United States

Welcome to Health Care Security and Privacy Connection

HEALTH CARE SECURITY AND PRIVACY CONNECTION  | 

Thanks for your interest in RSM’s Health Care Security and Privacy Connection, your periodic update on industry news and insights related to information privacy, security and compliance. Here’s what’s happening.

The Office for Civil Rights (OCR) enforcement program is alive and well and health care organizations should know that OCR Health Insurance Portability and Accountability Act (HIPAA) fines will likely continue to be on the rise for the coming months.

HIPAA breach settlements have gone from $6.2 million in 2015 to $23.5 million in 2016, and are currently at $17.372 million for 2017. With the passing of the typically quiet summer months, it’s expected that settlements and enforcement actions will be forthcoming through the fall and winter.

At RSM, we track OCR enforcement actions as an indicator of specific compliance risks, but more importantly, to ensure we focus on the various elements of our client risk management programs that represent the greatest or emerging exposures. With that, we have observed two unique, first-time OCR HIPAA-related fines for 2017, including one for the timing of breach notification and another for a mobile medical device manufacturer. See the links below for details on these cases as well as additional helpful content related to this topic. Questions? Contact us.

  • Presence Health $475,000 settlement Presence Health reported a breach, but not within 60 days of discovering the problem, as is required by law. This is the first fine specific to the failure to report a breach timely.
  • CardioNet $2.5 million settlement CardioNet experienced a breach related to a lost laptop. While this was not directly related to the services they provide customers, it was the first HIPAA settlement involving a wireless health services provider. We have in the past, however, seen breaches related to the computing equipment connected to medical diagnostic devices.

Related resources

Human Services Agency Seeks to Improve Care Through New EHR Strategy

CASE STUDY

Human Services Agency Seeks to Improve Care Through New EHR Strategy

RSM helps their client optimize their electronic health record vendor selection process, ensuring a strategic fit for the organization.

  • August 10, 2017
5 Keys For a Successful Enterprise Health Record Launch

INSIGHT ARTICLE

5 Keys For a Successful Enterprise Health Record Launch

Learn core guiding principles to launch a value-driven enterprise health record initiative at your health care organization.

  • Gulshan Mehta, Dan Head
  • |
  • October 28, 2016

INSIGHT ARTICLE

Beyond HIPAA compliance

Collaboration and alignment between IT audit and IT security helps health care organizations better manage information security risks.

  • Jonathan Dreasler, Adam Keagle, Greg Vetter
  • |
  • June 29, 2016

Health Care Security and Privacy Connection

( * = Required fields)

How can we help you?

To discuss how our team can help your business, contact us by phone 800.274.3978 or



Events / Webcasts

IN-PERSON EVENT

Health care and life sciences private equity and finance conference

  • February 21, 2018

LIVE WEBCAST

Health care industry 2017-2018 webcast series

  • November 16, 2017

IN-PERSON EVENT

Revenue recognition training seminar

  • November 16, 2017