Part B Insider (Multispecialty) Coding Alert

Physician Note:

Practice Size Doesn't Matter When It Comes to HIPAA Settlements

Plus: Medicare focusing on improper payments for illegal immigrant patients.

If you think your practice will never be investigated over a HIPAA breach because "they're only coming down on the big guys," then think again. Although all of the previous HIPAA settlements have involved breaches by bigger health organizations that impact more than 500 patients, HHS recently announced a $50,000 settlement with a hospice that involved 441 patients.

The hospice organization revealed to HHS that an "unencrypted laptop computer containing the electronic protected health information (ePHI) of 441 patients had been stolen in June 2010," the HHS's Jan. 2 news release noted. Once HHS got involved, the agency discovered that the hospice had never conducted a risk analysis to safeguard ePHI, nor did the hospice have policies in place to address mobile device security as required by the HIPAA laws.

"This action sends a strong message to the health care industry that, regardless of size, covered entities must take action and will be held accountable for safeguarding their patients' health information." said OCR Director Leon Rodriguez in the statement. "Encryption is an easy method for making lost information unusable, unreadable and undecipherable."

To read the complete release, visit www.hhs.gov/news/press/2013pres/01/20130102a.html.

Other Articles in this issue of

Part B Insider (Multispecialty) Coding Alert

View All