Breaking Compliance News Blog

Cold hard HIPAA stats

Posted by Margaret Scavotto & Scott Gima on 1/25/22 8:15 AM

As we enter a new year, it’s a good time to review the status of data breaches, HIPAA hazards, and the state of security risk with some statistics:

  • The average cost of a data breach in the United States is $9.05 million. The average cost is higher in organizations with greater compliance failures.

  • Only 25% of employees are “very confident” they can identify a social engineering attack.

  • 76% of healthcare employees have received security awareness training. That means 24% have not.

  • 24% of employees believe “clicking on a suspicious link or attachment in an email represents little or no risk.”

  • Only 31% of employees think “allowing family members of friends to use work devices for personal activities outside of work” is risky.

  • In the past 12 months, 94% of organizations have had an insider data breach. The most common cause is human error.
  • As many as 90% of data breaches are phishing attacks

It is always eye-opening to review the latest HIPAA stats – because they get colder and harder every year. Especially in healthcare.

What you can do

Read More

Topics: HIPAA, data breach, security

Earn CEUs with MPA's FREE Compliance & HIPAA Webinars!

Posted by Margaret Scavotto, JD, CHC on 1/20/22 11:14 AM

 

 

Sign up for MPA's FREE Compliance & HIPAA webinars:

All webinars are 11:00 a.m. CST - 12:00 p.m. CST and are presented by Margaret Scavotto and Scott Gima.

 

February 9, 2022: How to Conduct a HIPAA Security Risk Analysis

1.2 CCB CEUs

The HIPAA Security Risk Analysis is required by law. It’s also one of the top areas of OCR enforcement: we often see settlements with covered entities and business associates who either failed to conduct a comprehensive HIPAA Security Risk Analysis – or did conduct one, but did not mitigate the risks it identified. That’s the stick, but there’s also a carrot: the best way to identify and reduce security risks and prevent cyber-attacks is by conducting a HIPAA Security Risk Analysis.

Special guest speaker: Scott Wolff, IT expert and president of LanServ!

SIGN UP

 

April 6, 2022: Compliance Lessons from Ted Lasso

1.2 CCB CEUs

“Taking on a challenge is a lot like riding a horse, isn’t it?”

"You know what the happiest animal on Earth is? It's a goldfish. You know why? It's got a 10-second memory."

"If the Internet has taught us anything, it's that sometimes it's easier to speak our minds anonymously."

 

Ted Lasso, the Apple TV series that has earned a host of Emmys and Golden Globes, has become a household staple. For most of us, it’s a 29-minute mental break when our work is done for the day. But America’s favorite soccer coach also brings us some priceless compliance lessons. Leading a compliance program through and beyond a pandemic isn’t too different from leading a downtrodden soccer team in England: it’s challenging and requires continuous sources of motivation.

SIGN UP

 

May 11, 2022: Affordable Care Act Compliance Programs for Nursing Homes

1.2 CCB CEUs

It’s been a long road since the Affordable Care Act mandated compliance and ethics programs for nursing homes in 2010. Since then, we have had rules issued; enforcement delayed; and a pandemic. Compliance is never easy in the highly regulated world of long-term care – but it has only gotten harder since this mandate was announced.

SIGN UP

 

The Compliance Certification Board (CCB)® has approved this event for up to 1.2  live CCB CEUs based on a 50-minute hour. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.

Read More

Topics: Training and Education, HIPAA, compliance

When HIPAA security is a public health issue

Posted by Margaret Scavotto & Scott Gima on 1/18/22 9:00 AM

Read More

Topics: HIPAA, data breach, security, compliance, webinar

Earn CEUs with MPA's FREE Compliance & HIPAA Webinars!

Posted by Margaret Scavotto, JD, CHC on 1/13/22 8:00 AM

 

 

Sign up for MPA's FREE Compliance & HIPAA webinars:

All webinars are 11:00 a.m. CST - 12:00 p.m. CST and are presented by Margaret Scavotto and Scott Gima.

 

February 9, 2022: How to Conduct a HIPAA Security Risk Analysis

1.2 CCB CEUs

The HIPAA Security Risk Analysis is required by law. It’s also one of the top areas of OCR enforcement: we often see settlements with covered entities and business associates who either failed to conduct a comprehensive HIPAA Security Risk Analysis – or did conduct one, but did not mitigate the risks it identified. That’s the stick, but there’s also a carrot: the best way to identify and reduce security risks and prevent cyber-attacks is by conducting a HIPAA Security Risk Analysis.

Special guest speaker: Scott Wolff, IT expert and president of LanServ!

SIGN UP

 

April 6, 2022: Compliance Lessons from Ted Lasso

1.2 CCB CEUs

“Taking on a challenge is a lot like riding a horse, isn’t it?”

