Welcome to Health Care Security and Privacy Connection
HEALTH CARE SECURITY AND PRIVACY CONNECTION |
Thanks for your interest in RSM’s Health Care Security and Privacy Connection, your periodic update on industry news and insights related to information privacy, security and compliance. Here’s what’s happening.
The Office for Civil Rights (OCR) enforcement program is alive and well and health care organizations should know that OCR Health Insurance Portability and Accountability Act (HIPAA) fines will likely continue to be on the rise for the coming months.
HIPAA breach settlements have gone from $6.2 million in 2015 to $23.5 million in 2016, and are currently at $17.372 million for 2017. With the passing of the typically quiet summer months, it’s expected that settlements and enforcement actions will be forthcoming through the fall and winter.
At RSM, we track OCR enforcement actions as an indicator of specific compliance risks, but more importantly, to ensure we focus on the various elements of our client risk management programs that represent the greatest or emerging exposures. With that, we have observed two unique, first-time OCR HIPAA-related fines for 2017, including one for the timing of breach notification and another for a mobile medical device manufacturer. See the links below for details on these cases as well as additional helpful content related to this topic. Questions? Contact us.
- Presence Health $475,000 settlement Presence Health reported a breach, but not within 60 days of discovering the problem, as is required by law. This is the first fine specific to the failure to report a breach timely.
- CardioNet $2.5 million settlement CardioNet experienced a breach related to a lost laptop. While this was not directly related to the services they provide customers, it was the first HIPAA settlement involving a wireless health services provider. We have in the past, however, seen breaches related to the computing equipment connected to medical diagnostic devices.
RSM helps their client optimize their electronic health record vendor selection process, ensuring a strategic fit for the organization.
Collaboration and alignment between IT audit and IT security helps health care organizations better manage information security risks.