A look at the calendar tells us that we only have a short time left in 2018. That means many practices will be looking to complete their Security Risk Assessments in order to either qualify for the 2018 Merit-based Incentive Payment System (MIPS) or to simply fulfill their obligations to comply with the HIPAA Security Rule.
It is especially important for smaller practices to be mindful of Electronic Protected Health Information (ePHI) security regulations – a breach of ePHI can lead to costly notification requirements and potential monetary penalties under the HITECH Act. Managing physicians of small independent practices hold many responsibilities, including the duty to comply with the Security Rule within HIPAA regulations. This article provides a brief overview of federal ePHI compliance safeguards required in a practice. While not meant to be a comprehensive discussion of all requirements, it highlights legal considerations and safeguards a practice must implement to comply with HIPAA ePHI regulations. The federal Security Rule under HIPAA requires a health care provider (typically known as a Covered Entity) to have the minimum ePHI safeguards, listed below.
On Friday, January 19, 2018, the Department of Health and Human Services (HHS) issued a proposed rule that will complicate the issues healthcare providers face in providing treatment to LGBTQ patients.
According to the Ponemon Institute – www.ponemon.org - the average cost of a data breach was $3.62 million dollars. This breaks down to $141 dollars per stolen record. International Data Corporation – www.idc.com – estimates that globally data storage will grow ten-fold by 2025 total of 163 zettabytes (a trillion gigabytes) by 2025. Data is stored in a vast range of devices including your smart phone, laptops, notebooks, workstations, tablets and even on your smart TV. Most businesses focus on the technical aspects of how to avoid data breaches (firewalls, anti-virus, security patches, etc.) and often how physical technical assets are destroyed at the end of their life are often overlooked or do not have a set process in place.
They were surprised, and you likely be will, too. Of the hundreds of healthcare organizations I’ve helped document HIPAA and meet compliance requirements, most are unaware that their Patient Health Information (PHI) is exposed in some way. If a cyber attacker took advantage of this situation, it could cause damage to your patients, bring giant HIPAA fines, and a loss of reputation.
We hate to break it to you, but there's a HIPAA requirement you’re more than likely doing wrong. The Department of Health & Human Services’ Office for Civil Rights (OCR) is cracking down on requiring a true Healthcare Security Risk Analysis.
As of September 30, 2017, the Department of Health and Human Services Office of Civil Rights (OCR) has received notices of 237 breaches. 46% occurred as result of hacking or IT security incidents; many at the business associate level. Ransomware is rampant and projected to increase 670%. As a covered entity, although a breach occurs at your business associate, under HIPAA, you are responsible for your protected health information and responding to the breach. OCR has been clear that breaches of 500 or more records will be investigated. Given the significant increase in breaches over the past few years, advance preparation is critical and can reduce the cost and burden of breach response.
You may not be getting all you can out of your browsing experience
and may be open to security risks!
Consider upgrading to the latest version of your browser or choose on below: