OCR in 2013, through the Health Information Technology for Economic and Clinical Health (HITECH) Ac,t issued a final rule identifying provisions of the HIPAA rules that apply directly to business associates (BA) and those provisions for which BAs are directly liable.
HIPAA security officers arguably have more on their plates now than ever before as the cloud and mobile era are fully upon us and potential cybercriminal access to PHI increases,
According to the 2019 edition of IBM Security and Ponemon Institute’s annual Cost of a Data Breach Report, data breaches cost the healthcare sector an average of 65% more per record than they cost any other industry.
Q: We still use a color-coded filing system at my organization that uses specific colors to identify patient types, like whether an individual is a Medicaid/CHIP patient. These files are mostly used for billing documentation. Because the colors identify patient type, would this be considered a HIPAA violation?
A recent HIPAA breach that involved transmission of PHI to only one party—a reporter—nonetheless cost a Connecticut practice $125,000, in part because the practice didn’t take simple precautions.
