Risk is defined as the possibility that an event will occur that will adversely affect the achievement of objectives. Numerous internal and external risks can negatively affect the business intentions of management and the board. The healthcare industry is complex, and risk is everywhere.
Bruce L. Boros, MD, PA, DBA Advanced Urgent Care, a healthcare provider in Key West, Florida, on November 6 reported a security breach that affected 58,823 individuals, according the Office for Civil Rights (OCR) breach report.
Q: If we end a contract with a business associate (BA), does the BA need to provide us with assurance that all protected health information (PHI) has been destroyed? Is this something that should be written into the initial contract? What are the steps to take if the BA does not respond to requests to confirm deletion of PHI?
Timberline Billing Service LLC, a third party that provides Medicaid reimbursement billing services to 190 school districts in Iowa, reported a security incident October 30 that affected 116,131 individuals, according to the Office for Civil Rights (OCR) breach report.
As we cope with the COVID-19 pandemic, it is important to take a few extra measures to protect your organization, your patients, and your clients—as well as your data.
Q: What are the essential steps when conducting a risk analysis? Are there any sample tools out there to provide guidance on best practices for risk analyses? How often should organizations be conducting these tests?
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and HHS released a joint advisory on October 28 to warn healthcare organizations of potential cyberattacks.
The complexity and competitiveness of today’s business environment require that organizations have early warning systems to identify times when they face certain risks. Compliance officers should be active participants in the organization’s risk assessment process.
Aetna Life Insurance Company and its affiliated covered entity agreed to pay $1 million to the Office for Civil Rights (OCR) and to adopt a corrective action plan to settle three potential HIPAA violations that occurred in 2017.
