News and Toolkit Updates
Final Guidance from OCR released on De-identification of PHI!
De-identification of PHI has become an increasingly complex issue and requirement with the increased use of electronic health records, health information exchanges and related. The Office of Civil Rights has been working on update guidance on methods of de-identification for some time. The final guidance is now available.
From the PrivaPlan Blog
OCR warns there is an individual posing as OCR Investigator
On April 3, the Office for Civil Rights (OCR) issued an alert that an individual posing as an OCR Investigator has contacted HIPAA covered entities in an attempt to obtain protected health information (PHI).
Important notice regarding individuals’ right of access to health records
The Department of Health and Human Services’ Office for Civil Rights has released an announcement that certain legislative changes regarding individuals’ right of access to health records have been reversed.
Do you understand what PHI is?
An apparent lack of understanding of what defines Protected Health Information (PHI) has cost one hospital system $2.175 million in fines to the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS).
HHS reduces maximum civil penalties for HIPAA violations
The HHS published a Notification of Enforcement Discretion Regarding HIPAA Civil Money Penalties that changes the interpretation of fines for violations defined under the HITECH Act, effectively reducing some of the annual limits.
PrivaPlan advises rural health care staff to train, train and retrain
Train, train and retrain is at the top of PrivaPlan’s list of practical solutions for being HIPAA compliant.
Judge rules in favor of OCR, orders cancer center to pay $4.3 for HIPAA violations
A HHS Administrative Law Judge has ruled that MD Anderson violated HIPAA and is requiring the Texas cancer center to pay $4.3 million in penalties to the OCR.
New HIPAA guidance released in opioid crisis
Responding to the opioid crisis, the OCR explains when and how healthcare providers can share a patient’s health information without violating HIPAA.
DOJ hits eClinicalWorks hard with $155 million settlement
Last week, eClinicalWork, a prominet ambulatory EHR vendor (who also just released their inpatient product), will pay $155 million as a result of a lawsuit settlement with the Department of Justice. The allegations include false representation of the product’s capabilities during ONC testing, as well as paying customers to use the software – violations of…
Survey finds 68% healthcare employees will share sensitive info
Results from a recent survey reveal that 68% of healthcare employees occasionally share confidential or regulated data.
HIPAA settlement proves value of audit controls
Having policies and procedures in place is good, as long as you have audit controls to ensure they’re implemented, unlike this Florida healthcare system.
Latest HIPAA settlement proves why managing security risk is critical
St. Joseph Health will pay $2.14 million for HIPAA violations, serving as an unfortunate example of why managing security risk is critical.
OCR releases guidance on Cloud Computing and HIPAA
The OCR released a guidance on October 6 that attempts to clear things up regarding cloud service providers and HIPAA.
Latest HIPAA settlement shows importance of up-to-date BA agreements
On Sept. 23, 2016, the OCR announced its second HIPAA enforcement action against a business associate to the tune of $400,000. The hospital had previously entered into a settlement of $150,000 for its part in the breach.
Join Oct. 12 webcast: BAs, HIPAA Risk Management
More and more, HIPAA breaches are caused by the Business Associates of HIPAA covered entities. Learn how to manage these risks in Oct. 12 webcast.
OCR is stepping up its investigations of smaller breaches
The OCR has begun an initiative to more widely investigate the root causes of smaller breaches affecting fewer than 500 individuals.
OCR Desk Audits are beginning
This week selected covered entities began receiving notification letters for Phase Two of OCR’s HIPAA audit program which involve desk audits.
David Ginsberg explains new HIPAA audits in webinar
PrivaPlan President David Ginsberg leads June 28 webinar hosted by CORHIO about new HIPAA audits of covered entities and their business associates.
Lack of HIPAA Business Associate Agreement is costly
Putting off a HIPAA Business Associate Agreement puts sensitive health information at risk of being misused or improperly disclosed. That’s certainly not good, and neither is the steep financial penalty you could incur for overlooking this critical step.