Our country’s ever-evolving healthcare landscape makes the future very unpredictable. Changes are occurring everywhere – regulation and legislation, reimbursement, technology, medical advances, and even the way healthcare is accessed and consumed. These changes impact how healthcare is delivered, paid for and administered. As such, it is imperative that Konica Minolta take an active role in understanding the industry and provide healthcare solutions in order to help our customers prepare for a future that will look very different than it does today. (more…)
In 2013, a covered entity reported to the U.S. Department of Health and Human Services Office for Civil Rights that one of its workstations was infected with a malware program. This resulted in the impermissible disclosure of 1,670 individuals’ electronic protected health information. The ePHI included names, addresses, Social Security numbers, dates of birth, health insurance information, diagnoses and procedure codes.
The covered entity, a hospital in the Northeast, determined that the malware was a generic remote access Trojan that infiltrated their system, providing impermissible access to ePHI, because the organization did not have a firewall in place.
This is a common, basic lapse in compliance of covered entities. So, let’s examine the HIPAA settlement related to this organization. to better understand how you can improve your HIPAA compliance program. (more…)
Based on the frequency and amount of HIPAA fines in 2016, one thing is clear, very clear: the lack of a credible HIPAA compliance program for an organization today, will lead to an increase in business risk.
Multiple alleged HIPAA violations resulted in a $2.75 million settlement with the University of Mississippi Medical Center (UMMC). HIPAA fines typically are in the seven figures. In addition, it always includes a corrective action map (CAP), which requires a comprehensive HIPAA compliance program, mandated with attestation from an organization’s officer over the duration of the CAP period. The duration of the CAP period is typically a minimum of two years, more likely, three years.
The recommendation to senior leadership: select a security framework and establish HIPAA compliance within the context of that framework. There are essentially three options for security frameworks: HITRUST, ISO 27001 and NIST. I would recommend HITRUST. Be deliberate, disciplined, and steady to get HITRUST certified.
Senior executives must treat HIPAA compliance as a life-cycle, as a process. It will lower business risk!
Let’s examine the settlement related to UMMC to better understand how this impacts where you need to set the bar for HIPAA compliance based on Office for Civil Rights (OCR) enforcement of the regulation. (more…)
Understanding your DNA enables you to take proactive measures in defense of your health and well-being. Similarly, an organization must carefully examine its enterprise to ensure that it is protected from the multitude of threats posed by cyber criminals, employee/staff incompetence and/or malicious intent. In this article, we focus on two key challenges for organizations. First, what does HIPAA compliance mean? What must it address? And second, how can an entity address HIPAA compliance and the risk associated with cyber-attacks on a continual basis? We identify options for security frameworks to address this second question.
HIPAA violations and fines are mounting like never before, as evidenced by the following examples:
Healthcare is one of the most dynamic and rapidly evolving industries in the United States. The adoption of technology is growing exponentially and the investment in healthcare IT is outpacing nearly every other vertical market. 2016 promises to continue this trend, with security, interoperability and reimbursement leading the way as key healthcare challenges. Cloud, mobile, data analytics and HIPAA compliance will significantly impact purchase decisions as healthcare providers attempt to improve population health, enhance the individual experience of care and reduce the per capita cost of care (otherwise known as the Triple Aim of Care). (more…)
Healthcare is a dynamic industry, and the pace of change relative to regulation, reimbursement and technology is rapid. The topic of interoperability – the ability to exchange patient information between disparate systems such as a doctor’s office, a hospital and a rehabilitation center – has been top of mind over the past couple of years. (more…)