Small providers, be ready: Feds will “widely investigate” small HIPAA breaches

The U.S. Office for Civil Rights (OCR) says it is now working with its regional offices to more widely investigate the root causes of breaches affecting fewer than 500 individuals.”  The regional offices will still have discretion on which smaller breaches to investigate, but each office will increase its efforts to address these smaller breaches. 

Among other things, regional investigators will look for incidents involving inproper disposal or theft of unencrypted Protected Health Information (PHI), and inappropriate access to IT systems.

Here are examples of settlements in smaller breaches:

Catholic Health Care Services, relating to a business associate’s failure to safeguard nursing home residents’ PHI: $650,000.

St. Elizabeth’s Medical Center, relating to allegations that staff used an internet-based, document-sharing application to store PHI without having analyzed risks: $218,400.

Hospice of North Idaho, relating to an unencrypted laptop computer containing the electronic protected health information: $50,000.

Upcoming Webinars

[add_eventon_list hide_month_headers="no" hide_empty_months="yes" event_order="ASC" number_of_months="3" ]

New Social Media Course

November 10, 2023 No Comments

MyHIPAA Guide is offering a new social media course that will help you protect your organization from potential privacy violations that result from social media

Read More »

Upcoming Events

10 Steps to Compliance

MyHIPAA Guide helps HIPAA-covered organizations understand what they need to do on a daily basis. Subscribers gain access to a comprehensive, human-centered HIPAA program.

CALL US TODAY:  (234) 281-4310

MyHIPAA Guide

Product

Discover

DISCLAIMER: MyHIPAA Guide content, including newsletters, is for informational purposes only. MyHIPAA Guide is not intended as legal advice or as a recommendation for a provider’s specific circumstances, and it is not intended as an exhaustive or definitive source on protecting health information from privacy and security risks. Providers and professionals seeking expert advice should consult an attorney and/or a risk assessment professional.

NOTICE TO READERS: We will do our best to report updates on HIPAA rules as quickly as possible following public notifications. In submitting questions or comments to MyHIPAAGuide.com, NEVER SEND THE PROTECTED HEALTH INFORMATION OF A PATIENT.

Copyright © by M.E.D. Media Mart LLC - Published by M.E.D. Media Mart LLC.