The University of Rochester Medical Center (URMC) recently paid a $3 million civil monetary penalty to the Office for Civil Rights for HIPAA violations that include failing to encrypt mobile devices. URMC is one of the largest health systems in New York with more than 26,000 employees.
OCR enforces the HIPAA Privacy, Security, and Breach Notification rules. Failing to properly manage and oversee remote access to and the protection of health information can be costly, as the following three cases demonstrate.
Working remotely has many benefits for employers and employees. A Stanford study found that working from home boosts employee productivity, which was attributed to taking fewer breaks and sick days and working in quieter, more convenient work environments.
Q: Can a cloud provider like Amazon Web Services or Microsoft Azure, when considered a business associate (BA), be held liable for breach notification requirements?
In an interview with Briefings on HIPAA, Tim Noonan, deputy director for the Division of Health Information Privacy at OCR, discussed cybersecurity and trends in reports of unsecured PHI to OCR. This article includes the highlights.
OCR meant what it said in February of this year about patients’ right of access to their medical records. The HIPAA Privacy and Security Rule enforcer issued its first enforcement action under its “Right of Access Initiative” in September.
Employees need to know what to do and what not to do when it comes to ensuring protected health information (PHI) remains secure. That’s where TeachPrivacy comes in as an excellent resource for quality staff training.
