New technologies in healthcare means new risk to the security and privacy of patient health data. Though most healthcare companies and providers are aware of the need for internal data security, many may not be in compliance when sharing information with third parties. As providers and vendors find new and innovative ways to work together, the need for data sharing will only increase. It is critically important that all parties know when and how protected health information (PHI) is shared, and when patient authorization is required to do so.
In October, The Health and Human Services Office for Civil Rights (OCR) shared that future health-care privacy and security audits will shift from an educational focus to an enforcement focus. Previously, OCR performed these audits to educate providers on patient privacy and HIPAA. But now, the priority is enforcement. Instead of relying on complaints and breach notifications, the OCR will be more proactive in identifying problem providers. It’s important for all healthcare provider entities to have a HIPAA compliance plan actively in use. (We can help!)
Are you thinking about starting a new house call practice? There will be things you need to prepare for (and budget for), so Nixon Law Group compiled this information. Note that major concerns include whether commercial clients can reimburse, what kinds of safety needs there are, and Medicare requirements for a “practice location.” Read more below and feel free to contact us with questions!
As all health care providers know, the HIPAA Privacy Rule applies to their practice. But because many providers outsource some of their health care activities and/or functions, the HIPAA Privacy Rule also applies to these “business associates".” It is important that providers have assurances in writing that all business associates are appropriately safeguarding patient information and following all HIPAA provisions. The HHS Office for Civil Rights has issued a new fact sheet that lays out all provisions where the business associate would be held directly liable for HIPAA Rule violations.
We like to find interesting tips and tricks to help our clients improve their health data security. This infographic from Inspired eLearning on "phishing" schemes covers the most common types of phishing attacks, including via email, phone call, text message, or USB baiting. Read on to learn about how these attacks can occur, common statistics, and prevention tips.
On September 27, 2018, the Department of Justice (“DOJ”) for the first time announced its own “road map” guiding voluntary self-disclosures and cooperation with government investigations of fraud and abuse in the healthcare industry. By encouraging self-disclosure, the government is incentivizing healthcare entities to come forward early with reports of violations in the hope of negotiating reasonable settlements, avoiding exclusion from Federal healthcare programs, and reducing the severe civil and criminal penalties that would otherwise be imposed for such violations.
Many digital health technology companies have customers from multiple, or even all, states accessing their software and services. If these health tech companies have California customers, then starting in January 2020, they may need to abide by the California Consumer Privacy Act.
By building compliance processes into your internal structure, audits can be completed faster and can bring to light information that is beneficial for both your customers and employees. Here are seven tips to prepare for a healthcare compliance audit.