2019 was another record-breaking year for healthcare industry data breaches. A new record was set in 2018 with 371 healthcare data breaches of 500 or more records reported to the Department of Health and Human Services’ Office for Civil Rights. That record was truly smashed in 2019 with an astonishing 492 breaches of 500 or more records reported.

2019 was a busy year for the HHS’ Office for Civil Rights. In 2019, OCR levied more than $15 million in fines to resolve violations of the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule.

The fines were issued for a variety of compliance failures, including the failure to conduct a comprehensive, organization-wide risk analysis, failures to enter into business associate agreements with vendors, access control failures, disclosure of PHI on social media, breach notification delays and the failure to comply with the HIPAA Right of Access.

The reasons for the financial penalties may have been varied, but there was one common denominator. The financial penalties could have easily been avoided. It may not be possible to prevent all data breaches, but it is possible to avoid OCR financial penalties.

On February 19, 2020, HIPAA Journal sponsor, Compliancy Group, will be reviewing the 2019 healthcare data breaches and the financial penalties that OCR imposed on healthcare organizations and business associates of HIPAA-covered entities.

In the webinar, Compliancy Group will explain how financial penalties and the associated negative publicity can easily be avoided by implementing a simple compliance plan.

Don’t miss out on this opportunity as Compliancy Group’s HIPAA compliance experts will be giving actionable tips that you can apply to start protecting your business immediately!

Webinar Details:

Date: February 19, 2020

Time: 2PM ET / 11AM PT

Click here to register for the webinar

The post Webinar: Lessons and Examples from 2019’s HIPAA Breaches and Fines appeared first on HIPAA Journal.

It has been another busy year of HIPAA enforcement for the Department of Health and Human Services’ (HHS) Office for Civil Rights.

So far in 2019 there have been 9 financial penalties imposed on HIPAA covered entities and business associates to resolve compliance failures. In total, $12,209,000 has been paid as a result of HIPAA violations and more financial penalties could be announced before the year is out.

2019 has seen OCR continue to impose penalties for compliance failures related to risk analyses, risk management, business associate agreements, access controls, breach notifications, and impermissible disclosures of protected health information, as has been the case over the past few years.

2019 also saw OCR launch a new HIPAA compliance enforcement initiative. Under the HIPAA Right of Access initiative, OCR has issued two $85,000 financial penalties for failures to provide patients with copies of their medical records in a reasonable time frame without being overcharged.

OCR is not penalizing healthcare organizations and business associates for data breaches, as breaches can occur even when an organization is fully compliant. The penalties are issued because of the lack of an effective HIPAA compliance program. If those 9 entities had an effective compliance plan in place, a sizable financial penalty and all the negative publicity would have been avoided.

On January 22, HIPAA Journal sponsor, Compliancy Group, will be hosting a webinar in which OCR’s HIPAA compliance enforcement actions in 2019 will be reviewed and the changing enforcement priorities of OCR will be discussed.

Compliancy Group will also explain how straightforward it is to implement and maintain an effective HIPAA compliance plan and its compliance coaches will be providing actionable tips to help you immediately start protecting your business.

Webinar: Lessons and Examples from 2019’s HIPAA Breaches and Fines

Date: January 22nd, 2020 @ 2:00 pm ET / 11 am PT

Register Here

The post Lessons and Examples from 2019 HIPAA Breaches and Fines appeared first on HIPAA Journal.

Meeting all requirements of the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, Omnibus, and Breach Notification Rules can be a major challenge.

Many healthcare organizations have established a compliance program and believed they were compliant, only to discover during a HIPAA audit or compliance review that they have failed to comply with one or more HIPAA provisions. Those mistakes can prove to be very costly.

Compliance failures can easily lead to a data breach or could result in a complaint being filed with the Department of Health and Human Services’ Office for Civil Rights (OCR), the primary enforcer of HIPAA compliance.

OCR investigates complaints and data breaches to determine whether HIPAA Rules have been violated and conducts compliance audits to assess whether HIPAA covered entities and business associates of covered entities are complying with all aspects of HIPAA Rules.

Enforcement of compliance has stepped up in recent years. In 2018, OCR imposed $28,683,400 in financial penalties on covered entities and business associates in 11 enforcement actions and 10 compliance investigations resulted in financial penalties in 2019.

Solving HIPAA Compliance Issues

Compliancy Group understands the importance of HIPAA compliance and the difficulties HIPAA-covered entities and their business associates encounter when trying to implement and maintain an effective compliance program.

To simplify the process of HIPAA compliance, Compliancy Group has developed a software solution that guides entities through the compliance process. The software solution, The Guard, simplifies everything your organization needs to achieve HIPAA compliance, mitigate risk, and avoid fines.

