Industry Insights

View the latest articles from industry insiders or use the drop-down function to search by category.   

$2.5 Million Settlement Shows That Not Understanding HIPAA Requirements Creates Risk

April 18, 2017

Here is yet another OCR case involving a single stolen laptop which then led to further investigation by OCR and that investigation showed a lack of policies and procedures which may have prevented this event. The lack of policies has been at the root of all major settlements and the corrective action plans instituted by the OCR is going to be a very long and “painful” process for CardioNet. These incidents are the reason all covered entities and business associates must have a Security Risk Assessment and implement policies and procedures.  


Overlooking Risks Leads to Breach, $400,000 Settlement

April 09, 2017

Each day we hear more information on OCR investigations into HIPAA Privacy and Security breaches throughout the United States.  Most of the settlements we learn about have come around from self reported breaches that occurred as much as 5 years ago and the cases are just resolving.  The case below emphasizes the need to do a thorough Security Risk Assessment to avoid a potential breach and maintain patient privacy.  It also emphasizes that a risk management plan is part of what they look for which in this case could have mitigated the settlement amount had the practice done a thorough job.  Consider doing a SRA or reviewing your current one today and updating it annually.  Also don’t forget to do an RCA (root cause analysis) post breach or incident which will aid in determining probability of reoccurrence and validity of current P&P.


Text Messaging and HIPAA, Privacy and Confidentiality

April 06, 2017 | By: Michelle Bilsky, CHCO, LHRM, MLA, CBA

Text messaging has become popular in the health care field, permitting providers to multitask and to communicate more quickly than with phone calls. Despite these benefits, health care providers should be aware of the potential consequences under HIPAA and the HITECH Act (collectively, “HIPAA”) of permitting staff to text patient information. “Text messaging” encompasses any communication service or application that enables transmission of electronic written messages between two or more mobile devices.


FBI Warns Healthcare Industry About Anonymous FTP Server Cyber Attacks

March 27, 2017 | By: Risk Management

Does your practice transfer files in order to share patient information or data? Do you use an FTP server? 
FTP is an acronym forFile Transfer Protocol. As the name suggests, FTP is used to transfer files between computers on a network. You can use FTP to exchange files between computer accounts, transfer files between an account and a desktop computer, or access online software archives.
If you do any of these things you need to read the below report from the FBI on Cyber Crimes related to FTP servers.