Yesterday’s listserv announcement from the Office for Civil Rights (OCR) within the U.S. Department of Health and Human Services (HHS) brought to mind this question. The post announces the agreement by a Florida company, Advanced Care Hospitalists PL (ACH), to pay $500,000 and adopt a “substantial corrective action plan”. The first alleged HIPAA violation? Patient
We blogged on this back in early May, but compliance with individuals’ rights to access their PHI under HIPAA is even more critical now that OCR has announced that its current HIPAA audits will focus on an audited Covered Entity’s documentation and process related to these access rights.
In an email sent to listserv participants…
Two recently reported breaches of hospital data affecting thousands of patients highlight the prevalence, and apparent success, of phishing attacks. Boston-based Partners HealthCare notified approximately 3,300 patients after a group of staff members were tricked by a phishing scam, and Indiana-based St. Vincent Medical Group…
On the twelfth day of breaches
my hacker sent to me:
Twelve Data Downloads
Eleven Plundered Patches
Ten Missed BA Contracts
Nine Malware Installs
Eight Mis-sent Faxes
Seven Stolen Laptops
Six Snooping Staffers
Five Old NPPs
Four Lost Thumbdrives
Three Re-sent Texts
Two Pop-up Links …
And a Bill for Compliance Auditing.
For a glimpse …
I read a recent Forbes.com post by Rick Ungar (“Claims That Obamacare Website Violates Health Privacy Reveals Embarrassing Fact – GOP Does Not Understand HIPAA or Obamacare”) that revealed a truly embarrassing fact: very few of us really understand HIPAA, let alone the intricacies of the Affordable Care Act (“ACA” or “Obamacare”) and its interplay…
The settlement in the Accretive Health, Inc. PHI breach case provides a good example of how the blurring of the covered entity and business associate roles can backfire on parties that fail to sufficiently analyze and define such roles, not only at the outset of a relationship but throughout its duration and evolution.…
Continue Reading Business Associate Breach Leads to $2.5M Settlement by Accretive: But Who is the Covered Entity or Business Associate Here, and Do We Care?