Lack of a Security Management Process to Safeguard ePHI Costs a FQHC $400,000 and Must Implement Corrective Action Plan

April 17, 2017. On April 12, 2017, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) announced in a news release entitled: “Overlooking risks leads to breach, $400,000 settlement”, that it had executed a Resolution Agreement and embedded Corrective Action Plan with a nonprofit federally qualified health center (FQHC), Metro Community Provider Network (MCPN) of Denver, CO for failure to:

Time for Covered Entities and Business Associates to Harden Their Security Defenses

January 31, 2017. In recent posts on the HIPAA Integrity® Website, we have urged our readers and clients to invest in security and to harden access to their IT systems in order to minimize the likelihood of a privacy breach or security incident and the consequences thereof. We commend to your attention an excellent January 23, 2017, Modern Healthcare Special Report written by Adam Rubenfire and Joseph Conn entitled: “Building a Better Cyberdefense: How to harness technology to protect your organization and patients from the latest cyberthreats.”

Lessons Learned from Breach Reports: A Cautionary Tale for Achieving HIPAA Compliance in Six Parts – (III) Portable Device Security

On May 20, 2014, then Secretary of the Department of Health and Human Services (HHS), Kathleen Sebelius, transmitted to Congress the required HITECH Act document:  Annual Report to Congress on Breaches of Unsecured Protected Health Information For Calendar Years 2011 and 2012, which is available online at: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachreport2011-2012.pdf.  Much of this document analyzes the characteristics of breaches that the HITECH Act requires be reported to the HHS Office for Civil Rights (OCR), which prepared the report.

 

Lessons Learned from Breach Reports: A Cautionary Tale for Achieving HIPAA Compliance in Six Parts – (II) Security Evaluation

On May 20, 2014, then Secretary of the Department of Health and Human Services (HHS), Kathleen Sebelius, transmitted to Congress the required HITECH Act document:  Annual Report to Congress on Breaches of Unsecured Protected Health Information For Calendar Years 2011 and 2012, which is available online at: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachreport2011-2012.pdf.  Much of this document analyzes the characteristics of breaches that the HITECH Act requires be reported to the HHS Office for Civil Rights (OCR), which prepared the report.

Patient Engagement: Correcting Medical Errors Is a Different Type of Security

June 10, 2014.  When we speak of “security” in this set of HIPAA Safeguard posts, we generally refer to it in the context of the HIPAA Security Rule and compliance by covered entities and business associates with its standards and implementation specifications to safeguard electronic protected health information.  Another context relates the growing use of electronic health records (EHRs) by covered entities such as hospitals and physicians and that persons authorized by those covered entities having access to protected health information contained in their EHR systems are  “secure” in the knowledge that such information is correct.  The June 10, 2014, Wall Street Journal has an article by Laura Landro entitled:  “Health-Care Providers Want Patients to Read Medical Records, Spot Errors, which is available online at: http://online.wsj.com/articles/health-care-providers-want-patients-to-read-medical-records-spot-errors-1402354902.  In that article is the statement:  “Studies show errors can occur on as many as 95% of the medication lists found in patient medical records.” 

 

Categories



Archives

  • October 2017 (1)
  • August 2017 (3)
  • July 2017 (1)
  • June 2017 (7)
  • May 2017 (12)
  • April 2017 (10)
  • March 2017 (2)
  • February 2017 (3)
  • January 2017 (4)
  • December 2016 (4)
  • November 2016 (7)
  • October 2016 (7)
  • September 2016 (2)
  • August 2016 (1)
  • July 2016 (3)
  • June 2016 (1)
  • May 2016 (1)
  • April 2016 (8)
  • March 2016 (6)
  • February 2016 (2)
  • December 2015 (1)
  • November 2015 (1)
  • October 2015 (4)
  • September 2015 (1)
  • June 2015 (8)
  • May 2015 (3)
  • April 2015 (2)
  • March 2015 (1)
  • November 2014 (1)
  • September 2014 (15)
  • August 2014 (6)
  • July 2014 (1)
  • June 2014 (13)
  • May 2014 (11)
  • April 2014 (13)
  • March 2014 (6)
  • February 2014 (12)
  • January 2014 (3)
  • December 2013 (1)