Las Vegas hospitals must follow regular HIPAA privacy rule

Las Vegas hospita.jpg

After natural disasters, HHS sometimes waives certain HIPAA privacy rule requirements. That’s not usually the case after man-made disasters, such as Sunday night’s massacre in Las Vegas, where more than 50 were killed and hundreds were wounded after a gunman opened fire at a music festival.

Because the HIPAA privacy rule already allows information disclosure in certain cases, such as when public safety is threatened, and because there has been no declaration of a public health emergency, HIPAA waivers have not been necessary in this case.

Local hospitals will have to be careful, especially with so many requests for information from families, friends, and the media, said Mark Swearingen, a Hall Render attorney focused on health information privacy and security.

“Hospitals are going to have to be very careful about vetting and authenticating the individuals who might be calling in to make sure that they’re the type of person they can be sharing information with,” he said.

After Hurricane Harvey struck Texas in August, HHS Secretary Dr. Tom Price waived certain HIPAA penalties, which can range from $100 to $50,000 per violation. Providers would not be penalized for failing to giving out notices of privacy practices, for instance, nor would they be hit for not granting a patient the right to request privacy restrictions.

Meanwhile, other provisions of the HIPAA privacy rule were still in effect, including those that allow providers to disclose protected health information to patients’ families or others involved in their care. Other provisions allow providers to give out protected health information—including to law enforcement—if doing so would lessen a threat to those patients or to the public.

Given those rules, “when you have a shooting, the department has taken the position that a waiver isn’t necessary,” said Marcy Wilder, a privacy and cybersecurity lawyer with Hogan and Lovells, noting that no penalties were waived after the 2016 mass shooting that killed 49 people and injured 58 at Orlando’s Pulse nightclub. “The department wants to be careful here, because if you issue a waiver, that becomes a suggestion that without a waiver, these types of disclosures aren’t permitted,” she added.

Swearingen warns that Las Vegas hospitals therefore need to be cautious. “The hospital, I would hope, in this circumstance is going to be fairly guarded.”

Read More: http://snip.ly/8u7xj#http://www.modernhealthcare.com/article/20171002/NEWS/171009996/las-vegas-hospitals-must-follow-regular-hipaa-privacy-rule

 

What should Entities do to avoid HIPAA fines and penalties?

What should Entities do to avoid HIPAA fines and penalties.jpg

A look at the nature and numbers of HIPAA breaches over just the couple of years makes stark reading: On the one hand, in terms of numbers; 2016, with about 16 million records breached was a pretty good year compared to the previous year, in which about seven times that number, more than 113 million, were breached. But the bad news is that 2016 saw more Covered Entities reporting breaches than in any other year since the Office of Civil Rights (OCR) started publishing its data on healthcare record breaches.

These huge numbers show that not only is there a big demand for these records in the black market -they are in greater demand than even social security and credit cards -Covered Entities and Business Associates need to all that it takes to avoid HIPAA fines and penalties.

What should Entities do to avoid HIPAA fines and penalties4

The federal government has not been lax on this aspect. It is being extremely vigilant about protecting healthcare records. It has been consistently urging the HHS to take a serious view of the increased incidence of cyberattacks that has resulted in medical records theft and has suggested many measures towards ensuring this. The fact that there has been a steady increase in the global spending on cybersecurity-related hardware, software, and services and could reach $100 billion in 2020, according to estimates by the International Data Corporation (IDC), suggests the seriousness with which this issue is being viewed not just in the US, but all over the world.

One of the primary requirements that Business Associates need to comply with is adherence to HIPAA mandates regarding the handling and use of health information. This is spelt out in the HITECH Act, a recent update made to overall HIPAA regulations. It is mandatory for a Business Associate to comply with a wide range of regulatory obligations, which include certain privacy obligations, security standards, and breach notification requirements.

What should Entities do to avoid HIPAA fines and penalties2

However, there is a lot of confusion and misunderstanding among Business Associates about their roles and requirements. They must be completely knowledgeable about all the aspects of their roles, functions and requirements before they enter into agreements of contracts with subcontractors and vendors for their services

Learning about ways of avoiding HIPAA fines and penalties

Jay Hodes, who is President and Founder, Colington Security Consulting, LLC, will be providing thorough understanding of the roles and requirements of a Business Associate and Covered Entities in HIPAA enforcement at a webinar that is being organized by MentorHealth, a leading provider of professional trainings for the healthcare industry. Please visit What should Entities do to avoid HIPAA fines and penalties? to get complete clarity of the ways of avoiding HIPAA fines and penalties.

