ELEVATE YOUR HIPAA COMPLIANCE: Explore Our Enhanced Toolkit Today
Access Toolkit
Purchase Toolkit
Back to Blog

HIPAA settlement proves value of audit controls

Having policies and procedures in place is good, as long as you have audit controls to ensure they’re being implemented. Memorial Healthcare Systems (MHS) in South Florida did not. Late last week, the U.S. Department of Health and Human Services (HHS) announced that MHS has paid $5.5 million to settle potential violations of the HIPAA Privacy and Security Rules and agreed to implement a robust corrective action plan.

MHS reported to the HHS Office for Civil Rights (OCR) that the protected health information (PHI) of 115,143 individuals had been accessed by its employees without permission and then disclosed to affiliated physician office staff. The login credentials of a former employee of an affiliated physician’s office had been used to access the ePHI maintained by MHS on a daily basis without detection from April 2011 to April 2012.

Key takeaway

PrivaPlan President David Ginsberg says the key takeaway from the HHS news release is this: “Although it had workforce access policies and procedures in place, MHS failed to implement procedures with respect to reviewing, modifying and/or terminating users’ right of access, as required by the HIPAA Rules. Further, MHS failed to regularly review records of information system activity on applications that maintain electronic protected health information by workforce users and users at affiliated physician practices, despite having identified this risk on several risk analyses conducted by MHS from 2007 to 2012.”

An excellent part of any HIPAA compliance program is to conduct an internal mock audit periodically to ensure that HIPAA policy and procedures are in place and being followed throughout your organization.

Audit help

PrivaPlan can perform a mock HIPAA Privacy and Breach Notification audit using the OCR protocol, as well as our unique audit methodology. This can be conducted as either a desktop or onsite analysis. The audit will provide a list of gaps or deficiencies and recommendations on improvement. The results of our audit can be combined with your HIPAA security risk analysis and other testing to establish a robust risk management plan for compliance.

Contact us at info@privaplan.com or call 877-218-7707.

Related Posts

Recent Posts

Categories
Tags
AI Articles artificial intelligence Blog board Breach business associate CISO cyber risk cybersecurity cybersecurity awareness training electronic medical records email breach executive order Federal HIPAA Changes Final Rule health care health privacy HIPAA hipaa compliance HIPAA Training Meaningful Use Medicare multi-factor authentication OCR ONC passwords PHI phishing Policies & Procedures policies and procedures Privacy Quotes Ransomware Security Security Risk Analysis security training Service Technology Testimonials toolkit Training Materials two-step authentication website analytics website trackers

Get Started Today

Email us at info@privaplan.com or submit the form below:

Sign Up for Updates

Contact PrivaPlan

Telephone Sales & Support
505-466-1432  or
Toll Free: 1-877-218-7707
Fax: 505-466-3942

E-Mail Sales & Support
Customer Support: support@PrivaPlan.com
Sales: orders@PrivaPlan.com

Mailing Address:
PrivaPlan
5 Caliente Rd, Ste 3,
Santa Fe, NM 87508

© 2024 PrivaPlan Associates, Inc, all rights reserved.

FOLLOW US

Linkedin Envelope

Access PrivaPlan Toolkit

Click here to access

Access CMA-PrivaPlan Toolkit

Click here to access

Sign up for updates

  • Be Proactive In Compliance

Sign up. Learn about Compliance

Subscribe now for up-to-date information about privacy & security compliance! You’ll receive emails regarding news about compliance & alerts for new blog posts.