Wednesday, March 20, 2013

Don't Land on the Office for Civil Rights’ “Wall of Shame”

By George F. Indest, J.D., M.P.A., LL.M., Board Certified by The Florida Bar in Health Law
As of February 2013, there are 537 cases listed on the Office for Civil Rights’ (OCR) “Wall of Shame.” These are breaches of unsecured health information affecting 500 or more individuals. The reports of these breaches of patient confidentiality are required by the Health Information Technology for Economic and Clinical Health (HITECH) Act.
The OCR continuously updates this list of breaches on its website. These breaches include a brief summary of each case that OCR has investigated and closed, as well as the names of private practice providers who have reported breaches of unsecured health information to the OCR.
Click here to see the OCR’s “Wall of Shame.”


Most Breaches on the “Wall of Shame” Involve Laptops and Portable Devices.
Six healthcare organizations listed on the “Wall of Shame” reported security breaches that involved one million or more patient records. Among the largest breaches reported was one by the TRICARE Management Activity, which reported 4.9 million records lost when back up tapes for computer systems went missing. Another major breach involved WellPoint, the largest managed health care company in the Blue Cross and Blue Shield Association. The company reported 31,700 of its customer records were compromised during a three-year time frame. The breach was believed to be caused by an unauthorized hack into a network server.
According to an article in Modern Healthcare, a majority of the breaches on the “Wall of Shame” involve laptops, backup disks and other portable devices that were stolen. These devices contained patient information and were not encrypted. Had the files been protected by encryption, these organizations would not have landed on the list.
Click here to read the article from Modern Healthcare.


New HIPAA and HITECH Rules.

The OCR under the U.S. Department of Health and Humans Services (HHS) recently released stronger rules and protections governing patient privacy. On January 17, 2013, the HHS announced the omnibus rule to strengthen the privacy and security protection established under the Health Insurance Portability and Accountability Act (HIPAA) of 1996. These changes also improve the HITECH Act by making it clear when breaches must be reported to the OCR. Once reported, the breaches are then placed on the “Wall of Shame.” It’s important to review these changes, as to stay off the list. Click here to learn more on the new HIPAA rules.


It's In Your Best Interest to Get a HIPAA Risk Assessment.
Since the HIPAA laws have changed, you need to edit your privacy forms and procedures. Many health providers simply don't have the time to re-review their policies and revise documents. A HIPAA risk assessment is a thorough review and analysis of areas where you may have risk of violating the HIPAA laws.  Federal regulations require that covered entities have this assessment done. To learn more on HIPAA risk assessments, click here.


Contact a Health Law Attorney Experienced in Defending HIPAA Complaints and Violations.
The attorneys of The Health Law Firm represent physicians, medical groups, nursing homes, home health agencies, pharmacies, hospitals and other healthcare providers and institutions in investigating and defending alleged HIPAA complaints and violations and in preparing Corrective Action Plans (CAPs).
For more information about HIPAA violations, electronic health records or corrective action plans (CAPs) please visit our website at www.TheHealthLawFirm.com or call (407) 331-6620 or (850) 439-1001.


Sound Off.
Have you ever heard of the “Wall of Shame? What do you think of this list? Please leave any thoughtful comments below.


Sources:
Modern Healthcare. “Hoping for ‘Progress’ on Health Data Breaches.” Modern Healthcare. (January 8, 2013). From: http://www.modernhealthcare.com/article/20130108/BLOGS02/301089998/joe-blog-sad-sign-of-progress-in-health-data-breaches
Mearian, Lucas. “‘Wall of Shame’ Exposes 21M Medical Record Breaches.” Computerworld. (August 7, 2012). From: http://www.computerworld.com/s/article/9230028/_Wall_of_Shame_exposes_21M_medical_record_breaches


About the Author: George F. Indest III, J.D., M.P.A., LL.M., is Board Certified by The Florida Bar in Health Law. He is the President and Managing Partner of The Health Law Firm, which has a national practice. Its main office is in the Orlando, Florida, area. www.TheHealthLawFirm.com The Health Law Firm, 1101 Douglas Ave., Altamonte Springs, FL 32714, Phone: (407) 331-6620.



The Health Law Firm" is a registered fictitious business name of George F. Indest III, P.A. - The Health Law Firm, a Florida professional service corporation, since 1999.

Copyright © 1996-2012 The Health Law Firm. All rights reserved.