Web Portal Delays Second Round of HIPAA Audits
The second round of HIPAA compliance audits, originally scheduled to take place this fall, has now been delayed until 2015 to give the OCR time to test its new internet portal. The new web portal is one of the new measures being introduced to assist it in policing HIPAA and it is expected to streamline the data collection. The portal will also be used to report HIPAA breaches and violations. According to OCR senior adviser, Linda Sanches, “We recently had an opportunity to update the technology we’re using, giving us capabilities that we just didn’t have access to before.” The roll out of the new portal needs to be completed before the OCR can conduct its next round of audits as the system will need to be used to collect and collate the thousands of documents a round of audits generates. The new system will also allow Jocelyn Samuels to develop the OCR’s program of permanent audits, which former OCR Director Leon Rodriguez had envisioned before he took up his new role with Homeland Security. The collection and analysis of documents is an extremely labor...
Your Name and Medical Condition in the Classified Ads
Your medical data, name and contact information could be online and up for sale. Legions of data miners are trawling the internet to unearth patient’s medical data and contact information to sell on to interested parties. Even if you do not have any known diseases it does not make your health records and contact information safe, as was recently highlighted by 42-year old IT worker, Dan Abate. His contact information was listed for sale along which stated he had registered interest in Diabetes, indicating he had or at least suspected he may have the condition. The reality was he has not, and never has shown “diabetes interest” yet his name was included in a list sold by Acxion (ACXM); one of the largest online data brokers operating in the U.S. The data was purchased and resold by Exact Data and Dan’s name appeared online in the public domain in a sample of the data listed for sale. Medical databases are valuable to a broad range of companies and individuals from blue chip companies for direct marketing purposes to cybercriminals hoping to exploit their victims. As the volume of...
Meaningful Use Stage 2 Requirements
Update: The Meaningful Use program was renamed in 2018 to the Promoting Interoperability program to highlight CMS´ focus on interoperability between health IT systems and improving patient access to health information. The new program was effectively Meaningful Use Stage 3. In 2022, CMS discontinued the Medicaid Promoting Interoperability Program. Eligible clinicians that previously participated in the Meaningful Use and Promoting Interoperability incentive programs are now required to participate in the Merit-based Incentive Payment System (MIPS). XXXXXXXXXXXXXXXXXXXXXXXXXXXX Progression from Meaningful Use Stage 1 to Stage 2 requires eligible professionals (EPs), Eligible Hospitals (EHs), and Critical Access Hospitals (CAHs) to have satisfied the core objectives and other Meaningful Use Stage 1 requirements for two years, with progression to Stage 3 requiring 2 years of meeting Meaningful Use Stage 2 requirements. Meaningful use requirements are cumulative, so as EPs, CHs, and CAHs progress through the stages, they are required to continue to demonstrate meaningful use of the...
HIPAA Breach Report: June 2014
June 2014 HIPAA Breach Summary: The Breach Notification Rule of HIPAA places a requirement on covered entities and their Business Associates to notify the Department of Health and Human Services’ Office for Civil Rights of data breaches affecting more than 500 individuals. The time limit for doing so this is stipulated in the Breach Notification Rule as 60 days from discovery of the breach. This report contains a summary of the breaches reported to the OCR during the month of June, 2014. Major HIPAA Breaches in June 2014 Three major data breaches were reported in June which exposed tens of thousands of medical records. NRAD Medical Associates, P.C. (NY) reported an incident in which a former member of staff gained access to, and copied, the records of 97,000 patients. The employee was believed to have taken the data with intent of using the information for personal gain. Santa Rosa Memorial Hospital (CA), recently acquired by the St. Joseph Health System, suffered a break-in at the Redwood Regional Medical Group offices which resulted in 33,702 unencrypted medical records being...
Fines for Violations Issued for HIPAA Non-Compliance and Data Breaches
Following on from high profile data breaches in recent months, in particular the breach of PHI across 209 hospitals operated by CHS, compliance with HIPAA regulations is now high on the agenda, especially considering the steep fines being issued by the OCR. Any data breach involving more than 500 individuals must be reported at both state and national levels, with the report launching an investigation by the OCR. The investigation will assess how the data breach occurred and the measures and safeguards put in place to protect data. Fines are issued for any breaches which have resulted from failures to adhere to HIPAA guidelines. However data breaches alone are not the only reason for fines being issued. Compliance with HIPAA requires policies to be adopted and procedures to be followed to ensure security risks are effectively dealt with. When an organization is assessed it will be against a standard to determine if there has been willful neglect, and whether a violation has occurred. A failure to conduct a thorough risk analysis is a violation of HIPAA regulations. If the risk...



