Blog Posts: HIPAA
The managed care company Wellpoint Inc. recently agreed to pay $1.7 million to settle allegations that it failed to properly safeguard electronic protected health information (ePHI) concerning 612,402 individuals.
Technology companies with ties to the healthcare industry now face stricter compliance requirements after recent amendments to the Health Insurance Portability and Accountability Act (HIPAA) regulations became effective. An expanded definition of “business associate” now encompasses any entity responsible for creating, receiving, maintaining or transmitting protected health information (PHI).
In 2012, the Department of Health and Human Services (HHS) audited select healthcare organizations for compliance with the Health Insurance Portability and Accountability Act (HIPAA). The agency’s findings revealed some common privacy and security mistakes among both large and small organizations:
The term “big data” refers to sets of information so large that they are difficult to process using traditional database techniques. The healthcare industry has recently started using big data to solve many issues affecting patient care. Big data is able to increase the quality of healthcare — while simultaneously lowering the cost — by revealing certain patterns and trends that would otherwise be unavailable to healthcare providers.
On January 17, 2013, the U.S. Department of Health and Human Services ("HHS") issued a final rule ("Omnibus Rule") that affects multiple aspects of the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). The Omnibus Rule expands privacy, security, enforcement standards and breach-notification requirements, and it implements several changes to the law made by the HITECH Act of 2009.
The Department of Health and Human Services (HHS) Office of Civil Rights (OCS) recently announced that a small non-profit hospice has agreed to pay $50,000 to settle potential HIPAA-HITECH security-rule violations arising from a breach affecting 441 patients. The settlement is notable for being the first that involves a data breach affecting fewer than 500 individuals. The settlement appears a signal that OCS intends to enforce HIPAA-HITECH security rules against covered entities regardless of the size of the breach. As the healthcare industry transitions to entirely electronic recordkeeping, it is a high priority for HHS to ensure that covered entities of all sizes implement adequate protections for electronic protected health information (ePHI).
The Department of Health and Human Services (HHS) is taking enforcement of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule very seriously. In a recent case, a Massachusetts physician eye-and-ear group practice agreed to pay $1.5 million to settle alleged violations of the Security Rule based on an incident where a personal laptop was stolen.
Most organizations have been providing HIPAA training to employees for years. However, given recent regulatory and enforcement changes, here are ten reasons why now is the best time to ensure that your organization’s HIPAA training is up to date.
The Office for Civil Rights (OCR) of the Department of Health and Human Services (HHS) recently posted on its website the protocol it is using for its Health Insurance Portability and Accountability Act (HIPAA) compliance audits. A report by the Ropes & Gray LLP law firm recommends that covered entities and business associates use the information in the protocols to review their current practices.
As ever more important and sensitive data is being stored on laptops, the risk of data breaches continues to rise. Reports of another significant data breach resulting from the theft of a laptop serve as a reminder of how vulnerable sensitive data is to theft and how it's critical that employees take care to protect the data in their possession.