Priciest HIPAA Incidents of 2015

Similar documents
Key Legal Issues in EMR, EMR Subsidy and HIPAA and Privacy Click Issues to edit Master title style

503 SURVIVING A HIPAA BREACH INVESTIGATION

6/7/2018. HIPAA Compliance Simplified. HHS Wall of Shame. Marc Haskelson, President Compliancy Group

8/14/2013. HIPAA Privacy & Security 2013 Omnibus Final Rule update. Highlights from Final Rules January 25, 2013

HEALTH & HUMAN SERVICES OFFICE FOR CIVIL RIGHTS HIPAA COMPLIANCE AUDITS. What do I need to know?

HIPAA Overview Health Insurance Portability and Accountability Act. Premier Senior Marketing, Inc

ARE YOU HIP WITH HIPAA?

Business Associate Risk

Preparing for a HIPAA Audit & Hot Topics in Health Care Reform

New. To comply with HIPAA notice requirements, all Providence covered entities shall follow, at a minimum, the specifications described below.

HIPAA THE NEW RULES. Highlights of the major changes under the Omnibus Rule

HIPAA AND YOU 2017 G E R A L D E MELTZER, MD MSHA

1 Security 101 for Covered Entities

8/30/2016 HIPAA: WHAT S CHANGED?

Determining Whether You Are a Business Associate

Safeguarding Your HIPAA and Personal Health Information Data. Robert Hess, Office of General Counsel Steve Cosentino, Stinson Morrison Hecker

How to Cut Down on Security Risks:

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

Assessing and Mitigating Risk Under the HIPAA Omnibus Rule

HEALTHCARE BREACH TRIAGE

2. HIPAA was introduced in There are many facets to the law. Which includes the facets of HIPAA that have been implemented?

HIPAA Breach Notification Case Studies on What to Do and When to Report

"HIPAA RULES AND COMPLIANCE"

Understanding Cyber Risk in the Dental Office. Melissa Moore Sanchez, CIC

Privacy Rule Primer. 45 CFR Part 160 and Subparts A and E of Part CFR , 45 CFR CFR

AFTER THE OMNIBUS RULE

2016 Business Associate Workforce Member HIPAA Training Handbook

IACT Medical Trust. June 28, Jim Hamilton (317) HIPAA Privacy Training Bose McKinney & Evans LLP

HIPAA in the Digital Age. Anisa Kelley and Rachel Procopio Maryan Rawls Law Group Fairfax, Virginia

HIPAA PRIVACY AND SECURITY AWARENESS

Breach Policy. Applicable Standards from the HITRUST Common Security Framework. Applicable Standards from the HIPAA Security Rule

What Does The New Omnibus HIPAA/HITECH Final Rule Really Mean For Employers And Their Service Providers?

HIPAA Update. Jamie Sorley U.S. Department of Health and Human Services Office for Civil Rights

LEGAL ISSUES IN HEALTH IT SECURITY

Effective Date: 4/3/17

Presented by Marti Arvin Chief Compliance Officer UCLA Health Sciences

2011 Miller Johnson. All rights reserved. 1. HIPAA Compliance: Privacy and Security Changes under HITECH HITECH. What is HITECH? Mary V.

H E A L T H C A R E L A W U P D A T E

RISK TRACK. Privacy and Data Protection

EXCERPT. Do the Right Thing R1112 P1112

HIPAA & The Medical Practice

Coping with, and Taking Advantage of, HIPAA s New Rules!! Deven McGraw Director, Health Privacy Project April 19, 2013!

The Impact of Final Omnibus HIPAA/HITECH Rules. Presented by Eileen Coyne Clark Niki McCoy September 19, 2013

RISK ANALYSIS VERSUS RISK ASSESSMENT:

NOTIFICATION OF PRIVACY AND SECURITY BREACHES

HIPAA Privacy and Security Breaches 10 Things To Know

HIPAA Compliance Under the Magnifying Glass

Saturday, April 28 Medical Ethics: HIPAA Privacy and Security Rules

HIPAA Privacy, Breach, & Security Rules

HIPAA Privacy Overview

HIPAA PRIVACY AND SECURITY RULES APPLY TO YOU! ARE YOU COMPLYING? RHODE ISLAND INTERLOCAL TRUST LINN F. FREEDMAN, ESQ. JANUARY 29, 2015.

