In this Issue
Advice
HIPAA Regulations - they're not just a paper tiger anymore.
For years, compliance with HIPAA was hit or miss at best. Many organizations gave it lip service - passing out Notice of Privacy Practices and maybe creating a few policies and procedures behind it. This was particularly true of smaller organizations. Business Associates were even further behind the compliance curve - many signing Business Associate Agreements without much of a compliance program to support the responsibilities spelled out in those BAA's. Who could blame them? Enforcement was almost nonexistent.
I'm afraid those days are rapidly disappearing. The number of stories in the media about breaches has increased exponentially - thanks in large part to the requirement to report to HHS any breaches in excess of 500 records (see story in this newsletter). Even if administrative fines are not levied by HHS or CMS - the cost to mitigate the risk of identity theft (letters to impacted individuals, web sites, call centers, etc.) can rise rapidly. Then consider the public relations impact on your organization - will your business partners still want to be associated with you? Will your patients, employees, plan members still trust you with their confidential information?
It's getting serious folks - an ounce of prevention. Make sure you actually secure those laptops and portable devices (USB thumb drives, iPods, iPads, iPhones, PDA's, etc.), take those policies & procedures seriously - or they aren't worth the paper they are written on.
HIPAA is a paper tiger no more - it has grown some teeth!
HIPAA Horror Stories
UCLA Fined Over Michael Jackson Records Breach
Blue Cross Breach May Affect 230,000
AvMed Health Plans Data Breach Affects 1.2 Million
HIPAA Courses & Manuals
HIPAA HITECH laws are now effective. Are you and your staff prepared?
We have the online education, manuals and policy templates you need in order to comply with these new regulations. Contact us today.
More Information >>>
Quick Links
|
| Covered Entities & Business Associates |
Welcome to the Third Quarter 2010 edition of our HIPAA Flash Newsletter.
In recent news we've seen one of the most disastrous oil spills in U.S. history unfold before our eyes. It's left the organization responsible in financial ruin and its image in the dumps. A little mistake and disasters can easily strike.
In the compliance world, this is becoming a common occurrence. How do you protect your organization? The only sure way is education. Ensure your staff is up-to-date on the regulations and laws you need to comply with. Not sure what those are? Contact us at 866-447-2211 or send an email to info@bridgefront.com.
In this issue you'll read about: an increase in healthcare data breaches; how organizations are cracking down on EHR breaches; the importance of compliance programs; and a patient who speaks out after a healthcare data breach.
It's time to learn from the mistakes of others. Pull out your training records and be sure your staff is educated on the latest rules and regulations - before you get caught in a disastrous event of your own.
|
|
|
Health Data Breaches Hit 100 Companies - Affecting More Than 500 Patients |
|
The HHS Office for Civil Rights (OCR) has posted 100 data breaches affecting 500 or more patients as of June 19, 2010. The breaches affected 3,445,233. OCR has added 12 sites since May 20, 2010.
Physical security continues to be the leading problem. Theft accounted for the lion's share of breaches: 65 incidents affecting 2,836,823 patients. Stolen laptops accounted for 32 breaches involving theft and affecting 1,438,447 patients. Paper records remain a concern as they were involved in 21 breaches affecting almost 60,000 patients. |
| Full
Story >>> |
|
| Mitigate Costly Claims & Lawsuits Through Online Education |
|
| Preventing Workplace Discrimination & Harassment - Safeguard your organization and staff from costly claims, lawsuits and a tarnished reputation, with BridgeFront's new compliance courses on preventing harassment and discrimination in the workplace. Choose from the employee or management version. Click Here for Details >>> |
|
|
Study: Health Data Leaks Still an Issue after New HITECH Rules |
|
Nearly eight months after the HITECH Act was enacted, organizations continue to leak sensitive health care data via peer-to-peer networks, according to a study by Dartmouth College's Tuck School of Business, Computerworld reports.
The HITECH Act -- part of the 2009 federal stimulus package -- requires organizations handling health data to implement stronger controls for protecting such information and publicly disclose security breaches within 60 days. The law also expands the number and type of organizations that must adhere to HIPAA privacy rules and imposes penalties for violations. |
| Full
Story >>> |
|
| Agencies, Employers Crack Down on EHR Breaches |
|
It's perhaps like the urge to look through your big brother's dresser or the medicine cabinet at a neighbor's house. Some healthcare workers with access to medical records can't help but snoop, which is more than naughty - it's a federal crime.
Enforcement agencies and employers are getting increasingly serious about busting the snoops as electronic records proliferate and access becomes diffuse. Last week Huping Zhou, as far as prosecutors and observers can tell, became the first person to be sentenced to prison (four months) for just looking. |
| Full Story >>> |
|
|
HHS IG: Compliance Programs Are Integral to Curbing Fraud |
|
During a May 13, 2010 joint HHS and DOJ press conference with Secretary Sebelius and Attorney General Eric Holder, HHS Inspector General Daniel Levinson discussed the value and importance of compliance programs in the enhanced enforcement efforts.
"I'd like to underscore the importance of the health care compliance outreach programs because they are so vital both to the successful implementation of the new law and to our work in the Inspector General's office. Prevention efforts such as compliance programs are integral to curbing health care waste fraud and abuse," said IG Levinson.
|
| Full
Story >>> |
|
|
Patient in Our Lady of Peace Data Breach Speaks Out |
|
Jewish Hospital was hauled into court today. It's the first step in what could turn out to be a class action lawsuit against Jewish and Our Lady of Peace hospitals over a massive data breach
In a plea agreement filed today in United States District Court, Vincent Rubio 49, of Los Angeles, admitted paying illegal kickbacks to "marketers" who recruited homeless persons from Los Angeles' Skid Row and had them transported to Tustin Hospital.
Medical files on more than 24,000 patients disappeared. And now, one of those patients is talking about the impact the data breach is having on her life. |
| Full
Story >>> |
|
|
 |
The HIPAA Flash is an opt-in HIPAA newsletter. The content is for informational purposes only. Nothing herein constitutes legal advice - if you need legal advice, please consult a competent attorney.
BridgeFront is your best resource for compliance workbooks, online training, network scanning tools, backup facilities, certifications, consulting ... HIPAA from A to Z. For the most complete suite of HIPAA compliance products available, visit www.BridgeFront.com.
BridgeFront also provides training in OSHA, JCAHO, Nurse CE, Long Term Care, Revenue Cycle Management and much more. For more information, contact us by calling 866-447-2211 or send an email to info@bridgefront.com.
|