Clarity on how to avoid HIPAA fines and penalties

What should Entities do to avoid HIPAA fines and penalties1

The aim of this learning session is to help businesses understand what it means to be a Business Associate and know what required safeguards, policies and procedures must be in place or make sure that their current compliance program is adequate and can withstand government scrutiny.

Jay will highlight the importance of being compliant with the HIPAA requirements for an organization if it has to avoid HIPAA fines and penalties. The ways by which a Business Associate or Covered Entity can provide the appropriate patient rights and controls on its uses and disclosures of Protected Health Information (PHI) and what all it has to have in place for doing so, will all be explained.

He will cover the following areas at this session:

  • Why was HIPAA created?
  • Who Must Comply with HIPAA Requirements?
  • What are the HIPAA Security and Privacy Rules?
  • What are the Consequences of being a Business Associate
  • What is a HIPAA Compliance Program for a Business Associate?
  • What is a HIPAA Risk Management Plan?
  • What is a HIPAA Risk Assessment?
  • What is the Role of the HIPAA Security Official?
  • What are HIPAA training requirements?
  • What is a HIPAA data breach and what happens if it occurs?
  • What are the penalties and fines for non-compliance and how to avoid them
  • Case Examples of HIPAA Data Breaches
  • Creating a Culture of Compliance
  • Q&A.

 

 

Hurricane Harvey HIPAA Reminder

Disasters, which can ultimately lead to a data breach, come in various forms – natural, man-made and technical. HIPAA, the HITECH Act, the Federal Trade Commission and the Securities and Exchange Commission are just a handful of entities requiring that the confidentiality, integrity and availability of the sensitive information (e.g., protected health information (PHI) and personally identifiable information (PII)) remain intact. Although federal HIPAA has distinct categories (e.g., covered entity, business associate, and subcontractor), other state or federal government entities use “covered entity” to mean any person that creates, receives, maintains or transmits PHI or PII.

HIPAA sets forth three main categories of safeguards: administrative, physical, and technical safeguards. Often times, these categories overlap. For example, the administrative requirement of a sanction policy compliments the physical requirement of two-factor identification for building access.

Below are a couple of select sections from the Code of Federal Regulations (CFR), which organizations should be particularly vigilant about in relation to disasters.

•45 CFR §164.310 (Physical) – requires that policies and procedures for facility access in order to restore lost data under the disaster recovery and emergency access plan.

•45 CFR §164.308 (Administrative Safeguards) – multiple requirements are set forth under this particular section of the CFR. For example:

•Security management process

•Annual risk analysis

•Information activity review

•Workforce clearance procedure

•Security awareness training

•Contingency plan

 

Read More: http://snip.ly/duepz#http://www.diagnosticimaging.com/blog/hurricane-harvey-hipaa-reminder

Beyond the HIPAA Privacy Rule: Enhancing Privacy, Improving Health Through Research.

The Value and Importance of Health Information Privacy

Ethical health research and privacy protections both provide valuable benefits to society. Health research is vital to improving human health and health care. Protecting patients involved in research from harm and preserving their rights is essential to ethical research. The primary justification for protecting personal privacy is to protect the interests of individuals. In contrast, the primary justification for collecting personally identifiable health information for health research is to benefit society. But it is important to stress that privacy also has value at the societal level, because it permits complex activities, including research and public health activities to be carried out in ways that protect individuals’ dignity. At the same time, health research can benefit individuals, for example, when it facilitates access to new therapies, improved diagnostics, and more effective ways to prevent illness and deliver care.

The intent of this chapter1 is to define privacy and to delineate its importance to individuals and society as a whole. The value and importance of health research will be addressed in Chapter 3.

CONCEPTS AND VALUE OF PRIVACY

Definitions

Privacy has deep historical roots (reviewed by Pritts, 2008Westin, 1967), but because of its complexity, privacy has proven difficult to define and has been the subject of extensive, and often heated, debate by philosophers, sociologists, and legal scholars. The term “privacy” is used frequently, yet there is no universally accepted definition of the term, and confusion persists over the meaning, value, and scope of the concept of privacy. At its core, privacy is experienced on a personal level and often means different things to different people (reviewed by Lowrance, 1997Pritts, 2008). In modern society, the term is used to denote different, but overlapping, concepts such as the right to bodily integrity or to be free from intrusive searches or surveillance. The concept of privacy is also context specific, and acquires a different meaning depending on the stated reasons for the information being gathered, the intentions of the parties involved, as well as the politics, convention and cultural expectations (Nissenbaum, 2004NRC, 2007b).

