Small Practice Fined $100,000 for Risk Analysis Breach!

Small Practice Fined $100,000 for Risk Analysis Breach!

An independent physician gastroenterology practice in Utah had to report a breach related to a dispute with a Business Associate to the Office for Civil Rights Department of HHS.

After the investigation into the breach, it was determined that the practice of Steven A. Porter, MD “had failed to complete an accurate and thorough risk analysis, and failed to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level” and therefore, has agreed to pay a $100,000 fine.

In addition to the monetary penalty, the practice is required to implement a Corrective Action Plan (CAP). According to the investigation resolution agreement, the practice agreed to conduct a thorough Risk Analysis, the Practice must develop a complete inventory of all its categories of electronic equipment, data systems, and applications that contain or store ePHI, which will then be incorporated into its Risk Analysis and must complete a Risk Management plan. They must also revise and implement actionable policies and procedures, all of which should have been in place prior to the breach incident.

Have you ever read such headlines and doubted whether a small Billing Company or independent physician practice actually ever face penalties?

According to the Resolution Agreement, the practice must also completely reinvent its Business Associate process, and implement a strict protocol to ensure it’s Business Associates are HIPAA Compliant. In addition to ensuring their Business Associate relationships are accurate, the entire staff must undergo security and privacy training that stresses the use of Business Associate services and applications, disclosures to Business Associates that require a Business Associates agreement, or other reasonable assurances in place to ensure that the Business Associate will and can safeguard the PHI and/or the ePHI. This puts immense pressure on the Business Associates, such as Billing Companies, to ensure that they are HIPAA Compliant, but also independent physician practices to ensure their Business Associates, “down the chain” are also compliant. This is also known as gaining Satisfactory Assurance of vendor HIPAA compliance.

What can you do?

As we have stressed before, it is important for you to understand that every complaint or potential breach must be investigated by HHS/OCR. If you, a billing company, or another vendor, suspect a breach you must inform the covered entity (your client) and have a breach risk assessment completed to determine key factors and take action. Keep in mind, a business associate is a ‘person’ or ‘entity’. This means there is no Billing Company too small or too large to comply with the Federal HIPAA regulations. Again, if you haven’t completed an accurate and thorough security risk assessment prior to that, you could also be penalized under ‘willful neglect’. This category alone is $50,000 per violation!

What we do is keep this from ever being a worry for you! In fact, we have a 100% audit pass rate! For example, Live Compliance has easy to understand HIPAA breach notification training. We perform your security risk assessment and manage all your requirements, including business associates, in a clean, organized cloud-based portal. Don’t risk your company’s future, especially when we are offering a FREE Organization Assessment to help determine your company’s status. It’s easy, call us at (980) 999-1585, email me or visit

[ Contributed by Jim Johnson, President of Live Compliance ].

Welcome to the EZClaim Medical Billing Software Blog!

Welcome to the EZClaim Medical Billing Software Blog!

Welcome to the latest addition to our website, the EZClaim Medical Billing Software blog. As we begin posting blog articles we hope you will continue to come back to learn more about EZClaim software solutions, our U.S.-based white-glove support, features that make your job easier, expert training, and the latest trends in the medical billing software industry. Be sure to join our user community on LinkedIn as well as our new Facebook page. These channels will allow you to keep up with us and learn from and share information with other EZClaim users.

In addition to giving you the latest news, updates, features, and appearances related to EZClaim and our great people, this Medical Billing Software blog will be host to the latest trends in the field. We have tons of great content lined up to share with you from our internal experts as well as our partners to make this a repository of useful information that you can count on again and again.

EZClaim has been at the forefront of medical billing software since 1997 and is currently in use in all 50 of the United States, including the territories of Guam and Puerto Rico. Every practice works differently and has different needs, that’s why EZClaim is power-packed with features that give you the options to streamline workflow to suit your needs.

If you’re interested in learning more about how EZClaim can streamline your practice’s billing and scheduling needs, sign up for a free demo today! Want to learn more about the features that make EZClaim so simple and powerful? Take a moment to review our upcoming or pre-recorded webinars.

Do you have an idea for a topic or a tip to share with other EZClaim users? We’d love to hear from you! Please send your topics and tips via email to