Author Archives: Gary Pritts

Small Physician Practice Settles HIPAA Complaint for $100,000

By Gary Pritts | Published: April 19, 2012
Phoenix Cardiac Surgery, PC, a small physician practice, settled a HIPAA privacy and security complaint for $100,000 and agreed to a Corrective Action Plan.  The settlement agreement (in which the practice does not admit liability) is the culmination of an investigation that found minimal compliance with HIPAA Privacy and Security. This 5 physician practice, with [...]
Posted in HIPAA, HIPAA Enforcement, HIPAA Penalties, HIPAA Privacy, HIPAA Security, Unassigned | Tagged , , , , | Leave a comment

Risk Analysis – Probability of Smartphone loss/theft

By Gary Pritts | Published: April 11, 2012
In this latest installment about risk analysis we continue the difficult quest to quantify risk of data breach. Hospitals and physician practices are conducting computer security risk analyses for HIPAA compliance and for meaningful use (per HIPAA Security 45 CFR 164.308(a)(1)) and must assess the threats and likelihood of occurrence. Today the Wall Street Journal [...]
Posted in Electronic Health Records, HIPAA, HIPAA Security, Meaningful use | Tagged , , | Leave a comment

Risk Analysis – Quantifying Risk and Impact – Part 2

By Gary Pritts | Published: March 31, 2012
Hospitals and physician practices conducting computer security risk analyses for HIPAA compliance and for meaningful use (per HIPAA Security 45 CFR 164.308(a)(1)) must assess the threats and likelihood of occurrence. Because most breaches are never reported, accurate information on likelihood of occurrence is difficult to come by. Another study was recently published, by identity and [...]
Posted in Electronic Health Records, HIPAA, HIPAA Security, Meaningful use | Tagged , , | Leave a comment

A Tale of Two Presidents – Lessons for ACOs

By Gary Pritts | Published: March 27, 2012
OK, Dick Cheney wasn’t president but was a heartbeat away. Both Dick Cheney and another former leader, Bill Clinton, have been in the news recently as a result of their heart conditions. Their previous histories of heart treatments have been widely reported in the media. What lessons do these contrasting stories have for ACOs?   [...]
Posted in Accountable Care Organizations | Tagged , , , | 1 Comment

Risk Assessment: Quantifying Risk and Impact

By Gary Pritts | Published: March 8, 2012
HIPAA Covered entities, including hospitals and physicians who are implementing electronic records with hopes of attaining Meaningful Use and qualifying for federal incentives, are performing a computer security risk analysis, or risk assessment. Conducting regular risk assessments has been a requirement of HIPAA since 2005. However, many organizations have been weak in their compliance. Organizations [...]
Posted in Electronic Health Records, HIPAA, HIPAA Security, Meaningful use | Tagged , , | Leave a comment

Risk Assessment: Forget the PHI, they want your money

By Gary Pritts | Published: March 2, 2012
The computer security risk assessment mandated by HIPAA in 45 CFR 164.308(a)(1), and also the Meaningful Use regulations, is focused on protecting the availability, integrity, and confidentiality of Protected Health Information (PHI). There is another risk – theft of your money using your online banking credentials.
Posted in County board, Developmental Disability, HIPAA, HIPAA Security | Tagged , , | Leave a comment

Securing your Home Wi-Fi Network

By Gary Pritts | Published: February 29, 2012
Virtually everyone has a home wi-fi network. It provides convenient access for laptops, smartphones, tablets and gaming devices. How do you protect yourself? Administration Account.  The first step is to secure the administration account for your wireless router or wireless access point. Change the factory admin account name, and use a strong password (at least [...]
Posted in County board, Developmental Disability, HIPAA, HIPAA Security | Tagged , , | Leave a comment

45 CFR 164.308(a)(1), 45 CFR 164.312(a)(2)(iv) and 45 CFR 164.306(d)(3) Explained

By Gary Pritts | Published: February 24, 2012
The Meaningful Use rules, part of the HITECH Act, specify the requirements for physicians and hospitals to receive their portion of $32 Billion in federal health information technology incentives. Those rules include many legal citations that are unfamiliar to many. These citations are explained in this post.
Posted in Electronic Health Records, HIPAA, HIPAA Security, Meaningful use | Leave a comment

Wake-up Call for Business Associates – Comply with HIPAA Now

By Gary Pritts | Published: February 23, 2012
Last month Minnesota Attorney General Lori Swanson filed suit against Accretive Health, Inc., a company which provides revenue cycle management services for two Minnesota Health Systems – Fairview Health Services and North Memorial Health Care. According to the complaint, a computer laptop with sensitive information on 23,500 patients was stolen from a rental car. Eight [...]
Posted in Electronic Health Records, HIPAA, HIPAA Enforcement, HIPAA Security, Revenue Cycle Management, Unassigned | Tagged , , | Leave a comment

First OCR HIPAA Audits Underway

By Gary Pritts | Published: February 17, 2012
Adam Greene, JD, MPH, a former regulator in HHS, recently shared details about the random audit program begun by the HHS Office of Civil Rights (OCR). The audit targets are selected using stratified random samples based on a database of covered entities created by OCR by consulting firm Booz Allen Hamilton. Four categories of organizations [...]
Posted in County board, Developmental Disability, HIPAA, HIPAA Enforcement, HIPAA Privacy, HIPAA Security | Tagged , | Leave a comment