Security | Compliance | Certification
866-276-8309 or info@ehr20.com

Archive for the HIPAA/HITECH Compliance Assurance Category

Colorado hospital failed to terminate former employee’s access to ePHI

Colorado hospital failed to terminate former employee’s access to ePHI

Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security rules requires all healthcare covered entities and their business associates to conduct security risk analysis of their IT infrastructure annually and with any change in process or system. As part of HIPAA rules, all covered entities and their business associates are required to have proper procedure in place to terminate any employees.
Pagosa Springs Medical Center (PSMC) has agreed to pay $111,400 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services and to adopt a substantial corrective action plan to settle potential HIPAA violations

Read more

Florida contractor physicians’ group shares protected health information with unknown vendor without a business associate agreement

December 8,2018 – Advanced Care Hospitalists PL (ACH) has agreed to pay $500,000 to the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) and to adopt a substantial corrective action plan to settle potential violations of the Health Insurance Portability

Read more

Allergy practice pays $125,000 to settle doctor’s disclosure of patient information to a reporter

November 26, 2018-Allergy Associates of Hartford, P.C.(Allergy Associates), has agreed to pay $125,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle potential violations of the Health Insurance Portability and

Read more

HIPAA Fine for Lack of Timely Breach Notification 

The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), has announced the first Health Insurance Portability and Accountability Act (HIPAA) settlement of 2017 based on the untimely reporting of a breach of unsecured protected health information (PHI).  Presence Health has agreed to settle

Read more

HIPAA Compliance 2016 Year in Review

Planning for the upcoming year is a chance to review the main developments in Healthcare IT HPAA Compliance from 2016 that will affect providers, business associates, and patients. Priorities remain to uphold confidentiality, integrity, and availability of patient data, factoring in the latest proceedings in technological and

Read more

Eye Associates of Pinellas HIPAA Compliance

Eye Associates of Pinellas is the latest victim of HIPAA Compliance violation. Practice reported an incident of the data breach of their patient data at the hands of a third party vendor. The Eye Associates of Pinellas, located in Florida recently issued a statement to its patients

Read more

HHS’s First Step to MACRA Legislation

Administration takes first step to implementing legislation modernizing how Medicare pays physicians for quality On April 27th, 2016, The Department of Health and Human Services  issued a proposal to align and modernize how Medicare payments are tied to the cost and quality of patient care for hundreds

Read more

Office of Inspector General: OCR should strengthen its oversight of covered entities’ compliance with the HIPAA privacy standards.

OIG has recently completed a study of OCR’s HIPAA audit program and published the following recommendations: (1) OCR should fully implement a permanent audit program (2) OCR should maintain complete documentation of corrective action (3) OCR should develop an efficient method in its case-tracking system to search

Read more

Is patient protected health information safe if a Covered Entity has a dispute with their Business Associate?

How do you ensure Electronic protected health information (ePHI) is safeguarded when a contract between a Covered Entity and a Business Associate ends? Especially when there is a dispute. A Business Associate Agreement between a Covered Entity and their Business Associate must clearly spell out the following

Read more

Does my healthcare practice need to be HIPAA/HITECH certified?

We mentioned earlier in one of our blog posts that we would get back to you about the HIPAA/HITECH “Certification” question that lot of  the healthcare practices are asking about …  Certification by a third-party is not required for Covered Entities and Business Associates unlike PCI or

Read more

Subscribe

Upcoming Events

  1. HIMSS 19 Conference & Exhibition

    February 11 - February 15
  2. SOC 2 Requirements and Certifications

    February 13 @ 1:00 pm - 2:00 pm