Alexa Certify Image
+1-626-775-7394
·
Monday - Friday 08:30 AM - 5:00 PM

Frequently Asked Questions (FAQs)

Cybersecurity

Cybersecurity is extremely important for the health care industry because cybercriminals have realized that the health care industry is an easy target with a big payoff. Hundreds of million patient records have already been breached and continue to be breached, ransomware has paralyzed many health care organizations, and business email compromise attacks continue to victimize small/mid-size medical practices, hospitals, and the organizations that support them.

Category: Cybersecurity

Ransom malware, or ransomware, is a type of malware that prevents users from accessing their system or personal files and demands ransom payment in order to regain access.

Category: Cybersecurity

HIPAA

A business associate is a person or organization, other than a member of a covered entity’s workforce, that performs certain functions or activities on behalf of or provides certain services to, a covered entity that involves the use or disclosure of individually identifiable health information.

Category: HIPAA
Tag: BAA

When a covered entity uses a contractor or other non-workforce member to perform “business associate” services or activities, the Rule requires that the covered entity include certain protections for the information in a business associate agreement (in certain circumstances governmental entities may use alternative means to achieve the same protections)

Category: HIPAA
Tag: BAA

The Office of Civil Rights is the government body that issues monetary fines and corrective action for HIPAA violation. Below are common HIPAA violations and examples of recent cases:

common hipaa violations
  1. Impermissible uses and disclosures of protected health information
    • Pharmacy – A pharmacy chain disclosed protected health information in a manner that did not comply with the Privacy Rule. The OCR required to update its national policy regarding law enforcement access to patient information.
    • Private Practice – A workforce member discussed HIV testing procedures with a patient in a waiting room.
    • Business Associate – A municipal social service agency disclosed protected health information while processing Medicaid applications by sending consolidated data to computer vendors that were not business associates.
  2. Lack of safeguards of protected information
    • Private Practice – An OCR investigation confirmed allegations that a dental practice flagged some of its medical records with a red sticker with the word “AIDS” on the outside cover, and that records were handled so that other patients and staff without need to know could read the sticker
  3. Lack of patient access to their protected health information
    • Private Practice – A private practice failed to honor an individual’s request for a complete copy of her minor son’s medical record. 
    • Mental Health Center – The complainant alleged that a mental health center improperly provided her records to her auto insurance company and refused to provide her with a copy of her medical records.
  4. Us or disclosure of more than the minimum necessary protected information.
    • Hospital – A hospital employee’s supervisor accessed, examined and disclosed an employee’s medical record. 
    • Health Plan – A complaint alleged that an HMO impermissibly disclosed a member’s PHI, when it sent her entire medical record to a disability insurance company without her authorization.

Category: HIPAA

If you are a doctor or a business associate you are more than concerned about how serious is a HIPAA violation. On this FAQ we will focus on the details of how serious is a HIPAA violation. If you are a health care provider or business associate then you are bound by HIPAA law. Being bound by HIPAA forces your organization to become HIPAA compliant. Violations can be reported in the following way; reported by an employee or patient, breach, and an OCR audit. The following fines are outlined by the HHS.

How serious is a HIPAA violation
  • Tier 1 – Unaware of HIPAA violation with reasonable due diligence would not have known HIPAA Rules had been violated.
    • $100-$50,000 per violation not to exceed $1.5 million per year
  • Tier 2 – Reasonable cause that the covered entity knew about or should have known about the violation by exercising due diligence.
    • $1,000 – $50,000 per violation with maximum of $1.5 million per year.
    • HHS shall determine the penalties based on nature and extent of the harm resulting from the violation.
  • Tier 3 – Willful neglect of HIPAA Rules with the violation corrected within 30 days of discovery
    • $10,000 – $50,00 per violation with a maximum of $1.5 million per year
  • Tier 4 – Willful neglect of HIPAA Rules and no effort made to correct the violation within 30 days of discovery.
    • $50,000 per violation with a maximum of $1.5 million per year
    • HHS shall determine the penalties based on nature and extent of the harm resulting from the violation.

To learn more about becoming compliant you can read about the details: 8 ways to protect your practice from fines

Category: HIPAA

Unfortunately, there can never be a 100% guarantee that ePHI/PHI won’t be compromised. The de-identification of data is no exception as it also runs the risk of exposing sensitive information. The simple mistake of not removing all the patient identifiable information increases the risk of exposure.

Category: HIPAA

De-identified data is the process used to eliminate the possibility of a patient’s identity from being compromised by deleting or hiding identifiable information such as names, addresses, phone numbers, or social security numbers.

Category: HIPAA

Any covered entity that electronically processes, stores, transmits, or receives medical records, claims or remittances.

Category: HIPAA

Every covered entity is required to perform the 6 mandatory HIPAA audits annually.

Category: HIPAA

Load More

We are using cookies to give you the best experience. You can find out more about which cookies we are using or switch them off in privacy settings.
AcceptPrivacy Settings

GDPR