ClevX™, an intellectual property (IP) development and licensing company in Kirkland, WA, manufactures a secure USB flash drive called LokIt Secure Flash Drive®. It significantly limits risks related to loss or theft.
The company, based in Prince George's County, MD, got hit in February with OCR's first civil money penalty for violations of the HIPAA Privacy Rule-a $4.3 million tab that included $3 million for failing to cooperate with the agency's investigation. OCR determined Cignet acted with "willful neglect" and did not take action to correct the violations, which allowed the agency to impose the highest level of fines based on its tiered penalty structure.
HHS' OCR in February began using the new fine structure mandated by HITECH and handed one of the country's most prestigious hospitals, Massachusetts General Hospital (MGH) in Boston, a $1 million penalty for a breach violation.
Organizations need to determine whether they have fully implemented the Security Rule. The HIPAA Security Rule has been around for a while, but many organizations have not implemented all of its requirements.
Here's one trend industry observers say healthcare organizations can expect to see now and in the future: heightened patient awareness and concern about the security of their private medical data.
Q. I work in patient financial services at a hospital. Like me, several of my coworkers have aging parents. Sometimes at lunch, we discuss the medical problems of our parents, who are not patients at our hospital. My supervisor says these discussions of family members' medical problems violate HIPAA. Is this true?
A group of prognosticators asked to predict what lies ahead in 2011 says the healthcare industry faces new and continuing challenges as it works to protect the security and privacy of patients' PHI.
With newfound authority, some state attorneys general (AG) are beginning to take aim at covered entities (CE) that run afoul of HIPAA's Privacy and Security Rules.
