May 1, 2014

Costly HIPAA Violations

Two Healthcare Providers have recently settled with Health and Human Services (HHS) over HIPAA Violations. At a combined total of nearly $2,000,000, these settlements could have been avoided by following some basic HIPAA Regulations.

1.  A Physical Therapy Office in Missouri settled with HHS for $1,725,220 over violations associated with a breach of patient Protected Health Information (PHI).

Violation Scenario:

A thief was able to enter the practice, and steal a laptop containing patient PHI. The healthcare provider had completed a Risk Analysis, and had determined that the practice laptops were at risk because they did not employ the use of encryption software. Additionally, physical security measures were not in place to discourage theft from the practice.

Deputy Director of Health Information Privacy stated, "Covered Entities and Business Associates must understand that mobile device security is their obligation."

2.  An Arkansas Health Plan settled with HHS for $250,000 after a laptop containing the PHI of 148 patients was stolen from an employee's car.

Violation Scenario:

A thief was able to access patient information after stealing a laptop out of a car. The employee laptop did not contain encryption software, and should not have been removed from the practice.

Deputy Director of Health Information Privacy stated, "Our message to these organizations is simple: encryption is your best defense against these incidents."

Both Covered Entities are required to complete an updated Risk Analysis, present their analysis to HHS, and to retrain all current staff on current HIPAA regulations; including safeguarding portable electronic media devices.

Is your staff aware of current HIPAA 
Regulations surrounding Mobile Devices? 

Don't be caught unprepared. Visit today to learn how you can quickly and affordably train your staff online in current HIPAA regulations.

No comments: