Health Information Compliance Alert

Enforcement News:

Check Out OCR's New Online Breach Notification Form

Plus: Medical identity theft costs your patients not just money, but their health, too.

When you report a breach, now the HHS Office for Civil Rights (OCR) wants you to report more details on what security measures you did or did not have in place at the time of the incident.

OCR recently updated its online breach notification form for self-reporting data breaches under HIPAA, reported attorney Linn Foster Freedman in a Feb. 6 blog posting for the law firm Nixon Peabody LLP. “Significantly, the new form requests more detailed responses related to the security measures in place at the time of the breach that were (or weren’t) in compliance with the Security Rule.”

The new form contains a series of security policies and procedures that you need to check off, Freedman said. If you’re unable to check off a box in a section, this will send up a red flag for the OCR to follow up on that blank box. “This will no doubt assist the OCR in determining whether additional information will be requested from the covered entity relating to its security practices and procedures following a data breach.”

To access the new form and updated instructions, go to www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/brinstruction.html. 

Protect Your Patients From The High Stakes Of Medical Identity Theft

Medical identity theft can be just as devastating — if not more so — as any other type of personal data theft. And according to a new report, medical identity theft is skyrocketing.

The Medical Identity Fraud Alliance (MIFA) recently released its “2014 Fifth Annual Study on Medical Identity Theft,” which measures the prevalence, extent and impact of medical identity theft to consumers and the U.S. healthcare industry. The Ponemon Institute conducted the study.

Not surprisingly, the study found that the incidence of medical identity theft continues to rise. The most recent report shows that medical identity theft has nearly doubled since the first study conducted five years ago — and there were nearly 500,000 more victims in 2014 than in 2013, MIFA says.

“Victims continue to experience serious risks related to their healthcare as a result of being victimized, such as misdiagnosis, mistreatment and delayed healthcare,” MIFA notes. “The out-of-pocket costs to victims has also grown, with twice as many victims experiencing financial costs to correct their medical identities and deal with the resulting problems.”

Founding Members of MIFA include Kaiser Permanente, Experian Data Breach Resolution, Identity Finder LLC, and ID Experts Corporation. To receive the full report, go to http://medidfraud.org/2014-fifth-annual-study-on-medical-identity-theft/ and complete the form at the bottom of the webpage.

Keep Your Medical Records Out Of Public Dumpsters

Local news reporters seem to be the latest champions of HIPAA compliance, as yet another news station breaks a report of medical records found in a dumpster.

A KRGV Channel 5 News viewer alerted the local station of finding medical files discarded in a dumpster at a storage facility in McAllen, TX. Now the Texas Attorney General’s Office is investigating the possible HIPAA breach.

Many of the files appeared to be records from the now-defunct Extra Mile Ambulance Service Company, KRGV reported on March 3.