HHS has repeatedly emphasized that HIPAA complance is a process, not an event, but what is the basic process? We call this the Cycle of Compliance and the basic elements are an initial risk assessment, risk remediation, training and awareness and then another risk assessment to measure your progress.
Posted March 9, 2015 by Jack Anderson
Medical Identity Theft up 21.7% (http://medidfraud.org/2014-fifth-annual-study-on-medical-identity-theft). This makes even small clinics and practices targets if they are not HIPAA compliant.
Posted March 6, 2015 by Jack Anderson
A lawsuit can be won against a company that does not maintain HIPAA compliance. In a recent case: “Reviewing a $1.44 million jury verdict, an Indiana appellate court affirmed that the plaintiff had raised a viable claim of negligence based on using HIPAA as the standard of care.”
Posted February 19, 2015 by Jack Anderson
If you store, access, transfer or create PHI you are a target. “Hackers target health care as industry goes digital”, (PC World), “Anthem hack: 'Healthcare is a target'” (Healthcare IT News), “Why Hackers are Targeting The Medical Sector” (Washington Post).
Posted February 18, 2015 by Jack Anderson
Anthem was hacked, with exposure to 80 million patient files, which qualifies as a HIPAA breach, but what does that mean to a small physician practice? The hack has been attributed to a program called "Deep Panda" and the Chinese Army, which is unlikely to target a small physician practice, but could trigger copycat attacks.
Posted February 10, 2015 by Jack Anderson
Many small companies avoid a HIPAA risk assessment because they think it is too difficult, too expensive and will reveal their non-compliance. The key is to use an on-line system that allows you to measure, remediate, and measure again so that you can show progress not perfection.
Posted January 21, 2015 by Jack Anderson
HIPAA Compliance is the industry standard. Your patient medical data or EPHI is worth around $100 per record on the blackmarket. Now according to this New York Times article "Need Some Espionage Done? Hackers Are for Hire Online" criminals don't need hacker skills they can simply hire someone to hack your database.
Posted January 16, 2015 by Jack Anderson
A medical record is worth10-20 times a credit card record on the black market. The information is quiclky sold to an organizaton that will use it to get drugs and medical services.
Posted October 30, 2014 by Jack Anderson
If you still have "grandfathered" HIPAA business associate agreements (BAA) in place they may expire on September 22, 2014. BAAs that were in effect prior to January 25, 2013 were given until September 22, 2014 at the latest to be updated. If this has not been done you will be out of HIPAA compliance at that time.
Posted September 4, 2014 by Jack Anderson
If you don't document your HIPAA compliance activities you can't prove HIPAA compliance. Documentation of your HIPAA compliance activities is what builds the legal firewall around your company
Posted August 28, 2014 by Jack Anderson