This post, Giving a Speech? Be Careful About Privacy Violations, first appeared on http://www.govinfosecurity.com/. Marianne Kolbasuk McGee (HealthInfoSec) • June 2, 2017 A recent speech by a health insurance company executive is stirring up debate about whether a patient’s privacy can be violated even if the patient’s name is never revealed. An executive from health insurer WellMark Blue Cross and Blue Shield of Iowa, in a speech at a local Rotary Club meeting, tried to illustrate […]

This post, Two HIPAA Mistakes Lead to Fines from OCR, first appeared on http://www.natlawreview.com/. Monday, May 1, 2017 It was a busy April for the Office for Civil Rights (“OCR”) (see our prior post on a settlement from earlier in April). On April 20, OCR announced a Resolution Agreement with Center for Children’s Digestive Health, S.C. (“CCDH”) related to CCHD’s failure to enter into a business associate agreement with a paper medical records storage vendor.  The cost of that missing agreement? $31,000.  Then, on April […]

This post, Between RCRA and a Hard Place: Operating Under Conflicting Regulations, first appeared on http://ehsdailyadvisor.blr.com. HazMat Transportation Clare Condon Monday – April 24, 2017 Do federal hazardous materials transportation regulations outweigh how a state interprets and enforces hazardous waste regulations? In times when the federal government bends toward extreme leniency or extreme enforcement, cases such as one currently playing out in Oregon could have ramifications for environment, health, and safety managers (EHS) nationwide. What are […]

This post, How healthcare organizations should prepare for a HIPAA audit, first appeared on www.healthdatamanagement.com. The time to prepare for a HIPAA audit is before the notification letter of a forthcoming audit hits a provider organization’s mailbox. Absent preparation, an entity facing an audit will have to scramble to develop policies and procedures for protecting health information, and performing that through a rush job will look exactly like a rush job to regulators, who are […]

This post, Lack of BAA at Center of New HIPAA Settlement, first appeared on http://www.govinfosecurity.com. Marianne Kolbasuk McGee (HealthInfoSec) • April 24, 2017 Federal regulators have signed a $31,000 HIPAA settlement with a small Illinois-based pediatric specialty practice, citing the lack of a business associate agreement with a vendor hired to store paper records containing patients’ protected health information. Although the April 21 settlement with the Center for Children’s Digestive Health centers on paper-based PHI, […]

This post, Healthcare leaders crown employee cybersecurity awareness as primary threat concern, first appeared on http://www.healthcaredive.com. Author: Meg Bryant Published: April 20, 2017 Dive Brief: Nearly 80% of healthcare leaders say employee awareness is their greatest security threat concern, despite 85% maintaining they have existing employee security awareness programs, according to a new survey. The survey of 125 health IT executives — conducted by HIMSS Analytics for Level 3 Communications — found that one third […]