We're not even into March yet and we've already seen a busy start to 2017. The Office of Civil Rights (OCR) announced the 4th settlement of the year with Memorial Health Systems of Hollywood, Florida. They paid $5.5 million to settle claims it violated HIPAA requirements under the Privacy and Security Rules.. The other settlements in 2017 were Children's Medical Center in Dallas to a tune of $3.2 million, MAPFRE, a life insurance company out of Puerto Rico for $2.2 million and Presence Health from the Chicago area.
Presence Health is interesting in the fact it was the first violation stemming from the Breach Notification Rule. Presence Health agreed to pay a $475,000 settlement to OCR to avoid potential HIPAA fines stemming from the violations. They failed to notify Health and Human Service's OCR and the 836 patients effected by the breach in a timely manner. OCR Director Jocelyn Samuels said it best, "Covered entities need to have a clear policy and procedures in place to respond to the Breach Notification Rule's timeliness requirements.Individuals need prompt notice of a breach of their unsecured PHI so they can take action that could help mitigate any potential harm caused by the breach."
According to the Breach Notification Rule that's usually as soon as possible, but no later than 60 days following the discovery of a breach.
In all the above cases the covered entities were also required to take corrective actions. These corrective actions usually involve implementing or revamping HIPAA policies, retraining employees and implementing more stringent safeguards.
Our 2017 HIPAA Security and HIPAA Privacy Manuals are completely up to date with the latest regulations and changes. They provide affordable compliance and peace of mind in the unlikely event that you have a HIPAA audit or breach that results in one. Our systems include policies, forms, employee training, "How-to" sections and sticky notes that help walk you through quick, painless compliance with the HIPAA Rules.
Any breach, loss of information or other unforeseen incident could result an audit that could put your polices, HIPAA training records and other documents under scrutiny. Why take a chance?