1. Phase 2 of OCR's HIPAA audits will be desk audits, which means OCR will not conduct on-site audits of covered entities (CE) and business associates (BA) unless resources are available.
In the wake of several large breaches, OCR is ready to ramp up its oversight of HIPAA compliance as it embarks upon Phase 2 of its HIPAA privacy, security, and breach notification audits. OCR began preparing for this round of audits around the same time that news broke of the second-largest HIPAA breach in the U.S., a hacking incident that affected 4.5 million patients treated at or referred to Tennessee-based Community Health Systems, Inc.
The September 22, 2014, deadline to revise business associate agreements (BAA) may have seemed like a date far in the future when the HIPAA omnibus final rule was released January 25, 2013. However, this compliance date is now in our rearview mirror as we continue to move along the road toward establishing and maintaining compliance with the HIPAA Privacy Rule and Security Rule.
Q: I am currently working on a social media usage policy for the organization where I work. I often notisce that some of my friends in the healthcare industry will post about patients on social media website.
Hardware end-of-life data destruction presents a challenge in the world of healthcare. Whether the data is stored on a laptop, server, or even large biomedical equipment, the data needs to be properly destroyed before being repurposed. Green Delete, Inc., (GDI) offers secure, on-site data destruction that is efficient, quick, and environmentally friendly.
Q: Are there any penalties for sending an unencrypted email containing PHI to the intended recipient? Would this just be a violation of the CE's policy and not a privacy breach under HITECH?
The HIPAA Security Rule requires implementing risk management tools and techniques to adequately and effectively safeguard ePHI. Risk analysis and management provides the foundation for an organization's Security Rule compliance efforts, and reinforces its strategy to protect the confidentiality, integrity, and availability of vital information.
The OCR continues to crack down on HIPAA breaches, but it also paused to take a look back at past incidents in two annual reports to Congress. The reports, which were released in May, summarize the reported 2011?2012 HIPAA breach and compliance activities as required by the HITECH Act. Although the data presented in the reports details the events from prior years, the causes of the breaches reported to and investigated by OCR are still relevant?and problematic?for healthcare organizations today.
