HIPAA Compliance for Medical Practices
82.6K views | +42 today
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...

Why Should HIPAA Compliance Matter to You

Why Should HIPAA Compliance Matter to You | HIPAA Compliance for Medical Practices | Scoop.it

Healthcare Professionals

If you are a healthcare provider or business associate, HIPAA compliance should matter because it is the law. According to the Code of Federal Regulation (CFR), if you are a provider or business associate who utilizes electronic health records, you must ensure the confidentiality, integrity, and availability of all records created, received, maintained, or transmitted. Civil monetary penalties for noncompliance that cause a breach of electronic patient records can be assessed up to $1.5 million. Criminal penalties can range from one to ten years in prison.

I believe one of the biggest issues facing small healthcare providers is lack of knowledge of exact requirements for HIPAA security compliance. Part of the problem for small providers is they often have an unclear understanding of what safeguards need to be in place for electronic health records. I see this as a huge concern. The U.S. Department of Health and Human Services (HHS) does an inadequate job providing specific guidance to small providers. It is difficult to navigate through the HHS website to find particular HIPAA compliance information.

I should know because I used to work for HHS and had oversight of complex health care fraud investigations. We had teams of lawyers and analysts to guide us in the regulatory world, whereas a small healthcare provider, if lucky, maybe will find the necessary guidance on the HHS website. Even then, the information becomes subject to interpretation by a provider with limited exposure to HIPAA regulatory compliance. Ask yourself how comfortable you are with this.


With more and more healthcare providers utilizing electronic health records, consumers (patients) need to ask those providers if they are doing everything they can to secure their health information. For consumers, HIPAA compliance matters because it equals assurance that the proper safeguards are in place to prevent unauthorized access, tampering, and theft of medical records.

A recent study by the Ponemon Institute found criminal attacks on healthcare providers have increased dramatically, up 100% since 2010. Unlike having credit information stolen where the bank or credit card company may notify the consumer about suspicious activity in a timely manner, health information compromises take longer to recognize. With all the recent emphasis on newsworthy data breaches, this is a wake-up call for patients who must treat their online health information as they would their credit information.

Medical identity theft is a profitable industry for criminals who can make a lot more money selling health information than credit card numbers. According to Dell Secure Works, an information security services company, criminals can get paid $20 for a person’s stolen health identity information, as compared to credit card numbers that may yield $1 to $2 apiece. As a former Assistant Inspector General for Investigations at HHS, I know that Medicare card numbers could be sold for up to $50 apiece. In addition, there is much more personal data at stake with health records, which can include sensitive information such as pre-existing conditions, full-blown medical histories, and prescriptions, along with a plethora of financial, employment, and family information.

So the next time you go to your healthcare provider and you are asked to sign a HIPAA release form, read the fine print. Know your rights and expectations of privacy. Most importantly, ask your providers what they are doing to protect your electronic health records.

Author: Jay Hodes is the President of Colington Security Consulting LLC and the former Assistant Inspector General for Investigations at the U.S. Department of Health and Human Services, Office of Inspector General. In that position he supervised over 200 Special Agents and professional support staff responsible for health care fraud and medical identity theft investigations throughout the eastern United States.

His company provides assistance with HIPAA Security Rule compliance by conducting risk assessments and writing practice specific risk management plans. The assessments identify vulnerabilities and risks; determine the potential impact and provide a gap analysis action plan to prevent unauthorized access, tampering and theft.

Technical Dr. Inc.'s insight:

<p>Contact Details :<br>inquiry@technicaldr.com or 877-910-0004<br><a href="http://www.technicaldr.com/tdr" rel="nofollow">www.technicaldr.com/tdr</a></p>;

No comment yet.

WORD TO THE WISE: What to do after a data breach compromises your identity

WORD TO THE WISE: What to do after a data breach compromises your identity | HIPAA Compliance for Medical Practices | Scoop.it

Tens of millions of Americans could be victims of the latest corporate data breach, this one at Anthem Insurance. Unknown hackers apparently stole personal identifying information from current and former Anthem customers, including names, addresses, Social Security numbers, dates of birth and other information that can be used for identity theft.

Anthem has set up a separate website with information on the breach, but the Better Business Bureau recommends that consumers always go to a company’s main website first and follow links from there. Scammers often take advantage of data breaches and subsequent confusion to set up spoof websites and send phishing emails.

BBB offers the following suggestions for consumers concerned that their personal information has been stolen (also available at bbb.org/breach):

• Do not take a wait-and-see approach as you may have done with breaches involving credit card data. You must act quickly. Breaches involving Social Security numbers have the potential to be far more detrimental to victims, and the damage can be difficult to repair.

• Consider taking a preemptive strike by freezing your credit reports. This will not impact existing credit cards and financial accounts but will create a roadblock for thieves seeking to create fraudulent accounts using your personal information. Security freezes should be completed with each of the three credit reporting agencies, Experian, Equifax and Transunion.

• At a minimum, if you know your Social Security number has been compromised, place a fraud alert on your credit reports. While less effective than a freeze, this will provide an extra layer of protection.

• Take advantage of the free credit monitoring services Anthem will be offering to breach victims. While this is not a preventative measure, this will alert you to new accounts or inquiries using your Social Security number so that you can act quickly to repair the damage.

• Vigilance is key. Regularly check your credit reports at www.annual creditreport.com for unauthorized charges or other signs of fraud. Note: This is the only free credit report option authorized by the Federal Trade Commission.

• For more information and complete step-by-step guidance on repairing the damage caused by identity theft, visit the FTC’s identity theft resources page under the tips and advice section of ftc.gov.

• Expect that scammers will take advantage of this data breach to send out phishing emails and other messages that appear to be from Anthem, a credit bureau or other legitimate companies. Do not click on links from any email, text or social media messages about this or any other data breach.

For all businesses that collect customer information:

• Make sure you protect your customers’ data. If a data breach can happen to a major corporation with significant data security measures in place, it can happen to any business.

• Check out BBB’s updated online guide bbb.org/data-security for free information on how to create a data security plan.

We have to face the fact that data breaches are now a part of our lives and prepare for them early, because it isn’t a question of “if” you’re affected but of “when” you’re affected.

No comment yet.