In the wake of several large breaches, OCR is ready to ramp up its oversight of HIPAA compliance as it embarks upon Phase 2 of its HIPAA privacy, security, and breach notification audits. OCR began preparing for this round of audits around the same time that news broke of the second-largest HIPAA breach in the U.S., a hacking incident that affected 4.5 million patients treated at or referred to Tennessee-based Community Health Systems, Inc.
To fully understand where your organization's risks lie, you not only need to have a firm grasp on risk analysis and assessment processes, you need to define these processes as well.
As the use of electronic health records (EHR) surges and organizations work toward meaningful use attestation, more in-depth monitoring of electronic patient records is becoming increasingly necessary.
If the 2-midnight rule keeps you up at night, it might help to add some PEPPER to your processes. CMS recently updated PEPPER, otherwise known as the Program for Evaluating Payment Patterns Electronic Report, to provide hospitals with insight into how well they're doing with 2-midnight rule compliance.
You hear it over and over again. Covered Entity (CE) A failed to produce an ongoing risk assessment for HIPAA security compliance. CE B had an incomplete risk analysis, leading to a failure to recognize security weaknesses and vulnerabilities. And in come the fines.
Hospitals can make better use of their electronic health record (EHR) system’s audit functions not only to guard patient privacy but also to help prevent healthcare fraud, according to a new HHS Office of Inspector General (OIG) report.
UK HealthCare's Chief Compliance Officer R. Brett Short knew he was in for a rough day as soon as he saw the email from his organization's privacy officer.
Although it hasn't released many details yet, OCR plans to resume its audits to assess compliance with HIPAA privacy, security, and breach notification requirements in 2014. The government agency also plans to expand the audit focus to include business associates (BA).
Every healthcare organization should develop and implement a policy and a well-defined process that provides guidance for managing incident and breach response.
