In our February 4th Alert! the IPA advised our members regarding HIPAA disclosures and the coronavirus (COVID-19). With the virus now having made it to our shores (and two people in New Mexico being tested) it’s time for practices to get familiar with the CDC’s recommendations for healthcare professionals. Please see this link (below) for guidance including for clinical care, healthcare personnel suspected of exposure, guidance for EMS, and much more.
Attention all Members: The IPA and HIPAA
Ever wonder why the IPA checks to make sure that your practices show evidence of HIPAA policies, procedures and training when we do your site visits? It’s to keep you out of trouble like this, from the HHS Office of Civil Rights:
March 3, 2020
Health care provider pays $100,000 settlement to OCR for failing to implement HIPAA Security Rule requirements
The practice of Steven A. Porter, M.D., has agreed to pay $100,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to adopt a corrective action plan to settle a potential violation of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. Dr. Porter’s medical practice provides gastroenterological services to over 3,000 patients per year in Ogden, Utah.
OCR began investigating Dr. Porter’s medical practice after it filed a breach report with OCR related to a dispute with a business associate. OCR’s investigation determined that Dr. Porter had never conducted a risk analysis at the time of the breach report, and despite significant technical assistance throughout the investigation, had failed to complete an accurate and thorough risk analysis after the breach and failed to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level.
“All health care providers, large and small, need to take their HIPAA obligations seriously,” said OCR Director Roger Severino. “The failure to implement basic HIPAA requirements, such as an accurate and thorough risk analysis and risk management plan, continues to be an unacceptable and disturbing trend within the health care industry.”
In addition to the monetary settlement, Dr. Porter will undertake a corrective action plan that includes two years of monitoring. The resolution agreement and corrective action plan may be found at: http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/porter/index.html.
****
Sure, you may think the risk of a HIPAA breach is low, but is it worth it to you to find out for sure? Stay up to date on your compliance requirements and remember, having the basics covered is your first line of defense against an investigation!
Did you know?
Your organization is required to perform Annual CMS Fraud, Waste, and Abuse, and General Compliance Training? If you and/or your staff is not compliant with all of your annual training requirements, San Juan IPA has the tools to get you compliant! You may access the training sessions by logging onto the San Juan IPA website at: www.sanjuanipa.com and click Resources tab or contact Margie LaRue by email margie@sanjuanipa.com or 505-564-7928 if you have questions or need assistance with the training sessions.
