Federal regulators lowered the boom on the former owner of several nursing homes after an iPhone containing the medical records of more than 400 residents was stolen.
Catholic Health Care Services of the Archdiocese of Philadelphia will pay $650,000 under settlement terms that also stipulate extensive self-analyses, documentation and improvement plans for patient record policies and practices … read more
A company based in the state of Pennsylvania that develops wireless technology that’s used to assist physicians in the care of their cardiology patients was recently fined in excess of $2 million for a HIPAA breach that occurred when the protected health information (PHI) belonging to nearly 1,400 individuals was compromised after a company employee’s laptop was stolen. The Office for Civil Rights (OCR), the body within the U.S. Department of Health & Human Services (HHS) tasked with enforcing HIPAA’s privacy and security rules, found, specifically, that “[the company] had insufficient risk analysis and risk management processes in place at the time the theft occurred; failed to conduct an accurate and thorough risk analysis to assess the potential risks and vulnerabilities to the confidentiality, integrity, and availability of [electronic] PHI (ePHI); and failed to plan for and implement security measures sufficient to reduce those risks and vulnerabilities. (Code of Federal Regulations [CFR] 45 164.308(a)(1)).” This article will discuss the processes of HIPAA risk analysis and risk management to educate providers in the outpatient wound clinic setting on how to better protect their patients’ PHI and ePHI. The authors will also describe the general process of the security risk assessment (SRA) and offer direction and resources for providers to utilize … read more