The U.S. Department of Health and Human Services (HHS) increased civil monetary penalties for HIPAA administrative simplification violations on November 5 in accordance with the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015.
Aegis Medical Group, a physician practice in Mount Dora, Florida, recently notified 9,800 patients that their protected health information (PHI) may have been accessed by a former employee.
The Office of Civil Rights (OCR) recently imposed a $1.6 million civil penalty against the Texas Health and Human Services Commission (TX HHSC) for a data breach that enabled unauthorized individuals to view the protected health information (PHI) of 6,617 individuals.
In addition to physical and technical safeguards, the HIPAA Security Rule requires covered entities and business associates to implement administrative protections, including workforce training and management.
The University of Rochester Medical Center (URMC) recently paid a $3 million civil monetary penalty to the Office for Civil Rights for HIPAA violations that include failing to encrypt mobile devices. URMC is one of the largest health systems in New York with more than 26,000 employees.
OCR enforces the HIPAA Privacy, Security, and Breach Notification rules. Failing to properly manage and oversee remote access to and the protection of health information can be costly, as the following three cases demonstrate.
Working remotely has many benefits for employers and employees. A Stanford study found that working from home boosts employee productivity, which was attributed to taking fewer breaks and sick days and working in quieter, more convenient work environments.
Q: Can a cloud provider like Amazon Web Services or Microsoft Azure, when considered a business associate (BA), be held liable for breach notification requirements?
