A patient sends an email using their Gmail account discussing medical information. As the provider, you have no reason to believe that the email is secure so how do you respond? By taking reasonable safeguards you can transmit ePHI, if necessary, and avoid a potential HIPAA breach situation. The Department of Health and Human Services
Recent ransomware cyberattacks are a wakeup call to the healthcare industry. The significant street value of stolen protected health information (PHI) makes the electronic healthcare industry a perfect target. If your organization is a victim of this type of hacking, the number of individuals affected may be massive and the costs may be overwhelming. Even
HIPAA Myth #1 “I don’t bill Medicare, so I don’t need to follow HIPAA Rules” All covered entities must abide by HIPAA Privacy and Security Rules. Covered entities include healthcare providers, health plans and healthcare clearing houses. Only healthcare providers who do not transmit claims electronically meet an exception. Business Associates must also follow HIPAA
With healthcare information breaches on the rise, it's more important than ever to protect your organization. Review our infographic and make sure you are taking the best steps to prevent disaster.
Presence St. Joseph Medical Center, a hospital of Presence Health Network, a large healthcare system serving Illinois, waited more than three months before it notified the Department of Health and Human Services (HHS) of a breach involving 836 individuals. The untimely reporting cost the healthcare system $475,000 to settle with the HHS, including strict compliance
First Healthcare Compliance hosted an educational webinar, “Business Associate Agreements: What You Need to Know” with Jennifer Gimler Brady, Esq. of Potter, Anderson, Corroon, LLP. Click here to view the webinar. For covered entities and business associates, Jennifer provides answers to some commonly asked questions regarding Business Associate Agreements (BAA). Is a physician practice required
Covered entities should be very concerned about the possibility of a major breach of protected health information (PHI) originating from a Business Associate (BA). According to the Health and Human Services’ Wall of Shame, a single breach in 2015 by a BA in Indiana affected more than 3.9 million individuals which is more than all
Under HIPAA, a breach is any impermissible use or disclosure of protected health information (PHI) that does not fit into one of the following exceptions (45 C.F.R. §164.402): Unintentional access, use, or acquisition of PHI by an employee of covered entity or business associate (BA) made in good faith and would not result in further
What can we learn from the Office for Civil Rights’ (OCR) recent announcements regarding two of the largest settlements ever reported for HIPAA violations? The settlements total $3.9 million and $1.5 million respectively and both stem from an unencrypted laptop stolen from an employee’s car. The Feinstein Institute of Medical Research suffered a data breach in 2012 of over 13,000
The value placed on a compliance program varies greatly with perspective and remains difficult to define. Obviously, the purpose of a compliance program is to prevent and deter wrongdoing. A strong program preempts problems. However, it is difficult to know what might happen in the future or what could have gone wrong in the past.