Home Health & Hospice Week
Breach Reports Caused By Stolen Laptops Lead To $2.7M HIPAA Settlement
Don’t let mobile device theft send you down slippery HIPAA slope.
A recent multi-million-dollar settlement of HIPAA violations should serve as an important reminder to secure your mobile devices — and to make sure management buys into HIPAA compliance. Oregon Health & Science University in Portland submitted three separate breach reports to the HHS Office for Civil Rights — two involving unencrypted laptops and one large breach involving a stolen unencrypted thumb drive. During an investigation that followed these breach reports, OCR found that OHSU had widespread vulnerabilities within its HIPAA compliance program.
Now OHSU has agreed to pay out $2.7 million and enter a three-year corrective action plan to settle potential HIPAA violations that stolen-laptop-sparked investigation turned up. The OCR investigation found “widespread and diverse problems at OHSU,” OCR says in a release.
For example: OHSU stored more than 3,000 individuals’ electronic protected health information (ePHI) on a cloud-based server without a business associate agreement (BAA), OCR charged. And despite performing regular risk analyses, OHSU didn’t cover all ePHI in its enterprise as the Security Rule requires. Further, OHSU failed to address identified vulnerabilities and risks to ePHI in a timely manner.
Takeaway: “From well-publicized large-scale breaches and findings in their own risk analyses, OHSU had every opportunity to address security management processes that were insufficient,” OCR Director Jocelyn Samuels says in the announcement. “This settlement underscores the importance of leadership engagement and why it is so critical for the C-suite to take HIPAA compliance seriously.”
Home Health & Hospice Week
- Prospective Payment System:
Home Health Pay Cut Threatens Access To Care
Reimbursement is below cost of care already, rural provider tells CMS. If Medicare wants to [...] - Payment:
Case Mix Recalibration's Time Component To Shortchange Chronic Care Patients
Enough with the case mix reshuffling, commenters tell CMS. Another payment year’s start will mean [...] - Reimbursement:
MedPAC Claims Home Health Cuts Don't Go Far Enough
An 8.8% profit margin is still too high, Medicare watchdog says. While you may feel [...] - Pre-Claim Review:
MAC Says PCR Denial Rate Lower Than Reported
Good news: You can now save a Pre-Claim Review request in progress. Whether request denials [...] - HIPAA:
Breach Reports Caused By Stolen Laptops Lead To $2.7M HIPAA Settlement
Don’t let mobile device theft send you down slippery HIPAA slope. A recent multi-million-dollar settlement [...] - Industry Note:
Faxed PCR Requests Don't Receive Faxed Responses In These Cases
Shorten PCR turnaround by knowing the ropes. If you fax a Pre-Claim Review request to [...] - Industry Note:
Number Of PPS Proposed Rule Comment Letters Drops Significantly
Home health agencies’ voices are getting quieter as Medicare keeps hacking away at their reimbursement [...] - Industry Note:
Your Patients May Need New DME Supplier In New Year
Medicare is patting itself on the back for cutting hundreds of millions of dollars annually [...] - Industry Note:
State Cracks Down On Private Duty Agencies
The New Jersey Division of Consumer Affairs fined 36 private duty home care agencies more [...] - Industry Note:
MAC Offers NOE Correction Advice In FAQ Update
Don’t make extra work for yourself and risk reimbursement delays when you don’t have to. [...] - Industry Note:
County Puts HHA On The Block After Persistent Losses
Another county is shedding its home health agency. The Bladen County Board of Commissioners in [...] - Industry Note:
HHA Adds Doc House Calls To Its List Of Services
More home care agencies are reaping the benefits of venturing outside their home care silo. [...] - Industry Note:
HIPAA Phase 2 Audits In High Gear
Back in July, the HHS Office for Civil Rights announced that Phase 2 of the [...]