On March 25, 2020, Compliancy Group will be running a group demonstration of The Guard and its simplified HIPAA compliance process.

Join Compliancy Group for the demonstration and find out how their compliance coaches help covered entities and business associates achieve compliance and satisfy all federal regulations.

Solving the HIPAA Problem: Group Demonstration of Compliancy Group’s Simplified Process

Date: March 25th @ 2:00 pm ET / 11 am PT

Register Here

The post Webinar Today: Solving the HIPAA Problem: Demonstration of Compliancy Group’s Simplified HIPAA Compliance Process appeared first on HIPAA Journal.

As 2019 draws to a close, companies that are looking to start providing products and services to the healthcare industry will be considering how they can become HIPAA-compliant in 2020. Forward-thinking business associates already serving the healthcare sector are thinking about how they can maintain compliance in 2020, build their portfolio of healthcare clients, and grow their businesses.

Resources have been made available to help prospective HIPAA business associates achieve HIPAA compliant status and establish and maintain an effective HIPAA compliance program. One of the best resources was published by the Department of Health and Human Services’ (HHS) Office of Inspector General (OIG). The document – The Seven Fundamental Elements of an Effective Compliance Program – is a powerful tool that serves as a guide for healthcare organizations and business associates to help them develop an effective compliance program, meet all HIPAA requirements, and avoid financial penalties from the HHS’ Office for Civil Rights and state attorneys general.

The document outlines the infrastructure, policies, and procedures that are required and serves as a good base on which to build. Once the fundamentals are established, covered entities and business associates can work through each of the implementation standards of HIPAA to ensure they are fully compliant.

HIPAA compliance is mandatory for all healthcare organizations that conduct healthcare transactions electronically, and also for any vendor that provides products or services to HIPAA-covered entities that requires them to come into contact with protected health information.

Becoming HIPAA compliant also has other important benefits, such as improving security to prevent costly data breaches and protecting an organization’s reputation. Achieving HIPAA-compliant status also helps businesses differentiate their services from the competition and attract new clients from all industry sectors. It shows that you have policies and procedures in place to ensure the confidentiality, integrity, and availability of any data provided to your company and that you are fully committed to privacy and security.

On Thursday December 12, 2019, HIPAA Journal sponsor, Compliancy Group, will be hosting a webinar to explain the importance of HIPAA compliance, how to ensure that all requirements of HIPAA are met and survive a HIPAA audit, and how to start leveraging the true benefits of HIPAA in 2020 and start using HIPAA compliance to help you grow your business.

Webinar Details:

Date:     December 17, 2019

Time:    2:00 PM ET

Click Here to Register for the Webinar

The post Webinar: 12/17/19: How to Become HIPAA Compliant in 2020 appeared first on HIPAA Journal.

HIPAA Journal Sponsor, Compliancy Group, will be hosting a group demonstration of its HIPAA compliance software solution, The Guard, on Wednesday, November 20, 2019 at 14:00 ET.

The event will give you the opportunity to find out more about how The Guard simplifies HIPAA compliance and how it can help your organization meet all requirements of the HIPAA Privacy, Security, Breach Notification, and Omnibus Rules.

The Guard is a proprietary software solution that simplifies compliance with HPAA Rules and covers all aspects of the Health Insurance Portability and Accountability Act. The software is based on Compliancy Group’s “Achieve, Illustrate, and Maintain” methodology, and will not only help covered entities and business associates develop a compliance program, it will help them ensure that compliance is maintained. By simplifying the compliance process, covered entities and business associates can focus on running their businesses and practices.

The Guard includes intuitive training and assistance from Compliancy Group’s compliance coaches along with HIPAA assessments covering privacy, security, device audits, and administrative, physical, and technical safeguards. After successfully completing the 6-step risk analysis and risk remediation process, clients will be awarded Compliancy Group’s HIPAA Seal of Compliance. The solution also includes incident management and breach notification assistance, business associate management and tracking of all vendors, and data breach and HIPAA audit support.

The Guard can be used by vendors who are looking to start providing products and services to healthcare clients but must first ensure they are fully compliant with HIPAA Rules. The software solution will also help established business associates and covered entities ensure that they are fully compliant and will be able to pass an Office for Civil Rights’ compliance audit.

The Group Demonstration will give you the opportunity to find out more about Compliancy Group and The Guard HIPAA compliance solution.

You can register for the event using the link below:

Solving the HIPAA Problem: Group Demonstration of The Guard HIPAA Compliance Solution

The post Web Event: Solving the HIPAA Problem with Compliancy Group: Demonstration of The Guard HIPAA Compliance Software appeared first on HIPAA Journal.