Our report, and the Privacy Rule itself, are concerned with health informational privacy. In the context of personal information, concepts of privacy are closely intertwined with those of confidentiality and security. However, although privacy is often used interchangeably with the terms “confidentiality” and “security,” they have distinct meanings.Privacy addresses the question of who has access to personal information and under what conditions. Privacy is concerned with the collection, storage, and use of personal information, and examines whether data can be collected in the first place, as well as the justifications, if any, under which data collected for one purpose can be used for another (secondary)2 purpose. An important issue in privacy analysis is whether the individual has authorized particular uses of his or her personal information (Westin, 1967).

Confidentiality safeguards information that is gathered in the context of an intimate relationship. It addresses the issue of how to keep information exchanged in that relationship from being disclosed to third parties (Westin, 1976). Confidentiality, for example, prevents physicians from disclosing information shared with them by a patient in the course of a physician–patient relationship. Unauthorized or inadvertent disclosures of data gained as part of an intimate relationship are breaches of confidentiality (Gostin and Hodge, 2002NBAC, 2001).

 

Read More: http://snip.ly/tlhw0#https://www.ncbi.nlm.nih.gov/books/NBK9579/

 

Hipaa—Should I Be Worried?

This ongoing column is dedicated to providing information to our readers on managing legal risks associated with medical practice. We invite questions from our readers. The answers are provided by PRMS, Inc.  a manager of medical professional liability insurance programs with services that include risk management consultation, education and onsite risk management audits, and other resources to healthcare providers to help improve patient outcomes and reduce professional liability risk. The answers published in this column represent those of only one risk management consulting company. Other risk management consulting companies or insurance carriers may provide different advice, and readers should take this into consideration. The information in this column does not constitute legal advice. For legal advice, contact your personal attorney. Note: The information and recommendations in this article are applicable to physicians and other healthcare professionals so “clinician” is used to indicate all treatment team members.

QUESTION

I have been hearing about the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for years, but I have not heard of very much enforcement by the government. Do I really need to be concerned about being found liable for HIPAA violations?

ANSWER

Yes. While it is true that the federal government’s enforcement of HIPAA’s Privacy and Security Rules has been limited in the past, this will no longer be true in the future.

OVERVIEW OF HIPAA ENFORCEMENT

Healthcare providers required to comply with HIPAA, a federal statute, are subject to enforcement actions for violations of the Privacy Rule1 and the Security Rule,2 federal regulations enacted under the HIPAA statute. The Office for Civil Rights (OCR), an agency within the Department of Health and Human Services, is responsible for civil enforcement of the Privacy Rule and the Security Rule. OCR can impose civil monetary penalties on covered entities up to $50,000 or more per violation, with an annual cap of $1.5 million for identical violations. The Department of Justice (DOJ) is responsible for the investigation and prosecution of criminal violations of the HIPAA regulations. Under HIPAA, the maximum criminal penalties are $250,000 and 10 years imprisonment.

 

Read More: http://snip.ly/ojh0m#https://www.ncbi.nlm.nih.gov/pmc/articles/PMC3552464/

Top Healthcare Webinars You Can Get for $10

The cost of learning a new skill in regulatory compliance1Used to paying over $250 for a high quality healthcare webinar from a leading expert on the topic from a reputable provider of professional trainings? Let us change your habit! You no longer have to pay this much. So, how much do you think you need to be paying for top healthcare webinars? $200? $150? $100? None of these. All that you have to pay for a top healthcare webinar is $10!

Yes, no spelling errors here. It is indeed $10. That is all you need to pay for a healthcare webinar from GlobalCompliancePanel, a leading provider of professional trainings for all the areas of regulatory compliance. There is a whole list of top healthcare webinars you can get for $10. There are just so many on offer; you will be spoilt for choice:

Healthcare reform is one of the hot areas of healthcare today, what with many regulations that keep coming up from time to time about this critical sector of the economy. This top healthcare webinar you can get for $10 equips you with many facets of the Affordable Care Act, or what we have come to call Obamacare. What impact will it have on employees and employers? Find out through this webinar.