HIPAA / HITECH. Ed Massey Affiliated Marketing Group

Be Careful What You Wish For: The Final Rule Is Out

HIPAA Compliance Guide

It s as AWESOME as You Think It Is!

Regenstrief Center for Healthcare Engineering HIPAA Compliance Policy

HIPAA The Health Insurance Portability and Accountability Act of 1996

HIPAA Basic Training for Health & Welfare Plan Administrators

HIPAA AND ONLINE BACKUP WHAT YOU NEED TO KNOW ABOUT

HIPAA Compliance for Business Associates ISBA Health Law Symposium October 10, 2017

4/15/2016. What we strive for. Reality

HIPAA: Impact on Corporate Compliance

HIPAA Omnibus Rule. Critical Changes for Providers Presented by Susan A. Miller, JD. Hosted by

To Notify Or Not To Notify Is No Longer The Question Robin Campbell Chandra Westergaard

We re Under Cyberattack Now What?! John Mullen, Partner/Co-founder, Mullen Coughlin Jason Bucher, Senior Underwriting Manager, Schinnerer Cyber

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT

COMPLIANCE TRAINING 2015 C O M P L I A N C E P R O G R A M - F W A - H I P A A - C O D E O F C O N D U C T

MEMORANDUM. Health Care Information Privacy The HIPAA Regulations What Has Changed and What You Need to Know

HIPAA COMPLIANCE ROADMAP AND CHECKLIST FOR BUSINESS ASSOCIATES

HIPAA Training. HOPE Health Facility Administrators June 2013 Isaac Willett and Jason Schnabel

Data Breaches in ERISA Benefit Plans: Prevention and Response

HIPAA, Privacy, and Security Oh My!

Meaningful Use Requirement for HIPAA Security Risk Assessment

Auditing for HIPAA Compliance: Evaluating security and privacy compliance in an organization that provides health insurance benefits to employees

True or False? HIPAA Update: Avoiding Penalties. Preliminaries. Kim C. Stanger IHCA (7/15)

13th AMC Security & Privacy Conference June 12, 2017

Privacy Rule - Complaint Investigations

HIPAA Privacy and Security: Surviving Heightened Enforcement Crafting and Implementing Data Security Policies and Responding to Breaches

Compliance Fraud, Waste and Abuse HIPAA Privacy and Security

New HIPAA Breach Rules NAHU presents the WHAT and WHYs. Agenda

March 1. HIPAA Privacy Policy

HIPAA HEALTH INSURANCE PORTABILITY & ACCOUNTABILITY ACT

BREACH NOTIFICATION POLICY

HIPAA Privacy and Security Rules: Overview and Update HIPAA. Health Insurance Portability and Accountability Act ( HIPAA )

HIPAA: Final Omnibus Rule is Here Arizona Society for Healthcare Risk Managers November 15, 2013

HIPAA Security How secure and compliant are you from this 5 letter word?

JOTFORM HIPAA BUSINESS ASSOCIATE AGREEMENT

HIPAA BUSINESS ASSOCIATE AGREEMENT BUSINESS ASSOCIATES AND SUBCONTRACTORS

Examining The Unique POC Regulatory Landscape

Breach Reporting and Record Keeping under PHIPA

HIPAA 102a. Presented by Jack Kolk President ACR 2 Solutions, Inc.

