A year after implementation of the HIPAA Omnibus rule, many healthcare providers and their business associates are still struggling to comply with the U.S. Department of Health and Human Services (HHS) required patient privacy regulations.
“We are still seeing organizations that are not fully embracing or acknowledging that they are [liable for] HIPAA compliance,” Andrew Hicks of risk management consultancy Coalfire recently told HealthcareInfoSecurity.com. Business partners are among the worst offenders. “They’ve been pulled into this reluctantly,” Hicks said, “and they don’t understand what they’re on the hook for.”
Where the feds are concerned, ignorance is far from bliss. Charged with enforcing HIPAA privacy rules, the HHS Office for Civil Rights (OCR) has been busy this year assessing hefty fines for non-compliance. Use the following news roundup to stay abreast of and in compliance with privacy law updates.
- Dumped medical records cost Parkview Health System, Inc. $800,000. OCR charged the non-profit community health care system in Indiana and Ohio with leaving dozens of boxes containing thousands of patient records in the driveway of a retired physician despite being informed that he would not be home.
“All too often we receive complaints of records being discarded or transferred in a manner that puts patient information at risk,” explained OCR’s Christina Heide. “It is imperative that HIPAA covered entities and their business associates protect patient information during its transfer and disposal.”
- In light of the Supreme Court ruling on the Defense of Marriage Act, OCR has redefined its definition of spouse to include same-sex partners in legally valid marriages.
Visit our website to find out about MedConnectUSA’s award-winning, HIPAA-compliant answering and telemessaging services.