A cyber-attack can affect organizations at different levels. While organizations are actively trying to prevent these attacks, ironically the number of attacks seems to be constantly on the rise. More shockingly, the 2012 Data Breach Investigations Report released by Verizon indicates a dramatic increase in cyber-attacks linked to hacktivist groups. Groups like ‘Anonymous’ and ‘LulzSec’…
If you think compliance with HIPAA is complex and expensive, non-compliance can turn out to be twice that. And Blue Cross Blue Shield of Tennessee (BCBST) stands testimony to this fact. On March 13th 2012, the Department of Health and Human Services (HHS) announced that BCBST agreed to pay a sum of $1.5 million for…
For TRICARE, the aftermath of last year’s massive breach incident has proved to be an ongoing nightmare. Being the largest health information breach reported since the HIPAA breach notification rule came into effect in September 2009, the TRICARE breach has repeatedly attracted aggressive legal action. Nearly 4.9 million beneficiaries were affected by the breach, and…
According to the HITECH Breach Notification Rule any impermissible use or disclosure of protected health information (PHI), or “breach,” of 500 individuals or more should be reported to HHS and the media. Similarly, smaller breaches affecting less than 500 individuals have to be reported to the secretary on an annual basis. As the first enforcement…
Now you can measure the potential cost of a data breach in your organization and take appropriate steps to invest in a befitting solution that can prevent data breaches from occurring. The American National Standards Institute (ANSI)in collaboration with Santa Fe Group/Shared Assessments Program Healthcare Working Group, and the Internet Security Alliance (ISA), issued a…
While you may be striving to achieve ‘meaningful use’ status to qualify for the EHR incentives, some new requirements on privacy and security have surfaced as part of the proposed rule which defines how to achieve ‘meaningful use’ of electronic health records (EHR) to qualify for Stage 2 of the HITECH Act EHR incentive program.
Although data breaches are not typical of a certain size or type of organization, small medical practices seem to be at the highest risk of being attacked. A recent survey, conducted by the Ponemon Institute and commissioned by MegaPath, which queried more than 700 IT and administrative personnel in healthcare organizations with less than 250 employees, revealed some shocking facts. It was noted that nearly 90% of small healthcare practices in North America have suffered a data breach in the past 12 months.
With OCR audits going on in full swing, your legal responsibilities as a healthcare provider have doubled. It’s not just about being compliant anymore- you should be in a position to prove your compliance with HIPAA regulations to the OCR team. The HIPAA audits seek to ascertain that all covered healthcare entities and their business associates are compliant with the requirements of the Health Information Portability and Accountability Act.
Your data may be completely secure; your organization may be fully shielded from security attacks, but with OCR audits coming your way, it’s not enough to be just secure and compliant. You need to prove your compliance with HIPAA Privacy, Security, and Breach Notification rules to the OCR audit team. So while you’re preparing for…
Just when you may be thinking that your compliance and security needs are taken care of, here comes another thing to worry about: The HIPAA Compliance Audit Program. HIPAA Audits will be taken upon accordance with Section 13411 of the Health Information Technology for Economic and Clinical Health Act (HITECH Act) to ensure that covered entities and their business associates are in compliance with the privacy and security rules of the American Recovery and Reinvestment Act of 2009.
