If you needed another reason to ensure that your business associates are HIPAA-compliant in the face of a breach incident, here’s one for you.
On Oct. 23, potentially thousands of medical records flew out of the back of a truck in southwest Omaha, NE, according to KETV Omaha. The truck, owned by Lincoln, NE-based Medi-Waste Disposal, was carrying paper medical records to a disposal and storage site. The back door of the truck wasn’t latched and the papers flew out the back as the truck traveled down the road.
Good Samaritans and volunteers attempted to retrieve the records as the papers blew around the roadside, and Medi-Waste believes they recovered all documents, KETV reported. Medi-Waste has promised to establish new checks and balances to secure documents better in the future.
Get Ready For More HIPAA Security Scrutiny From OIG In 2015
The HHS Office of Inspector General (OIG) has released its annual Work Plan for fiscal year (FY) 2015, and HIPAA security is on its “hit list.”
The OIG’s Work Plan lists items like analyzing the IT security of community health centers and reviewing controls over networked medical devices at hospitals. The OIG wants to determine whether the Centers for Medicare & Medicaid Services’ (CMS’) oversight of hospitals’ security controls over networked medical devices is sufficient to effectively safeguard electronic protected health information (ePHI).
“Computerized medical devices, such as dialysis machines, radiology systems, and medication dispensing systems that are integrated with electronic medical records (EMRs) and the larger health network, pose a growing threat to the security and privacy of personal health information,” the OIG states in its Work Plan. “Such medical devices use hardware, software, and networks to monitor a patient’s medical status and transmit and receive related data using wired or wireless communications.”
Link: To view the OIG Work Plan for FY 2015, go to http://oig.hhs.gov/reports-and-publications/archives/workplan/2015/FY15-Work-Plan.pdf.