Chat with us, powered by LiveChat

HIPAA One Releases Privacy Risk Analysis

After releasing the HIPAA One Security Risk Analysis, we received exceptional feedback on the product and how much our clients appreciated the simplicity and automation provided by the product. We have been committed to expanding our solutions and add products to be “all things HIPAA”. With the launch of the Privacy Risk Analysis, we now offer a full suite of products to address all citations and requirements related to HIPAA Security, Privacy and HITRUST.

Having implemented and performed the HIPAA One Security Risk Analysis at over 2000 locations, we know the importance of having a cloud-based process that is easy to understand and allows collaboration among different departments.   Furthermore, our Privacy Analysis, like our Security Risk Analysis, is offered in three different levels of engagement to meet the needs of not only the large practices, but also the small health and dental practices.

With the rise in hacking and breaches, our goal is to provide timely solutions to clients to ensure the patient information they keep is safe and secure. Furthermore, the OCR is accelerating the frequency and number of audits, with HIPAA One solutions, you are guaranteed to pass.


Privacy breaches In VA Health Records Wound Veterans

With HIPAA being enforced more stringently recently there have been a number of cases where health providers are facing HIPAA related fines or lawsuits. The most recent is none other than the U.S. Department of Veteran Affairs.

While some previous cases seemed unintentional or simple mistakes, according to a Pittsburgh Tribune-Review investigation there were widespread violations at the VA. The investigation stems from a former VA employee who claims the privacy of her medical records was abused.

The subsequent investigation found there were an astounding 14,215 violations that affected 101,018 veterans and 551 VA employees at 167 facilities since 2010. These violations included using patient information for fraudulent purposes, snooping through patient records and even sharing records publicly on social media as well as privately without patient consent. This sharing of records was both intentional and unintentional but nonetheless violates HIPAA provisions. There were even previously stolen computers and lack of encryption that led to problems concerning patient record privacy.

The list of violations and problems within the VA seem to be systemic. The investigation made a number of recommendations to fix the root causes of these problems but it remains to be seen how effective the VA’s efforts to do so will be in the future.

Without a doubt protecting the privacy of medical records should be paramount for any medical provider, even more so for the Veterans who’ve helped this country. A thorough HIPAA risk analysis and HIPAA compliance software solution can go a long way in preventing these types of systemic issues within the VA and helping other medical providers be HIPAA compliant.

UPDATE: Risks beyond ARRA, HITECH and HIPAA: PHI = $1,000 per individual = $4.9 Billion charge to TriCare

This is an example of a “hole” allowing unencrypted backup tapes to leave the facility and led to one of the largest ePHI breaches in history.

Had they a solid HIPAA Risk Analysis covering encryption and ePHI disclosure policies, this breach would not had been a breach.  Or shown due diligence to help convince the judge of their intent on protecting those ePHI records.

Tricare in Texas has a class action lawsuit filed last week initiated by a solder on the list for a total of $4.9 Billion!!  They claim the average cost of fraud per person (i.e. breached file) is $1,000 per person.  1,000 times $4.9 Million breached records is $4.9 Billon.

Click here to view media press.

The backup tapes would require specific hardware and software to be used however, “security by obscurity” apparently doesn’t hold up in society.

Indiana University Health Data Breach Affects 3,000+

Ok my blog isn’t dedicated solely to reporting breaches but another breach hit the news. Here is a statement from Indiana University:

HIPAA Risk Analysis requires any PCs that move around (i.e. laptop) be encrypted. This is item #1 on risks using laptops with ePHI on them. Bitlocker anyone?

A related article on the Health Data Management site said, “Password Protected but unencrypted laptop”. This means a File-system based, Windows or Linux local password is locking the PC. This can be circumvented within minutes – no matter how strong the password is.

How could Indiana University Health have mitigated their risk on this one? As part of a risk-management process, encrypting portable computers with ePHI on them and EDUCATION for its Doctors on this subject through AUP could help. It is time to start taking security seriously to avoid serious consequences!