News & Events
Leading Causes of Investigation by the HHS Office for Civil Rights are Inappropriate Use and Disclosure of Protected Health Information and Absence of Safeguards for PHI
Fort Lauderdale, Fla., Sept. 19, 2016 (PRNewswire) – As the healthcare industry continues to struggle with HIPAA compliance, the settlement of ten cases of potential violations in the first eight months of 2016 has cost covered entities and business associates $20.3 million.
According to the Office for Civil Rights (OCR), compliance enforcement arm of Health and Human Services (HHS), of the five categories of covered entities governed by HIPAA, those most often required to take corrective action to achieve compliance are private practices. Unlike pharmacies and health plans, for example, many private practices continue to postpone all but the most basic compliance activities.
In its August update, the OCR announced that its regional offices are now engaged in investigating data breaches affecting fewer than 500 records, which puts the spotlight on smaller private practices.
The two leading causes for OCR investigation are the inappropriate use and disclosure of protected health information (PHI) and the absence of safeguards for PHI. To address these and other compliance concerns, the OCR continues to strengthen its enforcement program. Current investigations are focused on confirming the following compliance activities:
- Completion of recent, thorough Security Risk Assessment, with remediation of findings completed or in progress.
- Implementation of breach notification policy that meets HITECH requirements.
- Implementation of Notice of Privacy Practices in compliance with HIPAA Privacy Rule.
- Implementation of documented policies and procedures to secure PHI (including ePHI) and to meet administrative, physical, and technical safeguard guidelines.
- Documentation of backup systems, disaster recovery plans, and other activity monitoring plans.
- Delivery and documentation of appropriate training.
“Private practices who continue to lag behind in meeting compliance requirements are gambling with the protected health information entrusted to their care,” said Jaime Rodriquez, HIPAA security officer and director of technical services for JDL Technologies. “They are doing so at increasingly serious risk, not only to their practices, reputations and balance sheets but, more importantly, to their patients.”
About JDL HealthTech
JDL HealthTech delivers services that enable healthcare providers to better manage their practices, achieve and maintain HIPAA compliance, avoid violations and data breaches, keep their systems up to date and running smoothly, and take advantage of new and emerging technologies. JDL is a credentialed Trustmark Managed Service Provider and one of the 2016 Elite 150 Managed Service Providers in North America, 2016 Solution Provider 500, and 2015 Fast Growth 150 as ranked by The Channel Company. JDL HealthTech is a division of JDL Technologies, a Communications Systems, Inc. company (NASDAQ: JCS).