Archives

Tag Archives for: "Office of Civil Rights"

The Basics of Mobile Device Security for Protected Health Information

The single most common way Protected Health Information (PHI) is compromised is through the loss of devices themselves, whether this happens by accident or by theft. Technology — thumb drives, CDs, smart phones, tablets — has made it possible for large amounts of information to be tucked into our pockets or purses and carried to our cars, homes, favorite coffee shops, or hotel rooms at conferences. Files that used to take up an entire wall can now fit on a 2-inch thumb drive, a mini iPad, a laptop. But with this amazing technological convenience, comes increased responsibility. “Covered entities and […]

Read more »

HIPAA & The Miley-Cyrus Approach to Data Disposal

Does a Miley Cyrus video with over 750 million views offer any insights into what HIPAA says about data disposal? Well, consider this: The massive wrecking ball Ms. Cyrus sits on in the video swings between cinder-block walls. And before the hit song is over, they’re reduced to rubble, destroyed beyond recognition. If it’s not too much of a stretch, let’s think of that image from the “Wrecking Ball” video as a metaphor for the Security Rule’s guidelines for the disposal of computers, laptops and other media that house Protected Health Information (PHI). The best way to prevent unauthorized access […]

Read more »

Basic Guide to Thwarting Theft of Protected Health Information

Fact: According to the latest HIPAA and Breach Enforcement Stats from the Office of Civil Rights (the arm of Health and Human Services responsible for HIPAA enforcement), theft is the leading cause of reported breaches. Last year, as a direct result of a breach report of a stolen unencrypted laptop, Concentra Health Services paid OCR $1,725,220 to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. And that’s just one story. There have been plenty more, and the number continues to grow. First step to thwarting theft of Protected Health Information: Think like […]

Read more »

How to Prepare for the Risk Assessment HIPAA Requires

  My brother-in-law retired a few years ago after more than three decades in private practice. He ran his busy office the old fashioned way — without computers. His patients’ records were kept in manila folders filed in a wall of shelves. In longhand, his office manager recorded appointments in a big black book and kept track of accounts in a ledger tucked into a backroom drawer. Today when I sat down to blog here about how to prepare for a risk analysis/risk assessment (the terms are interchangeable), I couldn’t help but think about my brother-in-law’s healthcare office and how […]

Read more »

Why Serious HIPAA Enforcement Is Inevitable

To borrow a phrase from Stephen Colbert, the Office of Civil Rights (OCR) — the department in charge of HIPAA enforcement — got a “wag of the finger” a while back from the Health and Human Services Office of the Inspector General. And that’s bound to have an impact on healthcare offices everywhere. A November 2013 report from that office pointed out serious weaknesses that need to be addressed in OCR’s enforcement of HIPAA compliance. Titled — in all caps, no less — THE OFFICE FOR CIVIL RIGHTS DID NOT MEET ALL FEDERAL REQUIREMENTS IN ITS OVERSIGHT AND ENFORCEMENT OF […]

Read more »

The Role of a Practice’s HIPAA Privacy Officer

  Exactly when an HHS auditor will visit your office is anybody’s guess. But I do know the first words an auditor is likely to say when he/she arrives to assess how the practice is doing with HIPAA compliance: “I’m from Health and Human Services and I’d like to speak with your Privacy Officer.”Roblox Robux Hack 2017  HIPAA says that every practice or healthcare organization must designate a privacy officer. No office—no matter its size—is exempt from this HIPAA requirement. In larger healthcare organizations, it’s not uncommon for the role of HIPAA Privacy Officer to be someone’s entire job. That […]

Read more »

HIPAA, Britney Spears, and Protected Health Information

I don’t know much about Ms. Spears. I’ve no idea who she’s paired with at the moment. And if I saw an Enquirer headline that read, “North Woods Shocker: Britney Marries Bigfoot,” I would not be tempted to buy a copy. But a lot of people are  curious about celebrities like Britney Spears or Kim Kardashian or Maria Shriver. In several incidents in recent years, their curiosity has cost them their jobs in healthcare. Today I’m going to talk about what can be learned about HIPAA compliance from cases like that — even if the only celebrity who ever visits […]

Read more »