Patient Data is a Hot Commodity

 

By Aris Medical Solutions

 

Health care organizations are now a primary target since they are the custodians of patient data and a plethora of information. The reason patient information is sought after so much is because it can be sold on the black market for a decent price. Social Security Numbers also have a longer shelf life unlike credit card numbers. Therefore it is imperative that any company or person that is involved with healthcare data do what they can to protect their computers and/or network.

Criminals are diligent in trying to gain access to these valuable databases. They can get into your network through social engineering, malware, and mobile devices to name a few. Sadly, most attacks go undetected for months, sometimes even a year unless it is ransomware when you are “notified” immediately!

Under the Security Rule, all entities that work with Protected Health Information are required to conduct a Risk Analysis to uncover any potential vulnerabilities. Then they must create a Risk Management plan to correct those deficiencies. Although most of the “technical” standards are addressable and not required, this does not mean optional. All covered entities and business associates must have reasonable and appropriate safeguards in place to protect their data. Aside from your normal IT services, we believe it will only be a matter of time before network security audits will become mandatory. Keep in mind your Policies and Procedures are still the backbone of HIPAA Compliance.

So what can you do to protect your data and your organization?

  1. Conduct a security risk analysis
  2. Mitigate the vulnerabilities that are discovered
  3. Request a third party network security audit
  4. Request documentation that your business associates are HIPAA Compliant
  5. Continual EDUCATION!

These are just some of the basics that you should implement. For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

Do you have your ALL of your Business Associate Agreements in place?

 

By Aris Medical Solutions

 

The Omnibus Rule that became effective March 26, 2013 was a game changer in many ways. One area was requiring Covered Entities to ensure that Business Associate Agreements (BAA) were in place with all of their business partners by September 23, 2013. If a Covered Entity had agreements already in place, Covered Entities had until September 22, 2014 to replace them with new ones that had all of the required elements of the new Omnibus Rule.

Did you know that if a Covered Entity (Medical Practice) releases Protected Health Information (PHI) to person or an entity and the practice does not have a signed BAA in place, the Covered Entity can be fined? In the eyes of HIPAA, you have disclosed PHI to an unauthorized user. Yes, this is TRUE!

Did you know that if a medical practice’s software vendor has a data breach and you as the Covered Entity do not have a BA agreement in place you could be fined as well? I know what you are thinking… it’s THEIR responsibility, not yours. True, but it is YOUR responsibility to have an agreement in place. Have you reviewed your BA agreements to ensure the documents have all of the required elements and it protects YOU the Covered Entity? These are very important documents and since it is the responsibility of the medical practice to protect patient data, the practice dictates when this information can be shared. The practice also has the responsibility to have assurances that the entity understands how to protect the data before it is released.

The Office for Civil Rights (OCR) recently imposed a $750K fine for such an offense. A Raleigh Orthopedic practice released 17,300 x-rays films to a Business Associate (BA) that promised to transfer the images in exchange for the silver in films. Unfortunately the practice forgot to have the entity sign a Business Associate Agreement.

Make sure you do not make the same mistake…

Contact Aris Medical Solutions at 877.659.2467 or click here to find out how we can protect your organization.

“Protecting Organizations through Partnership, Education, and Support”

©2022 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC