Total Secure Shredding | (619) 295-5474

Tag Archive | "Health Insurance Portability"

Tags: , , , , , , , , , , , , , ,

Who’s Going to Audit the HIPAA Auditor

Posted on 18 August 2011 by Total Secure Shredding

Is anyone overly surprised when big multinational auditing firms and big bureaucratic government agencies get together the public they are charged with protecting end up worse off?

The Federal Department Health and Human Services (HHS) and the Office for Civil Rights (OCR) is apparently responsible for implementing and policing a couple of Congressional monstrosities know has HIPAA (Health Insurance Portability & Accountability Act) and HITECH (The Health Information Technology for Economic & Clinical Health Act).

Just that last sentence is enough to let you know there is “no good” afoot!

But in any event, these new laws have been put in place to hold health care providers and those who handle personal health information accountable to protecting client data. We all agree that protecting this data is important. However, only time will tell if  this new bureaucracy will succeed in protecting patients – I for one have my doubts.

With that in mind, the auditing firm KPMG has won the “OCR’s $9.2 million contract for HITECH-required HIPAA audits in June 2011…”

KPMG is assisting the government to implement the statutory requirement to audit covered entity and business associate compliance with the HIPAA privacy and security standards as amended by HITECH.

KPMG will end up auditing 150 entities varying in size by December 31, 2012. HITECH requires “periodic audits” of covered entities and business associates to ensure HIPAA compliance.

Unfortunately, it has come out that KPMG has is itself under investigation for a potential breach that may have affected “3,630 patients at Saint Barnabas Medical Center in Livingston NJ, and 956 patients at Newark Beth Israel Medical Center in Neward, NJ…”

Here’s the whole article if you’re interested: http://www.healthleadersmedia.com/page-1/PHY-269480/HIPAA-Auditor-Involved-in-Own-Data-Breach

Not to worry… I’m sure it will all work out for the best. After all, the government is in charge of this!

Until Next Time… Keep Totally Secure,

Mike Krauss
Head Shredding Guy

Comments (0)

Tags: , , , , , , , , , , ,

Document Security When Traveling

Posted on 12 August 2011 by Total Secure Shredding

If you are traveling back and forth to work with client files in your car, you might want to start taking precautions, especially if you’re working in a Health Care related field.

Imagine this scenario…

You’re just leaving the office after a long day.

But like any good hard working employee, there’s always more work to be done and hard deadlines that need to be met.

So you pack up a few client files and load them into the back seat of your car so you can do a little work at home.

On the way home, you remember that you have to stop by the grocery store to get some milk and cereal so the kids can eat breakfast in the morning.

By the time you eventually get home, and get the groceries into the house, you’re just too tired to consider any more work for the evening and decide that you’ll wake up extra early in the morning to get a few things done before leaving for work.

Now, imagine if at some point in the above sequence your car is stolen or broken into and your briefcase is stolen. If this were to ever happen, you’re going to have to come to grips with some potentially painful consequences.

You are going to have to notify your clients that their documents were stolen and there’s a potential for identity theft. And let me say, you want to be the one that informs the client of this. The last thing you want is for the police or a news agency to find the documents and inform your clients before you do. The best thing to do is to get out in front of the situation and to do the explaining fist hand.

Just to give an example of some of the penalties that can be involved when it comes to medical information and HIPAA (Health Insurance Portability Accountability Act), here is a listing provided by the American Medical Association (AMA):

HIPAA Violation Minimum Penalty Maximum Penalty
Individual did not know (and by exercising reasonable diligence would not have known) that he/she violated HIPAA $100 per violation, with an annual maximum of $25,000 for repeat violations (Note: maximum that can be imposed by State Attorneys General regardless of the type of violation) $50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation due to reasonable cause and not due to willful neglect $1,000 per violation, with an annual maximum of $100,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation due to willful neglect but violation is corrected within the required time period $10,000 per violation, with an annual maximum of $250,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million
HIPAA violation is due to willful neglect and is not corrected $50,000 per violation, with an annual maximum of $1.5 million $50,000 per violation, with an annual maximum of $1.5 million

See the full article by the AMA here at: http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-act/hipaa-violations-enforcement.page

In a recent health care data breach case brought against health insurer Wellpoint, Inc. by the Attorney General of Indiana: Wellpoint agreed to pay the state $100,000; to provide two years of credit monitoring and identity-theft protection services to consumers affected by the breach; plus to provide reimbursement up to $50,000 to any Wellpoint consumer for loses that result from identity theft due to the breach.

Current data breech laws do have teeth and this should certainly raise the awareness of anyone dealing with consumer health data. Taking precautions is mandatory.

Here are some tips you can take in order to protect work documents that are routinely transferred to and from your secure office location:

  1. You will want to have an accurate accounting of what documents were stolen. Only keep a minimal amount of client information you need when transporting documents back-and-forth between your office and home. If multiple employees are routinely taking home client information, you may want to implement a client information checkout procedure at the office. It’s much better to know which clients were affected than having to notify each and every one of your clients.
  2. Don’t assume your vehicle is safe. Keep in mind that you have customers’ information sitting in the car if you decide to make pit-stops on the way to or from the office. When you get home, be sure that you also bring in the documents where there’s a more reasonable expectation that they are safe.
  3. Don’t leave documents lying around at home, in the office, or in the car if at all possible. This information should be protected just as you protect the information in your computer with passwords and behind firewalls. Keep physical document with sensitive information in secure filing cabinets or perform routine file shredding with reputable paper shredding service if they are no longer needed.

It should be clear to everyone that is now dealing with sensitive customer health related data that the state and federal governments are taking identity-theft and data breaches extremely serious. Taking a few extra moments and steps to protect your customers data is not only the right thing to do professionally, but it is also an important policy to implement in order to protect the good name and reputation you’ve taken so long to build.

Until Next Time… Keep Totally Secure!

Your Friend,

Mike Krauss
Head Shredding Guy
Total Secure Shredding

Comments (0)

or Call Today

(619) 295-5474

Local San Diego Shredding
Experts are waiting
for your call

 
Advertise Here

Photos from our Flickr stream

See all photos

Advertise Here