Chat with us, powered by LiveChat

HIPAA One Releases Privacy Risk Analysis

After releasing the HIPAA One Security Risk Analysis, we received exceptional feedback on the product and how much our clients appreciated the simplicity and automation provided by the product. We have been committed to expanding our solutions and add products to be “all things HIPAA”. With the launch of the Privacy Risk Analysis, we now offer a full suite of products to address all citations and requirements related to HIPAA Security, Privacy and HITRUST.

Having implemented and performed the HIPAA One Security Risk Analysis at over 2000 locations, we know the importance of having a cloud-based process that is easy to understand and allows collaboration among different departments.   Furthermore, our Privacy Analysis, like our Security Risk Analysis, is offered in three different levels of engagement to meet the needs of not only the large practices, but also the small health and dental practices.

With the rise in hacking and breaches, our goal is to provide timely solutions to clients to ensure the patient information they keep is safe and secure. Furthermore, the OCR is accelerating the frequency and number of audits, with HIPAA One solutions, you are guaranteed to pass.


UPDATE: Risks beyond ARRA, HITECH and HIPAA: PHI = $1,000 per individual = $4.9 Billion charge to TriCare

This is an example of a “hole” allowing unencrypted backup tapes to leave the facility and led to one of the largest ePHI breaches in history.

Had they a solid HIPAA Risk Analysis covering encryption and ePHI disclosure policies, this breach would not had been a breach.  Or shown due diligence to help convince the judge of their intent on protecting those ePHI records.

Tricare in Texas has a class action lawsuit filed last week initiated by a solder on the list for a total of $4.9 Billion!!  They claim the average cost of fraud per person (i.e. breached file) is $1,000 per person.  1,000 times $4.9 Million breached records is $4.9 Billon.

Click here to view media press.

The backup tapes would require specific hardware and software to be used however, “security by obscurity” apparently doesn’t hold up in society.

Stanford University Hospital breach – UPDATE – From $250K file to $2.1M

Earlier in September, 2011, Stanford University Hospital was fined $250K under HIPAA by the State of California.  As Stanford U.H. filed an appeal, they were served papers with a $20M lawsuit.    That is 20,000 (ePHI records) times $1,000 per record equals $20,000,000.

Per the article, “The lawsuit, seeking a $1,000 award for each affected patient, alleges violation of state law that requires providers to safeguard patient information and prohibits disclosure without written consent, the Mercury News reports.”

Indiana University Health Data Breach Affects 3,000+

Ok my blog isn’t dedicated solely to reporting breaches but another breach hit the news. Here is a statement from Indiana University:

HIPAA Risk Analysis requires any PCs that move around (i.e. laptop) be encrypted. This is item #1 on risks using laptops with ePHI on them. Bitlocker anyone?

A related article on the Health Data Management site said, “Password Protected but unencrypted laptop”. This means a File-system based, Windows or Linux local password is locking the PC. This can be circumvented within minutes – no matter how strong the password is.

How could Indiana University Health have mitigated their risk on this one? As part of a risk-management process, encrypting portable computers with ePHI on them and EDUCATION for its Doctors on this subject through AUP could help. It is time to start taking security seriously to avoid serious consequences!