Healthcare is an area in which FMEA applies very strongly. When something goes wrong at the healthcare provider’s location; it throws the whole system out of gear. Carrying out a thorough failure mode and effects analysis is a great antidote to these problems. Want to find out how to do it? This top healthcare webinar you can get for $10 has the answers.

But one question has not been answered yet: Why is GlobalCompliancePanel doing this? Why is it having this offer now? Well, it is because it wants to ensure that the community of regulatory professionals grows, and grows well. Having been in the professional trainings area for ten years now; it feels this is something it needs to do in order to draw more people into the regulatory trainings network. By offering top healthcare webinars you can get for $10; GlobalCompliancePanel wants to contribute its mite to enhancing and expanding the learning community.

Isn’t this offer of top healthcare webinars you can get for $10 the ideal means to growing up in your career? After all, we spend this amount on myriad things that could be of some use to us, but does this use compare with the enormity of the utility a healthcare webinar gives? These top healthcare webinars you can get for $10 each help you climb your professional ladder. This in turn could help your organization make a name as a responsible and ethical provider of quality products. It could earn it a reputation in the market. When you can accomplish all these through top healthcare webinars you can get for $10, what are you waiting for?

Contact Details:

https://www.globalcompliancepanel.com/webinars_home?wordpress-seo-gcp-webinar-offer-2017

John.robinson@globalcompliancepanel.com

Support@globalcompliancepanel.com

+1-800-447-9407

Don’t miss out! Offer @ $10 – Online Professional Courses

7This is a great deal. What else does one call this offer $10 deal to enhance professional skill from GlobalCompliancePanel? Wait. We are talking about $10, but did we tell you what you get for $10? Did you think it is the cost of registration for the event? Well, be prepared to get proven wrong –for the happiest of reasons. $10 is the price of a single recorded webinar that GlobalCompliancePanel is putting up at this great deal @$10 to enhance professional skills with GlobalCompliancePanel!

4Yes indeed, after all the rubbing of your eyes to confirm the truth of this seal, GlobalCompliancePanel assures you that it indeed has a great deal @$10 to enhance professional skills with GlobalCompliancePanel! Could regulatory trainings become more inexpensive and more affordable? Nowhere else in the market does one something of such high value as professional trainings in the regulatory compliance area for this price. Of course, a lot of items are available in the market for this price. Let us talk about a few toiletries. Let us talk about a few used books. Let us talk about some children’s clothing. But professional trainings that will take your profession as a regulatory compliance professional a few notches higher, at $10? Well, you can take your time to believe this, but it is true.

8This great deal @$10 to enhance professional skills with GlobalCompliancePanel is open to all professionals who want to enhance their skill and learning of the regulations in their respective domains of specialization. Who wouldn’t want to, at this price? When professional trainings in regulatory compliance becomes available at this great deal @$10 to enhance professional skills with GlobalCompliancePanel; what could be a better means to spend your ten dollars!

4What is the motive behind this offer? Simple: GlobalCompliancePanel has been a provider of professional trainings for the regulatory compliance arena for a good ten years now. It has become an established name in this area. It thought, why not make our trainings more wide-ranging and accessible to many more professionals? After all, regulations do keep changing every now and then. Shouldn’t regulatory professionals keep pace with them?

3A rich assortment of courses is available at this great deal @$10 to enhance professional skills with GlobalCompliancePanel. You can choose from trainings that help you with nuances of how to establish a reduce testing program for pharmaceutical and medical device components, where the guru of starting up, developing, implementing, managing, and remediating pharmaceutical and medical device Quality Systems, Howard Cooper, will show how to derive the benefits of systematic reduced testing program include increased compliance, smaller inventory cycles, less testing, less handling, and increased productivity and efficiency.

9Are you at odds when it comes to designing, planning and conducting effective audits? Then, why don’t you purchase this webinar that comes as part of great deal @$10 to enhance professional skills with GlobalCompliancePanel, in which Mark Roberts, Head of Roberts Consulting and Engineering (RCE), a consulting firm specializing in quality system and sterility assurance compliance, will offer his insights?

There could be no better means to improve your knowledge of regulatory requirements. And the time is now, with this great deal @$10 to enhance professional skills with GlobalCompliancePanel!

Contact Details:

https://www.globalcompliancepanel.com/webinars_home?wordpress-2017-SEO

John.robinson@globalcompliancepanel.com

Support@globalcompliancepanel.com

+1-800-447-9407