View:

$2.5 Million Settlement Shows That Not Understanding HIPAA Requirements Creates Risk

April 21, 2017

Below is yet another OCR case involving a single stolen laptop which then led to further investigation by OCR and that investigation showed a lack of policies and procedures which may have prevented this event.  The lack of policies has been at the root of all major settlements and the corrective action plans instituted by the OCR is going to be a very long and “painful” process for CardioNet.  These incidents are the reason all covered entities and business associates must have a Security Risk Assessment and implement policies and procedures.  

READ MORE

Employed Physicians: Risk Exposure Paradigm

Tim Bone, MedMal Direct Chief Claims Officer // April 21, 2017

Recent medical school graduates and/or seasoned providers are increasingly made aware of the option to work as a hospital employee; under this employment arrangement, it is important to consider professional liability exposure. From the purchase of a physician’s “tail” coverage to the choice of captive versus commercial coverage, or the joint defense of a lawsuit, all aspects of these essential components of this new risk exposure paradigm must be considered from the point of view of both the physician and hospital.

READ MORE

Overlooking Risks Leads to Breach, $400,000 Settlement

April 10, 2017

Each day we hear more information on OCR investigations into HIPAA Privacy and Security breaches throughout the United States.  Most of the settlements we learn about have come around from self reported breaches that occurred as much as 5 years ago and the cases are just resolving.  The case below emphasizes the need to do a thorough Security Risk Assessment to avoid a potential breach and maintain patient privacy.  It also emphasizes that a risk management plan is part of what they look for which in this case could have mitigated the settlement amount had the practice done a thorough job.  Consider doing a SRA or reviewing your current one today and updating it annually.  Also don’t forget to do an RCA (root cause analysis) post breach or incident which will aid in determining probability of reoccurrence and validity of current P&P.

READ MORE

Text Messaging and HIPAA

Michelle Bilsky, CHCO, LHRM, MLA, CBA Vice President of Risk Management at MedMal Direct // April 08, 2017

Text messaging has become popular in the health care field, permitting providers to multitask and to communicate more quickly than with phone calls. Despite these benefits, health care providers should be aware of the potential consequences under HIPAA and the HITECH Act (collectively, “HIPAA”) of permitting staff to text patient information. “Text messaging” encompasses any communication service or application that enables transmission of electronic written messages between two or more mobile devices.

READ MORE