The Office for Civil Rights (OCR) reached a settlement with Korunda Medical LLC, a Florida-based company, on December 11 for a potential violation of the HIPAA Privacy Rule’s right-of-access provision.
Behavioral health facilities and professionals experience some unique challenges when it comes to handling PHI and patient requests. The following article offers tips for handling those challenges and scenarios to consider.
Healthcare Administrative Partners, a medical billing company in Pennsylvania that provides billing, coding, and practice management services to hospital-affiliated physician practices, recently notified 17,693 patients of a data breach that may have exposed their protected health information.
When voluntary disclosure for overpayments is an option rather than an obligation, the provider may encounter diverse opinions among its decision-makers. Some may express a desire to bring the potential problem to the attention of the government and attempt to resolve the matter quickly without incurring criminal penalties, civil fines, or exclusions.
The U.S. Department of Health and Human Services (HHS) increased civil monetary penalties for HIPAA administrative simplification violations on November 5 in accordance with the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015.
Aegis Medical Group, a physician practice in Mount Dora, Florida, recently notified 9,800 patients that their protected health information (PHI) may have been accessed by a former employee.
The Office of Civil Rights (OCR) recently imposed a $1.6 million civil penalty against the Texas Health and Human Services Commission (TX HHSC) for a data breach that enabled unauthorized individuals to view the protected health information (PHI) of 6,617 individuals.
In addition to physical and technical safeguards, the HIPAA Security Rule requires covered entities and business associates to implement administrative protections, including workforce training and management.
The University of Rochester Medical Center (URMC) recently paid a $3 million civil monetary penalty to the Office for Civil Rights for HIPAA violations that include failing to encrypt mobile devices. URMC is one of the largest health systems in New York with more than 26,000 employees.
OCR enforces the HIPAA Privacy, Security, and Breach Notification rules. Failing to properly manage and oversee remote access to and the protection of health information can be costly, as the following three cases demonstrate.
