Are you HIPAA compliant?

The September 23, 2013 deadline has come and gone — What have you done to protect yourself from HHS fines?

February 22, 2011, HHS imposed a $4.3 million civil money penalty against Cignet Health of Prince George County, Maryland (Cignet) for violations of the HIP AA Privacy Rule. $1.3 million of the penalty redressed the violation of 41 patients’ rights who were denied access to requested medical records within the statutorily proscribed 30 (and no later than60) days of the patient’s request.

On June 26,2012, the Alaska DHSS paid $1.7 million as a result of the theft of a USB hard drive possibly containing ePHI from a DHSS employee’s car. The enforcer’s noted their failure to do risk analysis, implement adequate risk management measures, workforce training or device and media controls, or address device and media encryption.

On September 17, 2012, the Mass. Eye and Ear Infirmary and Mass. Eye and Ear Associates Inc. paid $1.5 million as a result of the theft of an unencrypted personal laptop containing ePHI of MEEI patients and research subjects, which, in the government’s view, reflected “long-term, organizational disregard for the requirements of the Security Rule”

We can help you to:

  1. Develop, implement and maintain HIPAA Privacy policies, procedures, and forms
  2. Maintain regulatory and business accuracy
  3. Implement and maintain HIPAA records filing system
  4. Publish and maintain Notice of Privacy Policy and patient acknowledgment
  5. Implement safeguards to protect PHI from intentional or unintentional unauthorized uses and disclosures and limit incidental uses or disclosures
  6. Handle all complaints
  7. Mitigate the effects of any unauthorized use or disclosure or other violations
  8. Ensure all patients’ (and deceased patients’) HIPAA rights and requests are honored: access, amendment, confidential communication channels, restriction requests, authorizations, accountings, personal representative designations
  9. Handle access requests by law enforcement, subpoenas, court orders, and public purpose entities
  10. Ensure minimum necessary rule is applied
  11. Handle all workforce training and sanctions
  12. Ensure all Business Associates are identified and have signed Business Associates agreements
  13. Cooperate with any government privacy investigations

Contact us at 847-279-0026 for more information.