Last week, the HHS Office for Civil Rights (OCR) announced the launch of phase 2 of the HIPAA Audit Program. OCR’s goal is to proactively uncover and address risks and vulnerabilities to protected health information (PHI). Effective immediately, OCR will ensure Covered Entities (CEs), their Business Associates (BAs) and vendors have comprehensive risk management frameworks…
It’s happened again. On Dec 1, 2015, a $3.5 million fine was levied against Triple-S Management Corporation, formerly known as American Health Medicare Inc., for HIPAA violations. OCR’s investigations indicated widespread non-compliance throughout the various subsidiaries of Triple-S, including: Failure to implement appropriate administrative, physical, and technical safeguards to protect the privacy of its beneficiaries’…
People love an underdog. It’s one of the main reasons millions of viewers watch the March Madness basketball tournament every year or why the biblical story of David and Goliath is one of the oldest and most repeated stories of all time–it is inspiring to see the improbable come true. In the world of healthcare…
What do all team champions have in common? It doesn’t matter if we’re talking about football, baseball, basketball, hockey, soccer, cricket or just about any other team sport. With few exceptions, the champion is extraordinarily competent at both offense and defense. Think about healthcare. Offense is a given. There are frequent C-Suite discussions about new…
The US Department of Health and Human Services’ Office of Civil Rights (OCR) modified the HIPAA Act with the HIPAA Omnibus Rule coming into effect from the first quarter of 2013. The HIPAA Omnibus rule demanding high standards for breach notification regulations, enterprises worked to strengthen the privacy and security protection mandated by HIPAA. Other…
In the keynote presentation at the HIMSS Privacy and Security Forum in Boston on 23rd September, the Director of the Office for Civil Rights (OCR), Leon Rodriguez addressed the areas of focus for the HIPAA enforcement actions to be undertaken by OCR, and gave specific perspective advice for organizations that are under the purview of…
The HIPAA Omnibus rule has now brought business associates and subcontractors under its gamut, making it mandatory for them to comply with the requirements of the final rule, or face stiff penalties. So business associates and subcontractors are now bound to conduct risk assessments and make appropriate use of encryption along with other precautionary measures…
Healthcare entities now have to take protection of Patient Health Information much more seriously than ever before- because non-compliance with HIPAA can now attract a whole range penalties, both civil and criminal., The Standards for Privacy of Individually Identifiable Health Information, better known as the HIPAA Privacy Rule put forth a set of national standards…
HIPPA Compliance management can be convoluted and at times expensive. However, think again if you are not compliant, as its non-compliance can cost you a huge packet! Phoenix Cardiac Surgery P.C, a small Arizona physician group practice can testify to that. Because of a three-year federal investigation that began on February 2009, this small practice…
Did you know that 2.7 million Americans were affected from around 32 major health information breach incidents recently? The bulk of the people were affected by the information breach that occurred with the Insurer Health Net and its business associate IBM. The Federal list released on June 22nd lists all the major healthcare information breaches…
