Categories
Blog

HIPAA Violations Have Real Teeth and Consequences

HIPAA  Violations Have Real Teeth and Consequences

Health and Human Services (HHS) recently release the results of the settle agreement with Massachusetts Eye and Ear Infirmary (MEEI). MEEI has agreed to pay HHS $1.5 million to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule.  The next step is for MEEI to implement new security controls and policies to remedy the problems. (www.hhs.gov/ocr/privacy/hipaa/enforcement/examples/meei-agreement.html

The key findings by HHS are probably prevelant in organizations that have not gone through a HIPAA Security and Privacy audit. The resuts in summary are:

1)A risk analysis was not conducted to understand dangers to EPHI

2)Data created, transmitted and maintained was not secure

3)Security incident managament did not have apprpriate policies and procedures in place

4)Portable device security was not in place

5) Portable device management was not in place

6)Access to portable devices with EPHI was not fully restricted

 As with so many government settlements, it wasn’t an admission of wrongdoing. That always seems strange when they findings were there, but that’s the agreement. Each of the findings is dangerous when it comes to protecting patient data and collectively the problem is compounded. It would have been much cheaper to conduct  the HIPAA Security and Privacy review, pay to implement new policies, procedures and software. It would been way under the $1.5 million in fines and ongoing audits and oversight. 

 Has your organization conducted a HIPAA Security review if necessary?

HIPAA Security

Enhanced by Zemanta