The Department of Health and Human Services has sanctioned a Business Associate in a settlement of potential violations of the HIPAA Privacy and Security Rules a Business Associate that provided coding, billing, and onsite information technology services to healthcare providers. The settlement involved a data breach, where a network server containing the protected health information of 267 individuals was left unsecure on the internet.
Learn how this Business Associate failed to comply with HIPAA Privacy, Security, and Breach Notification Rules for the requirements that HIPAA-regulated entities must follow to protect the privacy and security of protected health information. Review how effective cybersecurity failed to include ensuring that electronic protected health information was secure, and not accessible to just anyone with an internet connection. The government investigation began years ago in 2017 following the receipt of a breach report stating that the Business Associate had experienced an unauthorized transfer of protected health information, known as exfiltration, from its unsecured server.
This included sensitive protected health information that included patient names, dates of birth, addresses, Social Security numbers, email addresses, diagnoses, treatment information, medical procedures, and medical histories – devastatingly private and confidential information.
In addition to the impermissible disclosure, the government investigation found evidence of the potential failure to have in place an analysis to determine risks and vulnerabilities to electronic protected health information across the organization. No one was monitoring the situation or analyzing possible security risks – those are themselves HIPAA violations. In a most recent case, a chain of pain management clinics was fined $1.9 million for computer security failures, failure to perform audits and risk analysis, and failure to terminate a former employee’s access to medical records.
Erase the fear, uncertainty, and doubt about compliance with HIPAA Privacy and Security Rules for Business Associates by reviewing this significant, landmark government investigation, complaint, and sanction.
Areas Covered:-
Background:-
The background for this topic is an overview of business associate rules and HIPAA privacy and security rules as applied to computers.
Why should you Attend?
The Federal Department of Health and Human Services recently conducted a landmark investigation into a Business Associate’s failure to comply with HIPAA and its stringent security and privacy rules in a volatile situation involving unsecured computer access and breach notification of serious protected health information.
Analyzing this investigation and settlement agreement that imposed tens of thousands of dollars in penalties, erases the fear, uncertainty, and doubt about HIPAA compliance by a Business Associate.
Who will Benefit?