Protecting that tax data requires more than just HIPAA compliance. Separate breach reporting and data encryption rules apply, for example, and the IRS has some fairly specific rules for physical safeguards, including a prohibition on drop ceilings and prescriptions for cubicle wall heights where FTI is handled.
A small nonprofit hospice organization in Idaho has agreed to pay $50,000 to the Department of Health and Human Services to settle allegations of federal data security rule violations over the loss of a laptop containing the personal health information of 441 patients
As a result of the state’s review of the file loss, the hospital is forced to pay a $750,000 settlement. However, the true total is $475,000, which is the balance due based on the hospital’s pre-existing investment of $275,000 in technology, particularly data-handling upgrades. The remaining balance will go to enforcement payments ($250,000) and a data-security education fund ($225,000).
Several healthcare associations are questioning another provision that would require hospitals and physician groups to conduct a security risk analysis that includes “addressing the encryption/security of data at rest.”
“I don’t think its actually going to be quite 150,” says Rodriguez, director of the Department of Health and Human Services’ Office for Civil Rights. “It will be something close to that.” That’s because of the office’s funding level and the capacity of KPMG, the firm hired to conduct the audits, Rodriguez explains in an exclusive interview with HealthcareInfoSecurity
President Obamas proposed fiscal 2013 budget calls for an overall 8 percent increase in spending for the Department of Health and Human Services, but a 5 percent cut in spending for the unit that enforces HIPAA
Security breaches among healthcare organizations are soaring. That’s the conclusion of the Second Annual Benchmark Study on Patient Privacy and Data Security
While the healthcare industry moves to invest billions into electronic health records, a steady trail of breaches and broken promises of security is starting to take its toll on patient trust.
The hard drive, taken home by a physician, was encrypted, but the password was written on a piece of paper that also went missing
OCR reported a total of 364 such breaches, up from 345 in its previous post in October. The 364 breaches have impacted 18,190,451 persons in breaches reported by covered entities from September 22, 2009—the day prior to the effective date of the Breach Notification Rule—to September 14, 2011