Last year, Congress directed the Secretary of Health and Human Services (HHS) to take into consideration efforts by organizations subject to HIPAA security standards (“covered entities” and “business associates”) to implement “recognized security practices” whenever HHS determines fines and other remedies for HIPAA security violations. …the Secretary shall consider whether the covered entity or business…
The Office of the National Coordinator for Health Information Technology (ONC), in collaboration with the HHS Office for Civil Rights (OCR) just posted an updated Windows only version of its HIPAA risk assessment tool (SRA). I know; lots of exciting acronyms, abbreviations, and labels! You can download the new software on the government’s Health IT…
The Center for Children’s Digestive Health (CCDH) signed over a $31,000 check to the Department of Health and Human Services (HHS) to settle HIPAA violations. CCDH freely provided nearly 11,000 records containing protected health information (PHI) to the company FileFax, Inc. for long-term storage. The issue is not that CCDH transferred the records but that…
Business Associates who fail to conduct health information risk assessments and adopt required security policies and procedures face a growing threat of discovery and fines. Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS) got more than a prayerful penance after violating HIPAA rules. The $650,000 fine imposed by HHS arose from the reported theft of a CHCS issued, unencrypted…
Don’t show me anything, don’t send me anything, don’t even speak to me. It’s the only way I can think of to avoid the growing liabilities associated with failure to secure personal information. Recent guidance from federal HIPAA regulators makes information security optional for patients the law was written to protect. Before you wander off, information…
