Healthcare Information Protection
The HIPAA Omnibus Rule took effect March 23, 2013 and in the past few months Human Health Services Office of Civil Rights (OCR) has stated it is dialing up significantly its HIPAA enforcement, which includes HIPAA compliance random audits. Our goal is to provide you with the services, support and expertise your company needs to help lower your business risk when it comes to protecting your business healthcare information. A fine issued to a smalldermatology practice for a reported December 2013 loss of patient data is an indication of OCR’s increased aggressive enforcement andpenalties:
…..in December 2013, a small Massachusetts-based dermatology practice experienced a reportable breach when a thumb drive with PHI was stolen from an employee’s car. The dermatology practice, which employs only 12 physicians, notified all of its patients and the media about the data breach. Nonetheless, when OCR investigated the practice subsequent to the breach, OCR found that the practice had not conducted a thorough security risk analysis and included this violation in its calculation of the $150,000 fine the practice paid.
Risk analysis and risk management are the foundation of a covered entity’s compliance efforts with the HIPAA security rule and it starts with a robust security management process; one of the administrative standards under the security rule. A risk analysis, which is a required implementation specification under the Security Management Process standard, requires an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of your organizations electronic protected health information.
A thorough risk analysis as part of your business risk management plan can help mitigate your business becoming an HHS statistic.
Had the dermatology practice in the aforementioned example conducted its security risk analysis, it is quite likely its fine would have been much less than the heavy fine it received.
We can assist in helping your business conduct a thorough risk analysis to assist in helping you meet your HIPAA compliance needs. Our four phase compliance plan (I. Security Review, II. Action Plan, III. Execution Assessment and IV. Audit) can help ensure you have a robust security plan and process in place tailored to your business operation.
HIPAA Security Advisor Services
- Security Rule Risk Analysis
- Review and guidance on security management processes and procedures
- Security awareness training and program development
- Guidance on procedures to handle security incidents
- Development data breach plan and response procedures
For More information, please contact us at (830) 387-7019