Weston Technology Solutions Blog
Blog posts tagged in Compliance
If you are a HIPAA-regulated business or deal with HIPAA-regulated industries, you really have to trust your vendors. A security breach at a vendor’s office may as well be a breach in your office, as far as HIPAA is concerned. You need to have a business-associate agreement (BAA) signed with those vendors. And if that vendor has no idea what a BAA is, you might want to reconsider your relationship with them, for your own protection. In a recent news story, an Illinois-based clinic was fined $31,000 because they didn’t have a BAA signed with a vendor hired to store paper records containing patients’ protected health information (PHI) (that vendor is the focus of other investigations). You can read the full cautionary tale here. If you need any assistance with your vendors or other HIPAA regulations, don’t hesitate to contact your local Weston office today.
You’re probably familiar with Yelp (you can find us on there, both in Anchorage and Bend). It’s the leading crowd-sourced rating site for restaurants, hotels and just about anything else. It’s also host to healthcare reviews, and many physicians and clinics are on the site. Yelp gives you the option to reply to reviews, both positive and negative. What you need to be aware of, though, is that it could be a HIPAA violation if you reply to a review.
A recent study from Intermedia found 93 percent of employees engage in at least one form of poor data security. And 23 percent of respondents admitted they would take data from their company if it would benefit them. Long story short, you can have all the technology security in the world, but your biggest vulnerability lies in your people – from regular employees up to managers and owners. What are some of the issues that researchers found?
A Miami-area hospital was tagged with a $5.5 million fine recently for HIPAA violations. Among the multitude of violations that were cited was one we’ve seen in some of the HIPAA security risk assessments we’ve performed: poor access management, including not disabling access for terminated or former employees. Not disabling those accounts can cost you.
Even if you’re not a medical office or clinic, if your business deals with HIPAA-regulated industries at all, there’s a pretty good chance you should be following HIPAA news as well. And really, following the headlines of an industry that takes protecting confidential data very seriously is never a bad thing. Here are some recent headlines that should be paid attention to, especially if you’re a HIPAA-regulated business.