The HIPAA Security Rule preamble reinforces training "criticality" and restates the standard, "We require training of the workforce as reasonable and appropriate to carry out their functions in the facility." Security training is essential.
Not all good solutions work in healthcare. Take Code42's CrashPlan Pro®. CrashPlan Pro gets high marks when it comes to supporting software as a service (SaaS)?based secure continuous backup. On the other hand, Code42 is currently unwilling to update its business associate agreement (BAA) to address conflicts with HIPAA requirements.
Despite gains in compliance and security potentially linked to industry emphasis on the HIPAA Omnibus Rule, some dangerous gaps remain regarding corporate email and file transfer habits.
You hear it over and over again. Covered Entity (CE) A failed to produce an ongoing risk assessment for HIPAA security compliance. CE B had an incomplete risk analysis, leading to a failure to recognize security weaknesses and vulnerabilities. And in come the fines.
Sending out a mass mailing of a pamphlet that contained Medicare beneficiary numbers resulted in a civil monetary penalty of $6,768,000 for Triple-S Salud, Inc. (TSS), a Puerto Rican health insurance subsidiary.
