Even if you’re not a medical office or clinic, if your business deals with HIPAA-regulated industries at all, there’s a pretty good chance you should be following HIPAA news as well. And really, following the headlines of an industry that takes protecting confidential data very seriously is never a bad thing. Here are some recent headlines that should be paid attention to, especially if you’re a HIPAA-regulated business.
In a Nov. 28 email alert, OCR says that its officials have been made aware that a phishing email is being circulated on “mock” HHS departmental letterhead under the signature of OCR Director Jocelyn Samuels. The fake email appears to be an official government communication, and targets employees of HIPAA-covered entities and their business associates, Samuels says in the OCR alert. The phishing email prompts recipients to click a link regarding possible inclusion in the HIPAA privacy, security, and breach notification rules compliance audit program, which is currently underway by OCR.
OCR getting tougher about information security: The Office of Civil Rights, the group that enforces HIPAA regulations and doles out fines, is getting tougher about the security of the data at your organization and is not putting up with excuses anymore.
2016 was a Banner Year for EHR Security Breaches: Some very concerning heath records breach statistics from 2016.
More than 25 million patient records were reportedly compromised as of October 2016. And then, in November, the cases spiked: There were 57 health data breaches—the most in any one month this year, according to the Protenus Breach Barometer. What’s even more concerning is that inside employees were responsible for more than half of November’s breaches, a notable increase from past months.
Insurer Slapped with $2.2 Million HIPAA Settlement: Even if you’re not a clinic or medical practice, you need to protect data you have access to and encrypt, encrypt, and encrypt some more – it’s your get out of jail free card:
The Department of Health and Human Services has issued its second HIPAA enforcement action for 2017. HHS’ Office for Civil Rights has entered a $2.2 million settlement with a Puerto Rican insurance company in the wake of its investigation of a 2011 breach involving a stolen unencrypted USB drive that affected only about 2,000 individuals.
Useful Web-based Security and Training Modules: While we sell great HIPAA training, you can also get some free challenge games provided by the government because playing games while learning more about privacy and security is always a good thing.
Want to learn more about HIPAA and how it affects you? Don’t wait until you get audited or get fined. HIPAA compliance is the law, regardless the size of your practice. Contact your local Weston office today to get all your questions answered professionally and work with you to schedule based on your needs.