Compliancy Group News

Lessons and Examples from 2019 HIPAA Breaches and Fines

It has been another busy year of HIPAA enforcement for the Department of Health and Human Services’ (HHS) Office for Civil Rights.

So far in 2019 there have been 9 financial penalties imposed on HIPAA covered entities and business associates to resolve compliance failures. In total, $12,209,000 has been paid as a result of HIPAA violations and more financial penalties could be announced before the year is out.

2019 has seen OCR continue to impose penalties for compliance failures related to risk analyses, risk management, business associate agreements, access controls, breach notifications, and impermissible disclosures of protected health information, as has been the case over the past few years.

2019 also saw OCR launch a new HIPAA compliance enforcement initiative. Under the HIPAA Right of Access initiative, OCR has issued two $85,000 financial penalties for failures to provide patients with copies of their medical records in a reasonable time frame without being overcharged.

OCR is not penalizing healthcare organizations and business associates for data breaches, as breaches can occur even when an organization is fully compliant. The penalties are issued because of the lack of an effective HIPAA compliance program. If those 9 entities had an effective compliance plan in place, a sizable financial penalty and all the negative publicity would have been avoided.

On January 22, HIPAA Journal sponsor, Compliancy Group, will be hosting a webinar in which OCR’s HIPAA compliance enforcement actions in 2019 will be reviewed and the changing enforcement priorities of OCR will be discussed.

Compliancy Group will also explain how straightforward it is to implement and maintain an effective HIPAA compliance plan and its compliance coaches will be providing actionable tips to help you immediately start protecting your business.

Webinar: Lessons and Examples from 2019’s HIPAA Breaches and Fines

Date: January 22nd, 2020 @ 2:00 pm ET / 11 am PT

Register Here

The post Lessons and Examples from 2019 HIPAA Breaches and Fines appeared first on HIPAA Journal.

Solving the HIPAA Problem: Demonstration of Compliancy Group’s Simplified HIPAA Compliance Process

Meeting all requirements of the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Omnibus, and Breach Notification Rules can be a major challenge.

Many healthcare organizations have established a compliance program and believed they were compliant, only to discover during a HIPAA audit or compliance review that they have failed to comply with one or more HIPAA provisions. Those mistakes can prove to be very costly.

Compliance failures can easily lead to a data breach or could result in a complaint being filed with the Department of Health and Human Services’ Office for Civil Rights (OCR), the primary enforcer of HIPAA compliance.

OCR investigates complaints and data breaches to determine whether HIPAA Rules have been violated and conducts compliance audits to assess whether HIPAA covered entities and business associates of covered entities are complying with all aspects of HIPAA Rules.

Enforcement of compliance has stepped up in recent years. In 2018, OCR imposed $28,683,400 in financial penalties on covered entities and business associates in 11 enforcement actions. So far in 2019 there have been 9 financial penalties totaling $12,209,000.

Solving HIPAA Compliance Issues

Compliancy Group understands the importance of HIPAA compliance and the difficulties HIPAA-covered entities and their business associates encounter when trying to implement and maintain an effective compliance program.

To simplify the process of HIPAA compliance, Compliancy Group has developed a software solution that guides entities through the compliance process. The software solution, The Guard, simplifies everything your organization needs to achieve HIPAA compliance, mitigate risk, and avoid fines.

On January 15, 2020, Compliancy Group will be running a group demonstration of The Guard and its simplified HIPAA compliance process.

Join Compliancy Group for the demonstration and find out how their compliance coaches help covered entities and business associates achieve compliance and satisfy all federal regulations.

Solving the HIPAA Problem: Group Demonstration of Compliancy Group’s Simplified Process

Date: January 15th @ 2:00 pm ET / 11 am PT

Register Here

The post Solving the HIPAA Problem: Demonstration of Compliancy Group’s Simplified HIPAA Compliance Process appeared first on HIPAA Journal.

Compliancy Group Confirms Smile Metrics Consulting Has Achieved HIPAA Compliance

The dental marketing consulting firm, Smile Metrics Consulting, has completed Compliancy Group’s 6-Stage HIPAA risk analysis and remediation process and has demonstrated it has implemented an effective HIPAA compliance program.

Smile Metrics Consulting helps dental practice owners discover how existing patients engage with their practice and shows them how patient interactions affect their bottom line. The company helps dental practices market their services more effectively to improve business growth.

In order to provide dental marketing optimization services to dental practices, Smile Metrics Consulting requires access to protected health information. As such, Smile Metrics Consulting is classed as a business associate under HIPAA and must therefore be compliant with HIPAA Rules.

