Noncompliance of HIPAA Security Rules Has Huge Consequences

HIPAA security rulesThe noncompliance of HIPAA security rules has had huge consequences for an IT and health information management company.

CHSPSC LLC, (“CHSPSC”) has agreed to pay over $2 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS), for the breach of Protected Health Information (PHI). The Business Associate was notified by the Federal Bureau of Investigation (FBI) that it had traced a cyber-hacking group’s advanced persistent threat into CHSPSC’s information system.

After OCR ‘s investigation, it was found that CHSPSC had “longstanding, systemic noncompliance with the HIPAA Security Rule including failure to conduct a risk analysis, and failures to implement information system activity review, security incident procedures, and access controls.” The large health system provided various Business Associate services, including IT and health information management, to hospitals and physician clinics. These violations could have easily been avoided! OCR Director Roger Severino said, “The healthcare industry is a known target for hackers and cyber-thieves. The failure to implement the security protections required by the HIPAA Rules, especially after being notified by the FBI of a potential breach, is inexcusable.”

 

In addition to the monetary penalty, the Business Associate will be required to complete a “robust” Corrective Action Plan (CAP) with monitoring activity for at least the next two years. CHSPSC will also be required to do the following:

Implement technical policies and procedures to allow access only to those persons or software programs that have been granted access rights to information systems maintained
Implement procedures to regularly review records of information system activity, such as audit logs, access reports, and security incident tracking reports
Conduct accurate and thorough assessments of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of ePHI

All this shows that ANYONE can face HUGE penalties, and they would most likely bankrupt a small billing company or an independent physician practice.

 

So, based on this specific example, it is VERY important to understand that every complaint or potential breach must be investigated by HHS/OCR. If you, a billing company, or other vendor, suspect a breach, you must inform the covered entity (your client) and have a breach risk assessment completed to determine key factors and take action.

Keep in mind, a Business Associate is a ‘person’ or ‘entity’. This means that ALL billing companies—large or small—need to comply with the Federal HIPAA security rules and regulations. So, if your company has not completed an accurate and thorough security risk assessment, there is a possibility that you could be penalized under ‘willful neglect’. (This category alone gas a fine of $50,000 per violation!)

 

So then, what can be done to ensure this doesn’t happen to my billing company or my organization? Well, one of EZClaim’s partners, Live Compliance, can make determining your compliance requirements extremely simple:

Completely online, Life Compliance’s role-based courses make training easy for remote or in-office employees
Contact-free, accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location.
Policies and procedures are curated to fit your organization, ensuring employees are updated on all workstation use and security safeguards in or out of the office. Update is in real time.
Electronic, prepared document sending and signing to employees and business associates

 

So, don’t risk your company’s future, especially when Life Compliance is offering a FREE Organization Assessment to help determine your company’s status. Either call Life Compliance at 980.999.1585, visit LiveCompliance.com to schedule an assessment, or e-mail Jim Johnson.

[ Article contributed by Jim Johnson of Live Compliance ]

———————————-

ABOUT EZCLAIM:
EZClaim is a medical billing and scheduling software company that provides a best-in-class product, with correspondingly exceptional service and support, and can help improve medical billing revenues. To learn more, visit their website, e-mail them at sales@ezclaim.com, or call a representative today at 877.650.0904.

New Compliance Regulations for Working at Home

Whether you and your workforce are back in the office, or still working from home, there are new compliance regulations, and your HIPAA Compliance program may be a bit different.

New Compliance RegulationsReliable and Effective Compliance

Completely online, our role-based courses make training easy for remote or in-office employees.

Contact-free and accurate Security Risk Assessments are conducted remotely. All devices are thoroughly analyzed regardless of location.

Policies and Procedures curated to fit your organization ensuring employees are updated on all Workstation Use and Security Safeguards in or out of the office, and  updated in real time.

Electronic, prepared document sending and signing to employees and business associates.

Don’t risk your company’s future, especially when we are offering a FREE Organization Assessment to help determine your company’s status regarding the new compliance regulations. [ Click here to download a “HIPAA Compliance Requirements” document ].

Live Compliance is a partner of EZClaim, and you can contact them directly by either calling them at (980) 999-1585, e-mail Jim Johnson at Jim@LiveCompliance.com, or visit them at LiveCompliance.com

[ Written by Jim Johnson, President of Live Compliance ]

Ransomware Targeting Medical Billing Companies


Ransomware Targeting Medical Billing Companies
Ransomware Targeting Medical Billing Companies

As the number of healthcare providers taking advantage of Telehealth increases during this uncertain time, the number of ransomware attacks continues to increase as well.

Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Microsoft says, “Multiple ransomware groups that have been accumulating access and maintaining persistence on target networks for several months activated dozens of ransomware deployments in the first two weeks of April 2020.”

The attacks are targeted towards aid organizations, medical billing companies, manufacturing, transport, government institutions, and educational software providers, however, Microsoft says that it doesn’t stop with critical service groups and suggests all networks are aware of these attacks and taking necessary steps to limit risk. NetWalker ransomware, for example, gained notoriety for targeting hospitals and healthcare providers with e-mails claiming to provide information about COVID-19.

Have you had an Accurate and Thorough Security Risk Assessment and/or penetration testing?

If you haven’t completed an accurate and thorough security risk assessment, you could also be penalized under ‘willful neglect’ (this category alone is $50,000 per violation!) in addition to the higher risk of ransomware attacks. What we do is keep this from ever being a worry for you! We perform your security risk assessment and manage all of your requirements, in a clean, organized cloud-based portal.

Don’t risk your company’s future, especially when we are offering a FREE Organization Assessment to help determine your company’s status.

It’s easy! Call us at (980) 999-1585, or email me, Jim Johnson at jim@LiveCompliance.com or visit
www.LiveCompliance.com

Live Compliance has partnered with EZClaim medical billing software to strengthen what they can provide for you. It provides all of your HIPAA Privacy, Security Requirements, and Measures. HIPAA compliance is a requirement for Covered Entities and Business Associates to safeguard personal, private, and protected health information—allowing organizations to relinquish the struggle of compliance requirements.

You can investigate the EZClaim medical billing software by either downloading a FREE DEMO, or just contact our knowledgeable sales staff to answer any and all of your questions by phone at (877) 650-0904 or by e-mail at support@ezclaim.com.

[Contributed by Jim Johnson of Live Compliance]