By Kelli Ogunlesi, HIPAAwise Success Manager
On May 6, 2019, the Office of Civil Rights published a press release regarding a settlement reached with a Tennessee diagnostic medical imaging services company for $3,000,000. This settlement was reached, in essence, due to the lack of a sufficient HIPAA compliance program.
To summarize, the organization's FTP server allowed uncontrolled access to the internet, exposing PHI for over 300,000 individuals. In the process of the OCR investigation it was determined that the organization failed to conduct a current Risk Analysis to expose any threats or vulnerabilities to PHI that clearly existed. The OCR also determined that the organization failed to ensure valid BAA's were in place with all required vendors/associates.
Last year, the OCR switched their focus from individual audits of covered entities and business associates to larger enforcement efforts with more egregious violations. In addition, HHS recently applied caps to the penalties imposed on HIPAA violations. For a healthcare provider, all of this activity should serve as a reminder that having a HIPAA compliance program that includes an up-to-date Security and Risk Analysis is a necessity.
If you feel your HIPAA compliance program is lacking, or worse, nonexistent, The van Halem Group can help. Our HIPAA compliance solution, HIPAAwise, is an excellent tool to affordably allow providers to organize, manage, and enhance their HIPAA compliance documentation.
While a data breach may not be avoided, having a valid and current Risk Analysis, proper BAA management and current policies and procedures can prevent costly fines. If you would like to experience a demonstration of HIPAAwise or want more information contact us today.