HIPAA

They want what!?

Takeaways: No longer are small providers “too small” for OCR to conduct a breach investigation. In an article concerning a breach investigation a copy of the information requested in the OCR letter was included. The items were to be supplied within 20 days. When I...

HIPAA One and Done has Gone the Way of the Dodo

Takeaway for today:  It is time to completely rethink the way you look at HIPAA Compliance requirements in your business.  HIPAA Compliance has changed.  It is no longer something you can just check off your list once or twice a year. A practice administrator told me...

Russian Password Hack – Why Security Matters

Takeaways:  If you use the same user name and password for anything that has access to PHI and some other mundane website or service (even a small one) change it today.  In fact, make sure you change all your PHI passwords to something different.  If one is hacked,...

The fines are coming! The fines are coming!

To borrow from Longfellow’s poem: Listen my children and you shall hear Of the midnight ride of Paul Revere, In this case, it isn’t a midnight ride but a late afternoon speech by Jerome B. Meites, a chief regional civil rights counsel at HHS, in Chicago.  Historians...

800,000 Reasons You Need Workforce Training

The recent HHS settlement in the case of 71 cardboard boxes of medical records being left on a physicians driveway is your 800,000 reasons, and they are all in cold, hard cash.  Here is the key detail about what happened direct from the resolution agreement: On June...