Call Us Today! 877-659-2467 contactus@arismedicalsolutions.com

Tag: risk management

Do HIPAA Fines go away when a practice or business closes?

Posted bySuze Shaffer

By Aris Medical Solutions

Many medical practices and business associates have the misconception that if they are fined they can simply close their doors and not be obligated to pay the fines or penalties. We have been asked if this will work many times. The Office for Civil Rights (OCR) has answered this haunting question.

Three years ago the OCR received an anonymous complaint against Filefax, Inc. that transported 2,150 patient files to be shredded. These files were left in an unlocked truck in their parking lot, or by granting permission to an unauthorized person to remove the files from Filefax, and leaving the Protected Health Information (PHI) unsecured outside the Filefax facility.

Although Filefax shut their doors during the course of the OCR’s investigation they were still obligated under the law. In 2016, a court in unrelated litigation appointed a receiver to liquidate its assets. In addition to a $100,000 monetary settlement, the receiver has agreed, on behalf of Filefax, to properly store and dispose of remaining medical records found at Filefax’s facility in compliance with HIPAA.

The first step in protecting your practice or business is to conduct a thorough security risk assessment and identify vulnerabilities and workflow. From there you can develop a risk management plan to ensure you document your compliance efforts and mitigate risks.

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Partnership, Education, and Support”

Updating your Contingency Plan

Posted bySuze Shaffer

 

By Aris Medical Solutions

HIPAA Disaster

Contingency Planning is more than just a power outage or how to backup and restore your data. A complete plan should include different types of scenarios that could happen in your area.

For those involved in Healthcare, creating a contingency plan is not optional.  Should you have a disaster and are not prepared you can be fined! The Office for Civil Rights (OCR) considers protecting personal information a civil right and they will enforce this if you have a data breach or a situation where your data is not recoverable.

Think about ransomware, have you included this in your contingency plan?

Depending where you are located, have you included how to respond to a hurricane, tornado, snowstorm, or fire?

Where is your data located and what would happen if you had a toilet overflow or a pipe burst?

In light of the recent tragedies have you included a section on workplace violence?

How to create a Contingency plan:

  1. Conduct a thorough HIPAA Risk Assessment. Understand and analyze what type of risks you are vulnerable to. This includes where you are located and what type of computer network that you utilize.
  2. Create a diagram of how your network is configured. This will help you to determine the best method to protect and restore your data from a backup.
  3. Implement a risk management plan that outlines what you have in place and what you will need in the future if it is not possible at the moment. Of course, you will need a timeline if you will be adding to your plan.

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

©2025 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC