Business Associate Security Issues - EP 73

BAs are in the HIPAA spotlight now more than ever.

• TheDarkOverlord was clearly using some BA applications to infiltrate networks and exfiltrate PHI.
• OIG reviewed Alaska VA system after breaches and the report specifically points to the need to monitor BAs
• OCR audits of BAs are about to start. Previously said end of September but now saying October

In this episode we discuss what all this means.

More at HelpMeWithHIPAA.com/73

Check out the latest episode!

HIPAA Penalties Increasing - Ep 72

Did you hear that maximum penalties for HIPAA violations are being adjusted for inflation? It has quietly happened. Here is how.

Check out the Federal Register entry from September 6, 2016. If you aren't in to reading yourself, don't worry, you know Donna did it. Well, at least the HIPAA parts.

Learn more at: HelpMeWithHIPAA.com/72

Check out the latest episode!

OCR small breach investigations increasing - Ep 71

OCR recently released another memo concerning compliance enforcement efforts.  They say effective August 2016, they have started an initiative to more widely investigate breaches involving under 500 patients.  That means that OCR small breach investigations will begin happening immediately.  In the past, the policy had been to investigate all breaches over 500 patients but not under.  

More information at HelpMeWithHIPAA.com/71

 

Check out the latest episode!

Insider Threats: Do you know who your employees are? - Ep 70

OCR published a memo on Aug 1, 2016.  The title is "Do you know who your employees are?".  It is a great reminder about insider threats that we should all worry about regularly.

Quoted directly from the memo.
============================
Although all insider threats are not malicious or intentional, the effect of these threats can be damaging to a Covered Entity and Business Associate and have a negative impact on the confidentiality, integrity, and availability of its ePHI.

According to a survey recently conducted by Accenture and HfS Research, 69% of organization representatives surveyed had experienced an insider attempt or success at data theft or corruption. Further, it was reported by a Covered Entity that one of their employees had unauthorized access to 5,400 patient’s ePHI for almost 4 years.

For more visit: HelpMeWithHIPAA.com/70

Check out the latest episode!

OCR 2016 settlements keep coming - Ep 69

So far in 2016 there have been 10 resolution agreements announced. One more and this year will equal the number of agreements in all of 2015 & 2014!

The latest two also include the largest one announced yet - $5.5m with Advocate Health.

Before that though was The University of Mississippi Medical Center - Ole Missto those of us in the SEC world. It wasn't something to "shake a stick at" with a$2.75m resolution amount.

The total amount for those 10 announcements so far in 2016 = $20,314,800

Of course the details are what we usually pay more attention to since it tells us exactly what OCR has a problem with in each case. It makes it clear what OCR wants all of us to learn from these folks mistakes.

For more visit HelpMeWithHIPAA.com/69

Check out the latest episode!