HIPAA

Holiday Scams

Help your associates be particularly vigilant this holiday season, reminding them of what is sure to be a scam-filled and risky couple of months.

The HIPAA Security Rule requires “security awareness and training program for all members of the workforce (including management).” Part of creating that awareness may include regular or targeted reminders of the best practices you’ve put in place in terms of IT Acceptable Use Policies. Use the article recently published by Christine DeGangi from Credit.com as an email ...

Continue Reading
0

So Sue Me!

“Failing to collect payment for treatment, a medical group sent a patient to collections. In providing the unpaid bills to the collections attorney, practice staff failed to redact sensitive information. When the attorney filed the bills with the court as part of the collection action, the patient’s HIV status became public record. The patient sued the practice and won. The jury awarded $1.25 million in damages.”

What struck me in this recent Journal of AHIMA article, HIPAA Violation? Sue Me, ...

Continue Reading
0

Who’s Watching the Shop?

Like traffic cops, compliance managers make sure their employers understand and conform to all relevant industry laws and regulations. As a healthcare provider, there are multiple laws and regulations you must address. For instance, if you take credit card information for payment, you are obligated to comply with Payment Card Industry, Data Security Standards. DHHS has mandated that HIPAA privacy and security standards be adopted and Meaningful Use objectives Stage 2 are in effect that include compliance to health information ...

Continue Reading
0

Is HIPAA Doing What It’s Supposed To Do?

Many general managers still view HIPAA compliance as an unwanted and unneeded overhead cost – a distraction from providing quality patient care and bolstering the bottom line. They resent the federal ‘big stick’ and would rather have the autonomy to implement security as they see fit.

The problem with this approach is twofold. First, like many other industries, investment in information security is usually poorly planned and funded. Today’s sophisticated cybercriminal has easy pickings on the global internet smorgasbord. Second, the ...

Continue Reading
0

Preventing Deliberate Theft of ePHI

All the security tools in the world won’t stop a determined employee from stealing ePHI. You can dramatically lower the risk, however, by taking the following precautions described in a recent posting at Data Breach Today.

Like all information security actions, take a multi-pronged approach. Restrict access on a need-to-know basis, do background checks, create ‘secure zones’ where electronic-protected health information cannot be accessed, implement data loss-prevention technology to restrict the use of USB ports and email, have ...

Continue Reading
0

How Does $20 per EMR Sound?

All of you are working on HIPAA Security Compliance initiatives, primarily driven by Federal and State requirements.  You are motivated by the penalties and remediation costs you could incur with an exposed breach.  While HIPAA Security Compliance makes for a reasonable baseline goal, HIPAA security does not go far enough in our mind to lower your risk substantially.

ePHI represents a substantial revenue stream for driven, organized, international  hacker groups.  According to a recent article, BitSight Technology indicates that a patient ...

Continue Reading
0

Maintain Security Awareness with Free 60-second video snippets

HIPAA Security compliance section 164.308(a)(5) defines periodic security reminder as an addressable action. How do you maintain information security awareness for your employees?

I just read a press release about a company in Orem, UT that produced a sequence of 60-second videos outlining best practices for healthcare practices to comply with technical HIPAA requirements. What a great idea!

While there are many approaches you can take to maintain security awareness– email alerts, scheduled online training, posters, screen savers, lunch and learns, etc. ...

Continue Reading
0

Are Your IT Acceptable Use Policies Up-to-date?

A catfish is someone who creates a false online identity.  Catfishing is common on social networking sites.  The catfish’s intent is to defraud a victim, seek revenge or commit identity theft.  The information obtained could be used to compromise your network.

One key element required by HIPAA is to document acceptable end user behaviors.  These documented behaviors are called IT Acceptable Use Policies.  One area requiring policy definition includes the degree of end user access granted or allowed to social media ...

Continue Reading
0

Healthcare IT Security Worse Than Retail, Study Says

Sometimes it is useful to compare your company’s security footprint to peers and other verticals. This provides a benchmark or standard when evaluating your progress. It you find you company falls short of the standard, you might take a more aggressive approach to improving your security footprint. The best run businesses set realistic goals and work to achieve those goals to improve their business performance and thus their profitability. Benchmarks help to set those goals.

A recent report from Information Week, ...

Continue Reading
0

Largest HIPAA $$ Violation Settlement to Date

HHS just handed out $4.8 million worth of HIPAA fines to New York and Presbyterian Hospital and Columbia University.  6,800 ePHI records were breached by poor server deactivation procedures exposing those patient records to internet search engines.  The organizations learned of the breach when a deceased patient’s partner found the former patient’s ePHI on the internet.  Poor risk management and a failure by the organizations to implement their own policies and procedures contributed to the huge fine.

Read the whole story ...

Continue Reading
0
Page 2 of 3 123