Early this month Uber introduced the launch of Uber Health, a new service that allows healthcare organizations to provide transportation for their patients. Within days, Lyft and Allscripts announced a partnership to allow healthcare providers to schedule patient rides using Allscript’s electronic health record network. The move into Non-Emergency Medical Transportation (NEMT) services is an
This week, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a $100,000 settlement with Filefax, Inc., an out of business company that once provided medical records storage and disposal services. Based on an anonymous complaint, OCR’s investigation uncovered HIPAA Privacy Rule violations due to the company’s failure to
Your organization’s security risk analysis and security awareness training are the best defense against nefarious cyber criminals. In reviewing breaches from 2017, cyberattacks with ransomware brought organizations to a standstill if they lacked a pre-emptive back-up plan for the data hostage situation; a few had no choice but to succumb to the hackers’ payment demands.
A patient voices a concern of privacy violation because the provider mistakenly emailed her medical treatment information to unrecognized email addresses. Your Notice of Privacy Practices correctly informs the patient of her rights under HIPAA to file a privacy complaint with your organization’s Privacy Officer and the Office of Civil Rights (OCR). As the provider,
A patient sends an email using their Gmail account discussing medical information. As the provider, you have no reason to believe that the email is secure so how do you respond? By taking reasonable safeguards you can transmit ePHI, if necessary, and avoid a potential HIPAA breach situation. The Department of Health and Human Services
Recent ransomware cyberattacks are a wakeup call to the healthcare industry. The significant street value of stolen protected health information (PHI) makes the electronic healthcare industry a perfect target. If your organization is a victim of this type of hacking, the number of individuals affected may be massive and the costs may be overwhelming. Even
HIPAA Myth #1 “I don’t bill Medicare, so I don’t need to follow HIPAA Rules” All covered entities must abide by HIPAA Privacy and Security Rules. Covered entities include healthcare providers, health plans and healthcare clearing houses. Only healthcare providers who do not transmit claims electronically meet an exception. Business Associates must also follow HIPAA
With healthcare information breaches on the rise, it's more important than ever to protect your organization. Review our infographic and make sure you are taking the best steps to prevent disaster.
Presence St. Joseph Medical Center, a hospital of Presence Health Network, a large healthcare system serving Illinois, waited more than three months before it notified the Department of Health and Human Services (HHS) of a breach involving 836 individuals. The untimely reporting cost the healthcare system $475,000 to settle with the HHS, including strict compliance
First Healthcare Compliance hosted an educational webinar, “Business Associate Agreements: What You Need to Know” with Jennifer Gimler Brady, Esq. of Potter, Anderson, Corroon, LLP. Click here to view the webinar. For covered entities and business associates, Jennifer provides answers to some commonly asked questions regarding Business Associate Agreements (BAA). Is a physician practice required