OMNIBUS RULE ARRIVES

HIPAA UPDATE/ OCR ENFORCEMENT

Legal and Privacy Implications of the HIPAA Final Omnibus Rule

HITECH/HIPAA Omnibus Final Rule: Implications for Hospices. Elizabeth S. Warren May 3, 2013

HIPAA Privacy and Security Rules

HIPAA Data Breach ITPC

HIPAA Field Training 2015

UCLA Policy 420: Breaches of Computerized Personal Information

HITECH and HIPAA: Highlights for Health Departments. Aimee Wall UNC School of Government

Transcription:

Priciest HIPAA Incidents of 2015

Cornell Prescription Pharmacy - $125,000 Cornell Prescription Pharmacy, a Denver-based pharmacy specializing in compounded medications, was ordered to pay $125,000 due to improper disposal of paper medical records. Originally reported by a local news outlet three years ago, the OCR found that PHI-containing documents of 1,610 patients were left in an unsecured dumpster on Cornell s property. The pharmacy failed to safeguard PHI and implement necessary written policies and procedures per the Privacy Rule. In addition to the April 2015 settlement, Cornell was ordered to adopt a corrective action plan as well as provide training on HIPAA-related policies.

St. Elizabeth s Medical Center - $218,400 St. Elizabeth s Medical Center (SEMC), a 252-bed community hospital located in Brighton, Mass., agreed to a $218,400 settlement in July of this year. The settlement involved breaches occurring in 2012 and 2014. The initial breach occurred when a former employee s laptop and flash drive were stolen, containing data on an estimated 595 individuals. The second breach, reported by an SEMC employee, involved an Internetbased network application used for storing and sharing electronic documents. SEMC failed to fully evaluate the risks of such an application prior to use, comprising the ephi of 498 patients. SEMC must also implement a corrective action plan to ensure increased protection of electronic data.

Cancer Care Group, P.C. - $750,000 Cancer Care Group, P.C., a privately-owned radiation oncology group with more than 20 facilities in Central Indiana, was ordered to pay $750,000 in August 2015, due to failure to properly secure ephi. The breach occurred in 2012 when a laptop and backup media were stolen from an employee s vehicle. While the laptop did not have anything substantive, the unencrypted backup media contained extensive ephi of approximately 55,000 patients. Cancer Care Group must also develop a risk management plan and written policies addressing how ephi-containing hardware and electronic media should be securely transported.

Lahey Hospital and Medical Center - $850,000 Lahey Hospital and Medical Center, a nonprofit teaching hospital located in Burlington, Mass. associated with Tufts University, agreed to an $850,000 settlement in November 2015. The settlement stemmed from a 2011 breach of ephi, when an unencrypted laptop was stolen from a treatment room in the facility s radiology department. The laptop was being used to store CT images and findings, including those of approximately 599 patients. Besides the financial component, Lahey must conduct an organizationwide risk analysis and management plan to ensure future safeguarding of ephi.

Triple-S Management Corp. - $3.5 Million Triple-S Management Corporation (TSS), an insurance holding company and the largest medical insurance provider in San Juan, Puerto Rico, was ordered to pay $3.5 million due to multiple HIPAA breaches over the past five years. The third-largest settlement to date included multiple unauthorized disclosures related to health plan beneficiary mailings, specifically the company sent insurance ID cards to the wrong beneficiaries and included identification numbers on envelope labels. It also was accused of inappropriate database access by former employees, including the transfer of data to another employer s computer system. TSS also agreed to establish a comprehensive corrective action plan to mitigate the risk of further HIPAA breaches.

Anthem, Inc. Settlement Pending This breach, reported in March 2015, involved a coordinated cyberattack on the IT system of Anthem, which has several health insurance companies in its umbrella. The hackers, who have yet to be identified, accessed PHI of approximately 78 million current and former members and employees. Anthem claimed that no credit card or medical information was compromised. However, names, addresses, and social security numbers were among the non-medical identifying information that was disclosed. While a settlement is pending further investigation, Anthem has initiated several measures to close security gaps and extend additional consumer protection. Office for Civil Rights Breach Portal

Premara Blue Cross Settlement Pending Similar to the Anthem cyber-attack, Premara Blue Cross also reported a breach of their IT systems in March 2015. It s believed the sophisticated attack, affecting 11 million members, began in 2014, but Premara didn t become aware of the issue until January 2015. Despite Premara s use of data encryption, the cyber-attackers were still able to gain access to both clinical and non-medical information, including member identification numbers and claims details dating back to 2002. Premara has hired a cybersecurity firm to advise of gaps in their infrastructure and is also coordinating investigative efforts with the FBI. Office for Civil Rights Breach Portal

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback