Warning: Trying to access array offset on value of type bool in /home/isafecomplete/public_html/wp-content/plugins/elementor-pro/modules/dynamic-tags/tags/post-featured-image.php on line 39

Warning: Trying to access array offset on value of type bool in /home/isafecomplete/public_html/wp-content/plugins/elementor-pro/modules/dynamic-tags/tags/post-featured-image.php on line 39

Warning: Trying to access array offset on value of type bool in /home/isafecomplete/public_html/wp-content/plugins/elementor-pro/modules/dynamic-tags/tags/post-featured-image.php on line 39

Warning: Trying to access array offset on value of type bool in /home/isafecomplete/public_html/wp-content/plugins/elementor-pro/modules/dynamic-tags/tags/post-featured-image.php on line 39
Healthcare in the Hot Seat - iSAFE Managed IT Service Provider

Healthcare in the Hot Seat


Warning: Trying to access array offset on value of type bool in /home/isafecomplete/public_html/wp-content/plugins/elementor-pro/modules/dynamic-tags/tags/post-featured-image.php on line 39

In case you were wondering if HIPAA violations are really enforced, I thought I would bring a few big money settlements to your attention.  If you’re not in the healthcare industry, you might be wondering what HIPAA even is.  HIPAA stands for the “Health Insurance Portability and Accountability Act” which was passed in 1996.  This legislation sets data privacy and security provisions for safeguarding medical records and other identifiable health information.

The rules for ePHI (electronic protected health information) are enforced by the Office for Civil Rights (OCR), and they’ve had a big year in 2017.

Imagine if one of your staff had a mobile device, such as a laptop, iPad, or phone stolen out of their car, and device had ePHI stored on it.  That sounds bad enough right?  Well for CardioNet, who did the right thing and reported a stolen laptop to the OCR, that was just the beginning of their trouble.

OCR’s investigation into the incident revealed that CardioNet did not have the required policies and procedures in place, including those required for mobile devices.  The end result was that CardioNet had to pay a fine of 2.5 million, and implement a corrective action plan.

https://www.hhs.gov/about/news/2017/04/24/2-5-million-settlement-shows-not-understanding-hipaa-requirements-creates-risk.html

Vendors who service healthcare providers, who also store or have access to ePHI are required to sign a Business Associates Agreement, basically stating that they will also protect the ePHI.

The Center for Children’s Digestive Health found out the hard way that this is a requirement.  They had been using a company called FileFax, Inc., which stored records containing protected health information for them, but did not get a Business Associates Agreement signed with them.  The result was a $31,000 fine.

https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/ccdh/index.html

The Metro Community Provider Network had not conducted a risk analysis of their ePHI environment, and consequently had not implemented any corresponding risk management plans to address the risks and vulnerabilities that might have been identified.  The OCR took into consideration that they provide services to mostly low or poverty level income patients and took it easy on them to the tune of $400,000.

https://www.hhs.gov/about/news/2017/04/12/overlooking-risks-leads-to-breach-settlement.html

The Memorial Healthcare System which operates six hospitals, an urgent care center, a nursing home, and a variety of ancillary health care facilities in South Florida had to pay 5.5 million because they failed to remove user access for an employee that was no longer with the company.  The users login credentials were used without detection for an entire year before it was caught.

It’s always a good policy to remove user access rights immediately upon termination, no matter what industry you’re in, but absolutely necessary in the healthcare industry.

https://www.hhs.gov/about/news/2017/02/16/hipaa-settlement-shines-light-on-the-importance-of-audit-controls.html

You can fine more examples and other great information about compliance here: https://www.hhs.gov/hipaa/newsroom/index.html

 

You Can Also Email Us

Just fill out and submit the form below and someone will contact you as soon as possible.