“Smile Metrics Consulting ‘s services are largely focused upon optimizing a new-patient’s dental appointment experience from online search —rendering dental care—to post appointment care and scheduling necessary return visits in order to help dental patients keep their smiles healthy and bright. Doing so, requires access to protected health information,” said Michelle Nun, President, Smile Metrics Consulting.

In order to demonstrate to clients that the company is fully HIPAA compliant, Smile Metrics Consulting partnered with Compliancy Group. Assisted by Compliancy Group’s HIPAA Experts and using its proprietary HIPAA compliance tracking software, The Guard, Smile Metrics Consulting was able to demonstrate full compliance with the HIPAA Privacy, Security, Omnibus and Breach Notification Rules.

Smile Metrics Consulting has now been awarded Compliancy Group’s HIPAA Seal of Compliance, which allows the firm to differentiate its services and demonstrate to prospective clients that policies, procedures, and protocols are in place to ensure protected health information will be safeguarded at all times.

“Having obtained Compliancy Group’s HIPAA Seal of Compliance, current and prospective clients of Smile Metrics Consulting can feel confident knowing their how their patient’s protected health information will be handled and protected from unauthorized users,” said Michelle Nun.

The post Compliancy Group Confirms Smile Metrics Consulting Has Achieved HIPAA Compliance appeared first on HIPAA Journal.

Adstream Confirmed as HIPAA Compliant by Compliancy Group

Compliancy Group has announced that the global advertising technology and services provider, Adstream, is fully compliant with the Health Insurance Portability and Accountability Act (HIPAA) and has implemented an effective HIPAA compliance program.

Adstream helps brands and agencies create, optimize, store, and distribute content. The Adstream platform is an all-in-one digital asset management and ad delivery platform that is connected to publishers, broadcasters, and social media networks. More than 6,000 agencies, brands, and companies use Adstream’s cloud-based software to view the entire advertising process, from production to distribution. The ad delivery network is the largest of its kind and includes more than 100,000 media destinations in over 140 countries.

Adstream wanted to expand its client base and start serving healthcare organizations. In order to do so, the company first needed to implement policies, procedures, and safeguards to ensure the confidentiality, integrity, and availability of healthcare data and met its responsibilities under HIPAA as a business associate.

To simplify its journey toward HIPAA compliance, Adstream partnered with Compliancy Group. Adstream followed Compliancy Group’s Six Stage Implementation Program and tracked its progress using Compliancy Group’s proprietary HIPAA compliance software solution, The Guard.

After completing Compliancy Group’s risk analysis and remediation process, the company was confirmed as having met its responsibilities under HIPAA and was determined to be fully compliant with the HIPAA Privacy, Security, Omnibus, and Breach Notification Rules and was awarded Compliancy Group’s HIPAA Seal of Compliance.

“We take the protection of client data very seriously at Adstream and becoming HIPAA compliant is just one example of this,” said Mark Smith, NA Sales General Manager of Adstream. “HIPAA certification also demonstrates Adstream’s commitment to understanding and addressing the needs of each of its clients. Compliancy Group was a huge help in becoming HIPAA certified, and their services will be a big part of our work with healthcare clients down the road.”

The post Adstream Confirmed as HIPAA Compliant by Compliancy Group appeared first on HIPAA Journal.

Compliancy Group Confirms Audiology Hear For You, LLC has Achieved HIPAA Compliance

Compliancy Group has announced that Audiology Hear for You, LLC has demonstrated it is fully compliant with Health Insurance Portability and Accountability Act (HIPAA) Rules, following the successful completion of Compliancy Group’s 6-Stage HIPAA implementation program.

Audiology Hear For You is a Johns Creek, Georgia-based provider of hearing testing and hearing aid services. Providing those services involves the creation and maintenance of personal health information. Through compliance with HIPAA Rules, appropriate safeguards, policies, and procedures are implemented to ensure all patient information is secured and protected against unauthorized access.

The need to ensure that patient privacy is protected and all risks to the confidentiality, integrity, and availability of personal health information led Audiology Hear for You to Compliancy Group. “In this day and age of increasing cybercrime it is imperative that we protect our patients’ personal information from those who seek to attain and exploit that information for malicious intentions and financial gain… Patients who choose to obtain hearing services at Audiology Hear For You, LLC will feel more comfortable with trusting our professionals with their personal information knowing that we are HIPAA compliant.”

