident, including the automatic blocking of communications containing PHI and other confidential information from being sent from HHC’s information systems to any site or entity outside of the HHC security network other than for legitimate business purposes,” the organization said.

 

Immunization records accidentally sent to state registry

Approximately 1,000 patients at the UT Southwestern Medical Center had their immunization records mistakenly sent to a confidential Texas registry, according to The Dallas Morning News. Physicians, health departments and school districts all use the registry.

“UT Southwestern notified us of the issue, and we deleted the records from the ImmTrac system,” department spokeswoman Christine Mann told the news source. “It appears it was an error and the issue has been resolved.”

UTSW said that the issue was due to a computer glitch that occurred during “a routine upgrade to the system,” and that it learned about the records being shared after a patient inquiry on March 6. However, UTSW added that the records were transmitted to the state registry starting January 9.

The facility underlined the point that while the immunization records were mistakenly sent to the state registry, the system is “subject to strict confidentiality requirements” and that all data transmitted is done with “high-strength encryption.”

“We corrected the electronic issue in our system the same day it was discovered,” UTSW spokesman Russell Rian said in a statement, according to the news source. “And we worked diligently…to prevent any future occurrence.”

Read More
HIPAA Security

HIPAA Security- Phase 2 Audits: Are you ready?

The Civil Rights Office of the Department of Health and Human Services announced a “Phase 2” audit program in the Fall of 2014. That audit program was delayed due to funding issues, but appears to be back on schedule for 2015. These Phase 2 audits are expected to be more in depth and focused on reviewing procedures and documentation related to the areas of HIPAA security and privacy risk management, breach notification and Notice of Privacy Practices. Although the early Phase 2 audits are expected to target Covered Entities (employers sponsoring self-insured group health plans), Health Care Providers and Clearinghouses, the audits are also expected to expand to include HIPAA Business Associates.

What should you do to prepare for a Phase 2 HIPAA audit? Entities may wish to take the following steps:

Conduct an internal audit (DHS issued audit guidelines in 2012 and a Covered Entity may use them to conduct its internal privacy and security analyses);
Implement and/or update your HIPAA Privacy and Security Policies;
Appoint a HIPAA Privacy Officer and a Security Officer (and ensure those Officers understand their responsibilities);
Train employees who have access to Protected Health Information (“PHI”) on privacy and security rules; and
Limit access to PHI (both physically and electronically) only to those employees authorized to access it.

 

Original post by: Snell & Wilmer

http://www.jdsupra.com/legalnews/hipaa-phase-2-audits-are-you-ready-28419/

Read More
data breach

How to Minimize the Costs – and the Chances – of a Data Breach

How to Minimize the Costs – and the Chances – of a Data Breach

The possibility of a data breach is one of the biggest threats facing most companies today. Over the past few weeks, news reports were awash with breach incidents and related cases from almost all industries: hackers reportedly targeting the three largest banks of the US; more than 30,000 of personal records breached from 53 universities; data-containing devices stolen from hospitals and health systems (with a hospital getting fined a staggering $1.5 million due to a stolen laptop); and more. It’s no wonder many business executives are kept awake at night wondering if their company will be next.

But perhaps the more important question that they should be considering right now is: Can data breaches be prevented? The answer to this question though, is not a straightforward yes or no. After all, with the level of technology at the disposal of hackers today, no system is immune to attack. So yes, there are measures that can help prevent a breach, but no, these are not foolproof guarantees against one.

However, if you think that taking concrete steps to protect against a security breach is a futile exercise, you couldn’t be more wrong. True, you may not be able to totally eliminate the threat of a breach, but on the upside, having preventive measures now will help you better deal with the fallout from a breach if or when one does happen later.

By ‘fallout’ we mean the costs that are bound to crop up as a result of the incident, as well as the negative publicity that a company would have to endure once word gets out. Preparedness allows you to respond in an appropriate and timely manner, significantly bringing down breach-related expenses and keeping the damage to your reputation at a minimum.

Here are some breach-prevention and/or cost-reducing methods suggested by security experts:

● Establish company-wide data protection policies.

Nothing speaks of a company’s commitment to data protection better than an established and organization-wide privacy and security policy. This should include the designation of a chief privacy administrator, clear guidelines on data handling, storage, and retention, and a concrete plan of action for disaster recovery. If the procedures are not well-thought out or are not comprehensive enough, there could be vulnerabilities within the system which hackers and cyber thieves can easily take advantage of. All it takes is a small open door.

Ideally, risk assessment program should also accompany a privacy policy to allow the organization to test whether security controls and procedures qualify as the best practices in preventing data breaches. Such program could also come in handy when a business is applying for data breach insurance.

● Perform update of software and hardware on a regular basis.

Because malware developers are continually finding ways to get around your protective measures, you should also keep security tools as updated as possible. Software used on all computers connected to your network should be regularly brought up-to-date to ensure that the most current versions are running. In addition to bringing in new features and fixing existing bugs, software patches can also include security features that can help make firewalls more effective against hack attacks.

 

Read More
Fear Itself Speech 修改 文章 英文 click through the following web site | Advanced Trading Tools · Learn How to Trade opciones binarias demo click here now
Loan Canada go credit visit their website