Tuesday, 11 October 2016 13:20

Small providers, be ready: Feds will “widely investigate” small HIPAA breaches

Written by

The U.S. Office for Civil Rights (OCR) says it is now working with its regional offices to more widely investigate the root causes of breaches affecting fewer than 500 individuals.”  The regional offices will still have discretion on which smaller breaches to investigate, but each office will increase its efforts to address these smaller breaches. 

Among other things, regional investigators will look for incidents involving inproper disposal or theft of unencrypted Protected Health Information (PHI), and inappropriate access to IT systems.

Here are examples of settlements in smaller breaches:

Catholic Health Care Services, relating to a business associate’s failure to safeguard nursing home residents’ PHI: $650,000.

St. Elizabeth’s Medical Center, relating to allegations that staff used an internet-based, document-sharing application to store PHI without having analyzed risks: $218,400.

Hospice of North Idaho, relating to an unencrypted laptop computer containing the electronic protected health information: $50,000.

Read 513 times Last modified on Wednesday, 11 January 2017 13:36

10 Step HIPAA Plan

  • Step 1: Make Sure you Must Comply with HIPAA +

    What's Inside:
    Lists of who is generally covered and who is not, plus contact for inquiries.
  • Step 2: Designate Team Leaders +

    What's Inside:
    • 7-page HIPAA basics
    • 62-page guide to security and privacy of ePHI
    • Compliance Charter Template
  • Step 3: Develop Security Policies & Procedures +

    What's Inside:
    Templates for Security Policies and Procedures
  • Step 4: Conduct a security risk analysis +

    What's Inside:
    INTRODUCTORY:
    • Guides
    • Short videos
    • Interactive quizzes on risk assessment and contingency preparation
    • 10 common myths

    ADVANCED:
    Interactive tutorial – 156 questions with fill-able PDFs for Windows or iPad. All material from federal sources.
  • Step 5: Develop an action plan +

    What's Inside:
    INTRODUCTORY:
    • 11-page overview on ePHI for small practices
    • 4-page Q&A addresses email with patients
    • Checklists

    ADVANCED:
    Toolkit on 45 implementation specifications
  • Step 6: Reduce Risks of a Breach +

    What's Inside:
    • Overview of expectations
    • Annual Work Plan Template
  • Step 7: Train the Team +

    What's Inside:
    • Form for reporting breach notification
    • Links to details on the notification process and what constitutes a breach.
    • Suite of Training Materials
  • Step 8: Customize Privacy Notices +

    What's Inside:
    FOR ALL:
    • Privacy notice templates to help achieve meaningful consent, in English & Spanish.

    INTRODUCTORY:
    • Professionals' guide covering 2013 updates on communications.

    ADVANCED:
    • Electronic toolkit with patient education and meaningful consent sample materials.
  • Step 9: Execute Business Associate Agreements +

    What's Inside:
    • Sample Business Associate Agreement (BAA) provisions
    • Suite of BA Management Tools
  • Step 10: Verify Compliance with HIPAA +

    What's Inside:
    INTRODUCTORY:
    • Tip sheets
    • Short videos
    • Overviews

    ADVANCED:
    • 94-page guide on the EHR incentive program
    • Beginners' toolkit on reporting to the government

    All from federal sources.
  • 1

Login

Member Access