News — OCR

Okay folks – we need to talk about your data backup.   Dental offices, as covered entities, must meet Implementation Standards to get in compliance with the HIPAA security rules. There are two types of implementation standards: required and addressable. Required means it must be done and there is only one right way to do it. Addressable means it must be done, but you have options. However, if you aren’t going to do it, you must document in writing why. Substantiate. Substantiate. Substantiate.   Backing up your data (the act/action) is an addressable implementation standard. You’ve got to do it,...

On January 9, 2017, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), announced the first HIPAA enforcement action and settlement based on the late reporting of a breach of unsecured protected health information (PHI). Presence Health, a large Illinois healthcare network, settled potential violations of the HIPAA Breach Notification Rule by paying $475,000 and implementing a corrective action plan. The breach involved missing paper-based operating room schedules containing the PHI of 836 individuals. Information included individuals’ names, dates of birth, medical record numbers, dates of procedures, types of procedures, surgeon names, and types of anesthesia....