Last week, the HHS Office for Civil Rights (OCR) announced the launch of phase 2 of the HIPAA Audit Program. OCR’s goal is to proactively uncover and address risks and vulnerabilities to protected health information (PHI). Effective immediately, OCR will ensure Covered Entities (CEs), their Business Associates (BAs) and vendors have comprehensive risk management frameworks…
The Department of Health and Human Services’ Office for Civil Rights (HHS and OCR) has announced its Phase 2 audit program. HHS auditors will concentrate on high-risk areas, eliminating on-site visits and potentially integrating the audits into OCR’s formal enforcement program. Phase 2 audits will be conducted by OCR staff and will likely involve a…
The health insurer Anthem Inc., which manages Blue Cross plans across a dozen states, recently announced that a hacking incident has compromised a database containing personal information of nearly 80 million individuals worldwide. Anthem believes that the unencrypted compromised information could include current and former members? and employees? names, birthdates, medical IDs/Social Security Numbers, Street…
Irrespective of the industry, the digital era demands protection of employee privacy and particularly the healthcare information as a vital obligation on the part of every employer. While the governments have designed HIPAA and HITECH laws to effectively manage this information, remaining compliant to these regulations is a daunting challenge in the world of cyber…
With the healthcare industry moving towards digitalization, the electronic health records even in protected formats are becoming increasingly attractive to the criminals of the cyber world. Not a day goes by without news articles published about hospitals or medical practitioners paying millions of dollars as penalties due to public exposure of the protected health information.…
The Connecticut case of Emily Byrne vs. Avery Center for Obstetrics and Gynecology may be a trend-setter where healthcare providers and business associates could be at legal risk by failing to follow the HIPAA regulation or other privacy regulation. In this case, a patient sued the healthcare clinic for releasing her medical records to a…
Technological growth has empowered today’s healthcare industry with a number of software applications and IT infrastructure which enables them to communicate, store and process patient health information the digital way. However, with cyber threat lurking above the IT enabled environment, the Office for Civil Rights had enforced the HIPAA Privacy Rule, as a sequel to…
The HER audits are around the corner. The Centres for Medicare & Medicaid Services, to encourage healthcare providers to adopt electronic health record systems and ensure secure data sharing practices, brought forth the EHR incentive program. Even as the meaningful use incentive program was intended to encourage healthcare industry adopt digitalization of data, these providers…
Medical information of any individual includes unique identifiers, demographic data, medical conditions, health care provider’s details, billing information as well as immediate family members’ details and medical history. The growth of technology has paved way for storage of these records in electronic formats with quick access from any location. Even as every individual approaches doctors…
As the federal tally of major breaches increased to a total of 1074 incidents affecting 33.7 million individuals since 2009, there are more such incidents added to the list every day. Health care organizations on a global scale, though being technologically sound with latest equipment, embedded software and networked environment, are increasingly becoming targets for…
