HIPAA investigations to include breaches fewer that 500 patient records


By Aris Medical Solutions

HIPAA investigation

The Office for Civil Rights announced in August they would be working with their Regional Offices to more widely investigate the causes of breaches that affects less than 500 patient records. The Regional Offices will use their own discretion to prioritize which breaches to investigate.

Some of the factors they will be considering include:

  1. The number of records affected
  2. Intrusions of the IT systems
  3. The sensitivity of the data
  4. Whether the data was unencrypted or disposed of improperly
  5. Number of breaches from the same entity including business associates
  6. The lack of reported breaches when comparing similar situations with specific covered entities and business associates

Here are some helpful tips to avoid data breaches:

  • Confirm fax numbers and email address BEFORE sending.
  • Do not permit ANYONE access to your systems without confirming their identity and verifying they are still employed with that particular company.
  • Do not click on links in emails, instead, open your browser and go to the website.
  • Make sure all accesses to ePHI utilizes strong passwords, preferably passphrases.
  • Change your passwords/phrases at least every 90 days. This includes your EHR, PM software, workstation operating system, and email access.
  • If a two-step authentication is available, make sure it is engaged.
  • Use encryption whenever possible, depending on the operating system you use, it may be FREE!
  • Request a network security audit to be performed that includes remediation.
  • Do not retain records longer than necessary, why have that exposure if it is not required!
  • Make sure everyone involved with Patient Data is HIPAA Compliant.

As we mentioned last month, enforcement of HIPAA is here and you must ensure that if you are audited or investigated you have all of the appropriate documentation in place. Remember… if it is not documented, it doesn’t exist!

If you are one of the many organizations that simply do not have the time to do this, you are not alone. We offer a full range of services from a Do-It-Yourself HIPAA program to a Full HIPAA Implementation package. Call Aris at 877.659.2467 or click here to schedule a demo.

About Suze Shaffer

Suze Shaffer is the owner and president of Aris Medical Solutions. She specializes in HIPAA compliance, risk management, and cyber security. She believes that by educating her clients in understanding why and what needs to be done to protect their practice they have a better outcome.

Suze has been instrumental in helping clients nationwide with risk management, implementing privacy and security rule policies and procedures, and ultimately protecting patient data. She includes state and federal regulatory requirements to ensure clients are protected in all areas.

She has spoken at numerous conferences and functions. She continues to educate organizations how to minimize the risks of data breaches. HIPAA compliance is not an option, it is mandatory for every organization that comes in contact with protected health information to have reasonable and appropriate security measures in place. Unfortunately, most organizations don’t realize they are not compliant until they suffer a data breach or they are faced with an audit or investigation.

Did you know that the Office for Civil Rights (OCR) is the agency that investigates data breaches? Have you seen the heavy fines that have been imposed for non-compliance?

All 50 states now have their own set of privacy laws and the State's Attorney General may also investigate privacy violations!

Share This HIPAA Blog

HIPAA Enforcement is HERE!

August 15, 2016

October is National Cyber Security Month

October 23, 2016
©2023 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC
error: Content is protected !!