Ahead of the company’s official opening on February 1, 2020, Audiology Hear For You used Compliancy Group’s proprietary software solution, The Guard, to track and monitor its progress toward HIPAA compliance. Assisted by Compliancy Group’s HIPAA experts, Audiology Hear For You successfully completed Compliancy Group’s HIPAA risk analysis and remediation process and was confirmed as having met all requirements of the HIPAA Privacy, Security, Breach Notification, and Omnibus Rules. As such, Compliancy Group awarded Audiology Hear For You the HIPAA Seal of Compliance.

The HIPAA Seal of Compliance is a visual aid that demonstrates that a company is HIPAA compliant and has an effective compliance program and that the privacy of its patients and the security of their healthcare data is assured.

Compliancy Group was selected to apply our HIPAA compliant initiative because they presented a simplified list of required tasks to achieve HIPAA compliancy. Their experts were helpful and knowledgeable in guiding our company to take the required legal steps to assure HIPAA compliancy,” explained Audiology Hear For You. “They make a very complicated project very simple by taking it step by step and allowing time to complete tasks.”

The post Compliancy Group Confirms Audiology Hear For You, LLC has Achieved HIPAA Compliance appeared first on HIPAA Journal.

Webinar: 12/17/19: How to Become HIPAA Compliant in 2020

As 2019 draws to a close, companies that are looking to start providing products and services to the healthcare industry will be considering how they can become HIPAA-compliant in 2020. Forward-thinking business associates already serving the healthcare sector are thinking about how they can maintain compliance in 2020, build their portfolio of healthcare clients, and grow their businesses.

Resources have been made available to help prospective HIPAA business associates achieve HIPAA compliant status and establish and maintain an effective HIPAA compliance program. One of the best resources was published by the Department of Health and Human Services’ (HHS) Office of Inspector General (OIG). The document – The Seven Fundamental Elements of an Effective Compliance Program – is a powerful tool that serves as a guide for healthcare organizations and business associates to help them develop an effective compliance program, meet all HIPAA requirements, and avoid financial penalties from the HHS’ Office for Civil Rights and state attorneys general.

The document outlines the infrastructure, policies, and procedures that are required and serves as a good base on which to build. Once the fundamentals are established, covered entities and business associates can work through each of the implementation standards of HIPAA to ensure they are fully compliant.

HIPAA compliance is mandatory for all healthcare organizations that conduct healthcare transactions electronically, and also for any vendor that provides products or services to HIPAA-covered entities that requires them to come into contact with protected health information.

Becoming HIPAA compliant also has other important benefits, such as improving security to prevent costly data breaches and protecting an organization’s reputation. Achieving HIPAA-compliant status also helps businesses differentiate their services from the competition and attract new clients from all industry sectors. It shows that you have policies and procedures in place to ensure the confidentiality, integrity, and availability of any data provided to your company and that you are fully committed to privacy and security.

On Thursday December 12, 2019, HIPAA Journal sponsor, Compliancy Group, will be hosting a webinar to explain the importance of HIPAA compliance, how to ensure that all requirements of HIPAA are met and survive a HIPAA audit, and how to start leveraging the true benefits of HIPAA in 2020 and start using HIPAA compliance to help you grow your business.

Webinar Details:

Date:     December 17, 2019

Time:    2:00 PM ET

Click Here to Register for the Webinar

The post Webinar: 12/17/19: How to Become HIPAA Compliant in 2020 appeared first on HIPAA Journal.

Eagle Consulting Group Confirmed as HIPAA Compliant by Compliancy Group

The Anchorage, AK-based managed service provider, Eagle Consulting Group, has been verified as HIPAA-compliant by Compliancy Group.

Eagle Consulting Group provides proactive IT services to a wide range of clients, including many in the healthcare industry. The infrastructure and software solutions implemented by Eagle Consulting Group come into contact with electronic protected health information. Under Health Insurance Portability and Accountability Act Rules, that makes the company a business associate and business associates are required to comply with HIPAA regulations.

In order to demonstrate the company has implemented an effective HIPAA compliance program, Eagle Consulting Group partnered with Compliancy Group.

Compliancy Group has developed an innovative HIPAA compliance software solution called The Guard. The Guard can be used to track progress toward HIPAA compliance and once an effective compliance program has been established, The Guard serves as an invaluable tool to ensure compliance is maintained.

Guided by Compliancy Group’s HIPAA experts, Eagle Consulting Group completed Compliancy Group’s 6-stage HIPAA Risk analysis and remediation progress and was verified as having met the minimum standards for data privacy and security demanded by HIPAA. The company has implemented policies and procedures to ensure compliance is maintained and employees are fully aware of their responsibilities to safeguard electronic protected health information.

