$650,000 HIPAA breach. Know how to protect your practice
Scott works for Catholic Health Care Services of the Archdiocese of Philadelphia, which had agreed to settle alleged HIPAA violations with the Department of Health and Human Services’ Office for Civil Rights and has agreed to implement a Corrective Action Plan.
His company will also pay a financial penalty of $650,000.
Catholic Health Care Services is the sole corporate parent of six nursing facilities. They also provide management services to the nursing facilities. In its capacity as a HIPAA business associate, CHCS is required to comply with HIPAA Rules.
In 2014, each of the six nursing facilities submitted a breach notice to the Office for Civil Rights regarding a breach of ePHI.
Once an investigation was launched, the Office for Civil Rights discovered breaches that had revealed failures to comply with HIPAA administrative safeguards. Covered entities and their business associates are required to perform a comprehensive organization-wide risk analysis.
The Office for Civil Rights investigators determined that Catholic Health Care Services had failed to perform a comprehensive risk analysis since 2013. CHCS also failed to implement appropriate security measures to address risks to ePHI.
What could have been done to prevent this error?
Taking better measures to protect and safeguard administration is key. It’s imperative to always follow HIPAA rules and make sure you have a risk management plan.
Making sure you’re engaged in comprehensive risk analysis and risk management to ensure that individuals’ electronic protected health information is secure.
A risk management plan needs to include not only technical but also physical and administrative measures.
What are the best practices in doing so? How should we get started in making sure we are HIPAA compliant?
Every Covered Entity and Business Associate that has access to PHI must ensure the technical, physical and administrative safeguards are in place and adhered to, that they comply with the HIPAA Privacy Rule in order to protect the integrity of PHI, and that – should a breach of PHI occur – they follow the procedure in the HIPAA Breach Notification Rule.
Neolytix is your answer in making sure your practice is HIPAA compliant. We can help in assessing your current practice policies, identify gaps and put safeguards in place to help you achieve HIPAA Compliance. We can also help conduct HIPAA Assessments and Audits for your practice.
Make sure your practice meets HIPAA compliance standards.
Give Neolytix a call or email to understand how to fully protect your medical practice today!