New HIPAA Auditing Process Begins – Are You Ready?

audit checklistThe Department of Health and Human Services’s Office for Civil Rights (OCR) announced last week that it has launched Phase 2 of its HIPAA Audit Program. Under this Audit Program, OCR will review whether entities subject to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Data Breach Notification regulations are complying with those regulations.  OCR has already begun to send initial emails to “covered entities” and “business associates” (defined in the HIPAA regulations) regarding the audits that seek to verify contact information.

Tip:  These emails may be incorrectly classified as spam by corporate or email filters.  OCR expects covered entities and business associates to check spam and junk email folders for emails from OCR.

WarningSophisticated cybercriminals could use the OCR audits as an opportunity to send fake OCR emails (“phishing emails”) in an attempt to trick employees into turning over individual health information or to click on links that download harmful malware into the organization’s computer network.  Do not click on links or supply any documentation until Continue reading

Puerto Rico Imposes Massive Fine for Insurer’s Data Breach

HITECH EHR Incentive Program PaymentsThe Puerto Rico Health Insurance Administration has fined Triple-S Salud Inc. (TSS) $6.8 million for failure to safeguard Medicare beneficiary numbers. This far exceeds any fine imposed by or settlement reached by the United States Office of Civil Rights to date for HIPAA data breaches. How did the fine reach such a staggering amount? What lessons can be learned? Continue reading