HIPAA

Channel 9 Denver (NBC), acting on a tip, found a dumpster in plain view outside of a pharmacy containing thousands of patients' medical records. The penalty for this could be massive.

For more information and a video visit http://www.9news.com/news/article/248924/222/9Wants-to-Know-finds-dumpst...

A reminder that reports of HIPAA breaches that occurred in 2011 involving fewer than 500 individuals must be submitted to HHS by February 29, 2012.

The breach notification rule requires covered entities to report all breaches of unsecured protected health information (45 CFR 164.408). The number of individuals affected by the breach determines when the notification must be submitted.

The 390 major breaches affecting more than 19 million individuals as a result of the federal HIPAA breach notification rule have taught us that there are 8 tips that can help you to avoid a breach:
1. Don't Forget Risk Assessments (See Download/HIPAA Information in the menus above)
2. Encrypt Mobile Devices, Media
3. Beef Up Training
4. Conduct Internal Audits
5. Monitor Business Associates
6. Limit Data Storage
7. Don't Forget About Paper Records
8. Address Other Potential Vulnerabilities

The legal site JDSupra has an article about HIPAA audits, increased liability and documentation you should have available at a minimum:
- HIPAA Security and Privacy manuals documenting all of your procedures
- Lists of all Business Associates
- Risk Analysis
- Evaluation of compliance
- Training
- Subject matter experts (compliance officer, security officer, etc)
- timely response if you are audited.

LOS ANGELES, CA, Feb 02, 2012 (MARKETWIRE via COMTEX) -- Over 50,000 businesses protect their digital assets with an IBackup account. This includes many financial and medical practices that have unique and stringent requirements they must meet regarding the backup and storage of their data. IBackup assists these types of organizations with regulation compliance, security, reporting and more. http://www.ibackup.com

Meeting the Special Needs of Medical Professionals

While talking with medical professionals at a conference this past weekend, it came to light that many who have already attested compliance with Meaningful Use do not have a current, valid, customized HIPAA manual. If you find yourself in that situation, you must remedy this immediately because it means that you are NOT meeting Meaningful Use and if you are audited here is likely to be significant fines levied against you.

2011 draws to a close today, and as it does, it ushers in a year where more medical professionals than ever will be rushing to neet Meaningful Use, and of course that means HIPAA data security compliance. There used to be a time when we did not worry much about our online data; that time is long gone. Here are some companies who were hacked and had their users' personal data put out on the Internet:

There is a new vulnerability that has been found in many WiFi routers which could allow attackers to gain access to your network, and therefore to your ePHI. Sparing you the technical details, which you can get by reading http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf you should look at the sticker on your router. If there is an entry that is labeled "WPS PIN", you might want to consider replacing your router with one that does not have this.

Government Information Security (govinfosecurity.com) has an article entitles "Breach Response: Are You Prepared?" at http://www.govinfosecurity.com/articles.php?art_id=4343

We here at CME Online have been urging doctors to be prepared for years. Download the forms above under Downloas / HIPAA Information and get to work on HIPAA compliance today. Do it yourself if you can or ask us or other consultants for help if you need, but get it done.

Florida Statutes Section 400.145 provides that nursing homes "shall furnish to the spouse, guardian, surrogate, proxy, or attorney in fact . . . of a former resident . . . a copy of that resident's records which are in the possession of the facility." Also, "Copies of such records . . . may be made available prior to the administration of an estate, upon request, to the spouse, guardian, surrogate, proxy, or attorney in fact."