Canadian Resident Charged with HIPAA Crime
On September 8, 2011, the United States Attorney’s Office announced that John Edward Cipolla, of Niagara Falls, Ontario, was charged with making a false statement to government agents and with violating the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Mr. Cipolla allegedly abandoned medical records in a dumpster behind the Erie County Auto .. read more
Have You Included War-Driving as a Possible Risk in Your Risk Analysis?
Wikipedia defines “war-driving” as the act of searching for Wi-Fi wireless networks by a person in a moving vehicle using a portable computer or PDA. Some war-driving is fairly harmless as in passive, listen-only war-driving in which the activity merely identifies broadcasting addresses. But war-driving can result in hacking of proprietary information, including protected health .. read more
No Disaster Plans?
I just got back from four days of presenting HIPAA after the HITECH Act seminars in Kansas and Missouri, and as usual, I met a lot of great people. But as I blogged on July 24, 2011, about why more covered entities have not performed risk analysis, a similar question came up this past week .. read more
Do You Have to Do a Risk Analysis of Paper Charts? Yes
Frank Ramage, who had read my July 24, 2011, blog entry, “Why Haven’t More Covered Entities Performed Risk Analysis?” asked whether HIPAA requires risk analysis of non-electronic PHI. Thanks for asking. It’s a good question, because HIPAA does not explicitly require risk analysis except for Electronic Protected Health Information (“EPHI”). 45 Code of Federal Regulations .. read more
OCR Identifies Incident Detection and Response as Its Top Issue in HIPAA Audits
In June 2011, the DHHS Office of Civil Rights (“OCR”) awarded KPMG, LLP, a $9.2 million contract to audit covered entities and business associates for HIPAA compliance as required by the HITECH Act. The first phase, from fall 2011 through 2012 will cover 150 covered entities. The OCR plans to move away from auditing based .. read more
Executive Summary of HIPAA and HITECH Act Management White Paper
My seminar swings around the country demonstrate that many smaller covered entities are woefully deficient in HIPAA compliance perhaps because, until the past couple of years, DHHS was not aggressively enforcing HIPAA. Such is no longer the case, and any covered entity that is not HIPAA compliant faces tremendous liability. But many of my seminar .. read more
I’m All Cash Pay with No Computers or Electronic Devices—Must I Comply with HIPAA?
I received the following Contact Form submission on this website: Message: “Hi. I am wondering if you could do a blog in the following topic. A Health Care provider does not do any electronic transactions, and in fact is all cash pay, no computers or electronic devices are used in his/her practice. Must they comply .. read more
Who Is an “Other Individual” That Can Be Prosecuted for a HIPAA Crime?
The HITECH Act corrected what federal prosecutors had viewed as a flaw in HIPAA’s criminal provisions at 42 U.S.C. § 1320d-6, which had stated: A person who knowingly and in violation of this part— (1) uses or causes to be used a unique health identifier; (2) obtains individually identifiable health information relating to an .. read more
Why Haven’t More Covered Entities Performed Risk Analysis?
I just got back from another seminar trip, this one to New England. I always ask my seminar attendees whether they have completed a formal, written risk analysis. I shouldn’t be surprised that in Boston no one raised a hand, because at every seminar less than 10 percent raise their hands that they have done .. read more
Yet Another Fine and Corrective Action Plan!
During the first full week of July, the U.S. Department of Health and Human Services (“DHHS”) announced that the University of California at Los Angeles Health Services agreed to pay a $865,000 fine and pledged to modify their infrastructure following claims that unauthorized employees, without a proper need to know, accessed two celebrity charts. In .. read more
