Home » Uncategorized

Hipaa Resolution Agreement

10 December 2020 No Comment

HHS then examined The Athens Orthopaedics and alleged the following offences against hipaa, including: (i) failure to conduct a thorough and accurate assessment of the risks and potential vulnerabilities associated with the confidentiality, integrity and availability of its ePHI; (ii) the failure to implement sufficient hardware, software and procedures to record and analyze activities in information systems containing or using ePHI; (iii) non-conclusion of matching contracts with three counterparties; and (iv) not equipping all of its staff with HIPAA training and keeping copies of their HIPAA policies and procedures. If anyone doubts about the application of HIPAA, the Office for Civil Rights (OCR), which oversees HIPAA compliance, has made it clear over the past two weeks that they are serious. In its recent announcements of resolution and monetary settlement agreements, OCR has provided examples among eight companies and counterparties of all kinds and sizes. The OCR stated that the metropolitan provider Community Health Services (Metro) had not conducted a safety risk analysis, had not implemented the policies and procedures of the HIPAA safety rule, and had not provided its staff with hipaa safety awareness training until 2016. The OCR investigation into Metro began when Metro filed an injury report at HIPAA on June 9, 2011, after the PHI of 1,263 patients was inadmissiblely disclosed. Metro is a small Federally qualified health center that offers discounted medical services to the less well-served in North Carolina. According to HHS, the metro mission and the source of funding were taken into account in the implementation of the resolution agreement. The HhS Office for Civil Rights (OCR) announced a $6.85 million resolution agreement with a health insurer to address possible violations of HIPAA data protection and security rules that have led to a violation of protected health information (PHI), which affects more than 10 million people. The underlying violation was attributed to cyber-attackers who used a phishing mail campaign to install malware that gave them access to the insurer`s computer system. The attack, which was not detected for nearly nine months, endangered people`s names and contact information, dates of birth, social security numbers, bank account information, clinical information and other PIs. The OCR investigation showed that HIPAA rules were not systematically followed, including failures in conducting an enterprise-wide risk analysis, the implementation of sufficient security measures for risk management, and the implementation of audit controls for the collection and analysis of information system activities.

AOC entered into a resolution agreement and a corrective action plan and agreed to pay $1.5 million in penalties. The corrective action plan requires it to review its counterparty agreements if necessary, conduct a risk analysis, develop a risk management plan, review its privacy, security and damage reporting policies, and train staff in these policies.

Print Friendly
Kathy Becker (381 Posts)

Kathy is the CEO/President of the Company of Experts, Inc. and oversees this Small Woman Owned Business serving schools, colleges and universities, businesses, corporations and non-profits moving them from deficit models of planning and thinking to engagement, empowerment and collaboration.

Comments are closed.

Get Agent https://cbdoilkaufen.com/