This week’s news highlights the growing need to take proactive steps to protect sensitive data. It’s time to take notice, before your organization has to give notice of a data breach.
The Office of Civil Rights (OCR), responsible for enforcing HIPAA regulation, has announced the hiring of KPMG of McLean, VA to implement an audit program of covered entities and business associate compliance with the HIPAA privacy and security standards. This action marks the first time proactive “periodic audits”, as required by the HITECH Act, will be implemented. Until now, investigations have been in response to complaints. Continue reading
For the second time this week, the Department of Health and Human Services (HHS) has announced stiff penalties for HIPAA violations. This may signal the start of stronger HIPAA enforcement action by the Office for Civil Rights (OCR) and a sign of things to come when HHS rolls out its HIPAA compliance audit program as mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act.
On February 22nd, HHS announced a landmark civil monetary penalty (CMP) against Cignet Health of Prince George’s County, Md., for violations of the Privacy Rule. The $4.3 million penalty was imposed for failing to provide 41 patients with copies of their records in the time frame required by HIPAA, and for failing to cooperate with the OCR investigation. It was the first time a penalty was assessed for Privacy Rule violations, and the first time the increased penalty amounts authorized by Section 13410(d) of the HITECH Act were applied. Continue reading
As I reviewed the provisions of HIPAA Security and Privacy provisions with a lead surgeon who heads a small but bustling medical practice, I could tell he would rather be in a treatment room with a patient than sitting in the lunch room with me discussing one of a legion of requirements and regulations. “Do other doctors really do this?” he asked, his head buried in his hands.
Protecting sensitive data is a hot button. Criminal data theft and fraud have grown alongside the explosion of day-to-day dependence on the internet, wireless and mobile technology. The Identity Theft Resource Center reported 662 data breaches in 2010, affecting 16,167,542 records. 76% of these records included Social Security numbers.
Email has truly become our central production form of communication, both internally and externally. We rely on the ease and rapidity of messaging, and our ability to readily attach documents, pictures or other relevant information. And we are increasingly going mobile (read that as “real time”) with our email connectivity. A recent comScore study revealed that Americans are increasingly using their mobile phones and tablets to access email on the run.
As a result, the information we find useful to have in email is increasing. And services like GMail have made it easy to integrated email, calendaring and contacts all available from web browsers, mobile devices and our home computers – all for a very reasonable price indeed! But hang on here… when we use our “personal” email in such a fashion, what have we really given to these third party providers? Are we really secure? Are we even compliant? Continue reading
What a subject! And what a dynamic and challenging industry for both health care providers and the various vendors they use to keep a practice running. We are going to try to get the latest and most relevant issues which are constantly arising and bring them here for awareness and discussion. Comments will always be welcome, but highly moderated. So play nice!