Successful completion of the risk analysis and remediation progress has now been verified, and Compliancy Group has awarded Eagle Consulting Group the HIPAA Seal of Compliance.

The HIPAA Seal of Compliance demonstrates to current and future healthcare clients that Eagle Consulting Group has met the minimum standards required by the HIPAA Privacy, Security, and Breach Notification Rules and is a HIPAA-compliant managed service provider.

In the event of being selected for a compliance audit, the company will be able to demonstrate to regulators that it is fully compliant. The company will also be able to help its healthcare clients incorporate all the necessary technical safeguards to secure their digital systems and keep all ePHI secure.

The post Eagle Consulting Group Confirmed as HIPAA Compliant by Compliancy Group appeared first on HIPAA Journal.

ProtoLytic, LLC Verified as HIPAA-Compliant by Compliancy Group

ProtoLytic, LLC, the Tampa, FL-based developer of decision support tools for medical cost management, has been confirmed as HIPAA-compliant by Compliancy Group.

ProtoLytic tools are used by healthcare providers to develop treatment plans for patients using evidence-based guidelines and demographic data to help claims adjusters process referrals and medical service requests and reduce time to quality of care. The company has also developed a predictive modelling information system to determine the treatment and medical services patients with specific health conditions are likely to need.

These software solutions naturally come into contact with electronic protected health information (PHI). Consequently, ProtoLytic is classed as a business associate under Health Insurance Portability and Accountability Act (HIPAA) Rules. In addition to entering into a business associate agreement (BAA) with HIPAA-covered entities, ProtoLytic is must ensure safeguards are implemented to ensure the confidentiality, integrity, and availability of ePHI and the company and its employees must adhere to the regulatory standards of the HIPAA, Privacy, Security, Omnibus, and Breach Notification Rules.

ProtoLytic is committed to ensuring the privacy and security of all client information and had already implemented its HIPAA compliance program. To take its compliance efforts to the next level, ProtoLytic partnered with Compliancy Group.

Assisted by Compliancy Group’s HIPAA compliance coaches and using the company’s proprietary web-based compliance software solution, The Guard, ProtoLytic successfully completed the 6-Stage HIPAA Risk Analysis and Remediation Process and its good faith compliance efforts were verified as meeting the necessary standards of HIPAA that apply to business associates.

Following the successful completion of the program, Compliancy Group awarded ProtoLytic the HIPAA Seal of Compliance. The HIPAA Seal of Compliance demonstrates to current and future Protolytic clients that the company is committed to privacy, security, and compliance with HIPAA and the HITECH Act, thus helping the firm differentiate its services.

The post ProtoLytic, LLC Verified as HIPAA-Compliant by Compliancy Group appeared first on HIPAA Journal.

EnTech Confirms HIPAA-Compliant Status with Compliancy Group

The Fort Myers, FL-based managed IT service provider, EnTech, has been confirmed as in compliance with Health Insurance Portability and Accountability Act (HIPAA) Rules by Compliancy Group.

Entech has been serving businesses in Southwest Florida for more than 20 years. The company offers managed IT and integration services to help businesses get the most out of information technology, along with strategic technology consultancy services to help businesses choose the best IT architectures to meet their needs.

In order to provide those services to healthcare organizations, EnTech is required to comply with HIPAA Rules. The company must implement appropriate safeguards to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI) and its employees made aware of their responsibilities with respect to HIPAA and ePHI.

Assisted by Compliancy Group’s HIPAA coaches and using “The Guard” compliance tracking solution, EnTech has successfully completed Compliancy Group’s 6-Stage Risk Analysis and Remediation Process.

Successful completion of that process has been confirmed by Compliancy Group, resulting in the company being awarded Compliancy Group’s HIPAA Seal of Compliance. The HIPAA Seal of Compliance is only awarded to companies that have satisfied all requirements of the HIPAA Privacy, Security, Omnibus, and Breach Notification Rules and have an effective HIPAA compliance program in place.

“We are very proud to have achieved this designation as it shows our commitment to our clients and community,” said David Spire, Entech’s Chief Development Officer. “With the ever-changing threat landscape, organizations in the healthcare field that directly or indirectly provide medical care today need to take all the necessary steps to protect all of our personal information.”

Along with a signed business associate agreement, the HIPAA Seal of Compliance provides reassurances to current and future EnTech clients that the company is committed to privacy and security and is fully aware of its responsibilities under HIPAA.

The post EnTech Confirms HIPAA-Compliant Status with Compliancy Group appeared first on HIPAA Journal.