Documentation Critical for HIPAA Risk Assessment and Mitigation. Roswell Park Cancer Institute did the risk assessment, developed a plan for mitigation of the high risk items but then couldn't show the auditor the documentation of that mitigation.
Posted July 14, 2015 by Jack Anderson
Initial HIPAA Compliance in as few as 48 Hours with HIPAAssure®, including a risk assessment, editing policies and procedures, and training and awareness.
Posted July 9, 2015 by Jack Anderson
How do I know whether I am HIPAA compliant when the rules are so confusing? One approach would be to read the Omnbus Rule: http://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf but if you are like me after about twenty pages I surrender. An easier concept is the three legged stool: Risk Assessment, Policies and Procedures, and Training and Awareness.
Posted July 2, 2015 by Jack Anderson
Falsely attesting to meaningul use earned Joe White, former CFO of a Texas hospital group a 23 month sentence in federal prison plus restituion of $4.5 million dollars. This should strike fear in the hearts of many who signed similar attestations without satisfying the meaningful use requirements, particularly Core Measure 15.
Posted June 22, 2015 by Jack Anderson
Over 2 million patients had their medical identity stolen in 2014 which represented a 22% increase over the previous year according to the organization Medical Identity Fraud Alliance or MIFA.
Posted June 17, 2015 by Jack Anderson
8% of surveyed healthcare executives said that they were HIghly Confident that their business assocates were HIPAA compliant in the 2015 Healthcare Information Security Today Survey. 68% were either neutral or not confident.
Posted June 15, 2015 by Jack Anderson
The study found that the healthcare was most at risk for costly breaches, with an average cost per record lost or stolen as high as $363, more than twice the average for all sectors of $154. That reflects the relatively high value of a person's medical records on the underground market, said IBM, as Social Security information is much more useful for identity theft than simple names, addresses or credit card numbers.
Posted June 11, 2015 by Jack Anderson
Congratulations, you have just been entered, without your permission, in the HHS OCR HIPAA audit lottery! The first stage will be being one of 500 covered entities or 200 business associates who receive an OCR screening survey in the mail. From this pool an undisclosed number will be chosen for an unannounced HIPAA audit.
Posted June 1, 2015 by Jack Anderson
A large cyberinsurance company is claiming that it doesn't have to pay a claim based on a HIPAA breach because the covered entity failed to meet "minimum required practices". Cottage Hospital in Santa Barbara had a HIPAA breach of 32,500 patient records or PHI in in 2013 and filed a claim for $4.1 million, which CNA is contesting.
Posted May 28, 2015 by Jack Anderson
No HIPAA risk assessment, no HIPAA written policies and procedures, and no HIPAA training equals “willful neglect” and earned a $125,000 HIPAA fine for a Colorado compounding pharmacy.
Posted May 27, 2015 by Jack Anderson