Healthcare

According to a high-ranking attorney in the Department of Health and Human Services (HHS), penalties under the Health Insurance Portability and Accountability Act (HIPAA) are likely to increase substantially over the next year, continuing the increases that have already been seen. Since June 2013, HHS has received more than $10 million in alleged HIPAA violation fines. HHS Chief Regional Civil Rights Counsel Jerome Meites made this prediction at an...

HealthITSecurity recently wrote an article on the need to increase the level of physical safeguards in order to be compliant with the HIPAA Security Rule standards. This article followed recent examinations of administrative safeguards and technical safeguards, both of which are also worth a read. In their review of the HIPAA standards for physical safeguards, the article looks at the ongoing battle healthcare organizations have had with physical safeguards....

Two States have recently changed their data breach laws. The Kentucky General Assembly passed two new data breach laws, becoming the 47th state to have a general data breach notification law, and Florida has proposed a new and more stringent bill governing data breach requirements. Coming into effect on July 15, 2014, Kentucky’s new data breach legislation, HB232, will require consumer notification when a data breach reveals personally identifiable information...

CASAColumbia, The National Center on Addiction and Substance Abuse at Columbia University, is a science-based, multidisciplinary, not-for-profit organization focused on prevention, treatment, and elimination of substance disease in all sectors of society. Their researchers are often among the public doing surveys and gathering information, often in areas that would put devices at risk for theft. CASAColumbia wanted to ensure they were HIPAA compliant, but also wanted to protect the investment in the devices used in...

The next round of HIPAA compliance audits is set to begin in Fall 2014. Unlike the previous audits, which saw an escalation in non-compliance penalties, this next round will have a more narrow focus and will not be done in person. Meticulous records are key to passing this round of scrutiny, says privacy attorney Adam Greene in an article on Healthcare InfoSecurity. Unlike the in-person audits conducted in 2012,...