Small providers, be ready: Feds will “widely investigate” small HIPAA breaches

The U.S. Office for Civil Rights (OCR) says it is now working with its regional offices to more widely investigate the root causes of breaches affecting fewer than 500 individuals.”  The regional offices will still have discretion on which smaller breaches to investigate, but each office will increase its efforts to address these smaller breaches. 

Among other things, regional investigators will look for incidents involving inproper disposal or theft of unencrypted Protected Health Information (PHI), and inappropriate access to IT systems.

Here are examples of settlements in smaller breaches:

Catholic Health Care Services, relating to a business associate’s failure to safeguard nursing home residents’ PHI: $650,000.

St. Elizabeth’s Medical Center, relating to allegations that staff used an internet-based, document-sharing application to store PHI without having analyzed risks: $218,400.

Hospice of North Idaho, relating to an unencrypted laptop computer containing the electronic protected health information: $50,000.

Upcoming Webinars

[add_eventon_list hide_month_headers="no" hide_empty_months="yes" event_order="ASC" number_of_months="3" ]

New Social Media Course

MyHIPAA Guide is offering a new social media course that will help you protect your organization from potential privacy violations that result from social media

Read More »

Upcoming Events

10 Steps to Compliance