Health IT, HIPAA, and the CMS Incentive Programs Blog
For physicians, hospitals, government agencies, and business associatesEmployee security awareness training may have prevented Centura Health breach
On February 11, 2014, Centura Health, the nonprofit umbrella that owns Mercy Regional Medical Center in Durango, Colorado, experienced a phishing attack on employees that resulted in a breach of privacy that left the personal information of about 1,000 patients...
Medicare payments to FQHCs may increase by $1.3 billion
On April 29, 2014, The Centers for Medicare and Medicaid Services (CMS) published a final rule that proposes a new reimbursement system that increases payments to Federally Qualified Health Centers (FQHC’s) by as much as $1.3 billion over the next 5 years. Medicare...
PHI breach affects 5,261 former Molina Healthcare members
On May 2nd, Molina Healthcare alerted 5,261 former members of Molina Healthcare of New Mexico of a data breach that took place around March 18, 2014. A postcard mailing about the Health Insurance Marketplace was sent to these former members that contained their...
HHS provides details on Phase 2 of random HIPAA audit program
On March 31, the HHS Office for Civil Rights (OCR) finally provided details on what the next phase of its HIPAA audit program will look like. These are outlined in detail in their presentation (slides here) and also in this article written by Adam Greene and Rebecca...
Medical identity theft is on the rise in the U.S.
A recent survey by The Identity Theft Resource Center (ITRC) reported that medical identity theft accounted for 43.8 percent of all identity thefts reported in the US last year. The medical/healthcare segment accounted for the largest number of breaches, with other...
Meaningful Use: Audit, Assessment or Analysis?
Conducting a meaningful use security risk assessment has been a requirement for HIPAA Covered entities since 2005, and now their business associates must also comply. The Meaningful Use program (Stage 1) also includes the requirement: "Conduct or review a security...
NY Presbyterian, Columbia University Settlement highlights importance of PHI application inventory
The recent situation at NY Presbyterian Hospital/Columbia University Medical Center that resulted in the largest-to-date HIPAA settlement of $4.8 Million, highlighted that security leadership wasn’t aware of all of the applications running on their system. Reading...
N.Y. Presbyterian, Columbia Resolution Clarify HHS Expectations for IT Asset Inventory in Largest HIPAA Settlement
The largest HIPAA settlement ever, in the amount of $4.8 Million, by two affiliated organizations, NY Presbyterian and Columbia University, sheds light on HHS expectations for HIPAA compliance, at least for a large academic medical center with 24,000 employees. The...
