Managed HIPAA Compliance Services
EXAMPLES OF LOCAL HIPAA VIOLATIONS
BEAUTY DENTAL, INC. of Chicago, IL exposed 657 patient records
Following the breach, they had to notify its clients by letter of the incident and submit a press release describing the circumstances of the breach to the Chicago Tribune and the Chicago Sun Times. An employee stole patient records from their office. They required the individual who allegedly stole those documents to return all physical patient PHI in her possession and sign a statement swearing that she no longer possessed any patient documents and would not use or disclose the PHI in any manner. They installed a new security system for the office that requires the input of a code specific to each employee, and implemented new technical safeguards that limited employee access to ePHI according to the employee's position and rank.
Stoetzel's Planet Chiropractic of Lemont, IL exposed 1000 patient records
An unauthorized individual broke into their facility and stole a laptop computer containing the electronic protected health information (ePHI) of approximately 1,000 individuals, including names, credit card numbers, bank account numbers, treatment information, and x-ray images. They had to provide breach notification to HHS, all of the affected individuals, and issue Press Releases about the exposures to prominent media outlets in Illinois. Following the breach, Stoetzels reported the theft to the local police department, relocated to a new facility, and implemented facility security measures, including a security alarm system. It also enhanced its policies and procedures implementing the Privacy and Security Rules. OCR obtained assurances that Stoetzels implemented the corrective actions listed in their agreement with HHS.
Rainbow Hospice and Palliative Care of Mt. Prospect exposed 1000 patient records
An employee's laptop was stolen out of her bag while she was making an admission visit in a patient's home. The evidence showed that although the covered entity had a policy of encrypting and password-protecting its computers, this particular computer did not require a password most of the time. The invoices on the laptop contained the protected health information (PHI) of approximately 1,000 individuals. Following the breach, the covered entity notified its clients of the incident, placed notices on its website and a Press Release in The Daily Herald, sanctioned the employee for changing the security settings on the laptop in question, and established stringent computer security guidelines, and retrained its staff in the new requirements, with the intention of preventing a similar event from occurring again.
(The above information was obtained from the U.S. Department of Health web site - https://ocrportal.hhs.gov)
Compliance Assistance, Risk Assessments, Internet Intrusion Testing, Breach Investigation
and Remediation Services and Security Awareness Training For Your Staff
In the quest to have access to all information, anywhere, anytime, it seems that some organizations forgot to consider the risks involved and get caught by security or privacy exposures that can carry fines that can run into the millions of dollars. Penalties for exposed patient records can range from $100 per record if you've done everything possible to protect your network to $10,000 per record when HHS/OCR determines you've been negligent in your compliance responsibilities.
Not enough time to run your business AND make sure your practice is fully secure and compliant?
ACT is the security and compliance resource that every small practice needs to meet HIPAA security and privacy requirements day-in and day-out!
Even if you've moved your EHR record-keeping to the cloud, you still have security obligations to fulfill for your patients and their families. Just because you can outsource the data management functions to cloud providers, you can't outsource the ultimate responsibility for that PHI. That is ALWAYS yours.
ACT can help you meet all of your security and privacy compliance responsibilities.
Here are some of the Major components of HIPAA Compliance that ACT can help you with:
Policies and Procedures development and management
PHI Security, encryption and protection
Security awareness training for your staff and you
Breach investigation and remediation