"You know what the happiest animal on Earth is? It's a goldfish. You know why? It's got a 10-second memory."

"If the Internet has taught us anything, it's that sometimes it's easier to speak our minds anonymously."

 

Ted Lasso, the Apple TV series that has earned a host of Emmys and Golden Globes, has become a household staple. For most of us, it’s a 29-minute mental break when our work is done for the day. But America’s favorite soccer coach also brings us some priceless compliance lessons. Leading a compliance program through and beyond a pandemic isn’t too different from leading a downtrodden soccer team in England: it’s challenging and requires continuous sources of motivation.

SIGN UP

 

May 11, 2022: Affordable Care Act Compliance Programs for Nursing Homes

1.2 CCB CEUs

It’s been a long road since the Affordable Care Act mandated compliance and ethics programs for nursing homes in 2010. Since then, we have had rules issued; enforcement delayed; and a pandemic. Compliance is never easy in the highly regulated world of long-term care – but it has only gotten harder since this mandate was announced.

SIGN UP

 

The Compliance Certification Board (CCB)® has approved this event for up to 1.2  live CCB CEUs based on a 50-minute hour. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.

Read More

Topics: Training and Education, HIPAA, compliance

Have you upped your HIPAA game during COVID?

Posted by Margaret Scavotto, JD, CHC on 1/11/22 8:00 AM

HIPAA was a high priority for most healthcare providers before the pandemic.

 

COVID-19 stretched resources and lengthened to-do lists, and has made it harder to keep up with HIPAA compliance.

 

Which is tricky, because HIPAA risk has only increased during the pandemic, for two reasons.

 

First, hackers are opportunists.

They know the pandemic strains healthcare facilities, and a cyberattack might be more successful on a provider facing a COVID-19 surge. In March 2020, U.S. authorities warned that hackers were focusing their efforts on the three states hit the hardest by coronavirus: California, New York, and Washington – and hackers were targeting employees working from home.

Second, the pandemic has brought new ways to violate HIPAA.

Providers and vendors have scrambled to implement testing sites and vaccine clinics, ways to manage the data flowing in and out of testing sites and vaccine clinics, and software programs to sign up for testing and vaccines – to name a few. Many of these methods had to be put together hastily, as they were urgently needed. Was HIPAA the first consideration? Probably not. This inevitably led to breaches.

For example:

  • Denton County, Texas announced a breach involving a third-party application used by the County for COVID-19 vaccination clinics. This application had a configuration error that exposed information about individuals who received vaccinations.
  • An agency employee at Atacadero State Hospital in California improperly accessed patient and employee information, including COVID-19 test results. The records involved 1,735 employees and former employees, and 1,217 job applicants. The improper access was discovered during an “annual review of employee access to data folders, and the employee is believed to have been improperly accessing the information for about 10 months….”
  • The Lake County Health Department and Community Health Center in Illinois announced that 24,000 patient names were on a spreadsheet sent attached to an unencrypted email to an employee’s personal email address. 
  • Indiana’s COVID-19 online contact tracing survey was breached, compromising the data of hundreds of thousands of Indiana residents. The breach was caused by a software misconfiguration that left the information visible to the public.

I know resources are stretched thin, and people are exhausted. But it is still important to ask: Have you upped your HIPAA game during the pandemic? Has your organization addressed evolving threats that COVID-19 has brought the healthcare industry?

Here are some more questions to ask:

Read More

Topics: HIPAA, data breach, security, compliance, webinar

Earn CEUs with MPA's FREE Compliance & HIPAA Webinars!

Posted by Margaret Scavotto, JD, CHC on 12/14/21 10:45 AM

 

 

Sign up for MPA's FREE Compliance & HIPAA webinars:

All webinars are 11:00 a.m. CST - 12:00 p.m. CST and are presented by Margaret Scavotto and Scott Gima.

 

February 9, 2022: How to Conduct a HIPAA Security Risk Analysis

1.2 CCB CEUs

The HIPAA Security Risk Analysis is required by law. It’s also one of the top areas of OCR enforcement: we often see settlements with covered entities and business associates who either failed to conduct a comprehensive HIPAA Security Risk Analysis – or did conduct one, but did not mitigate the risks it identified. That’s the stick, but there’s also a carrot: the best way to identify and reduce security risks and prevent cyber-attacks is by conducting a HIPAA Security Risk Analysis.

SIGN UP

 

April 6, 2022: Compliance Lessons from Ted Lasso

1.2 CCB CEUs

“Taking on a challenge is a lot like riding a horse, isn’t it?”

"You know what the happiest animal on Earth is? It's a goldfish. You know why? It's got a 10-second memory."

"If the Internet has taught us anything, it's that sometimes it's easier to speak our minds anonymously."

 

Ted Lasso, the Apple TV series that has earned a host of Emmys and Golden Globes, has become a household staple. For most of us, it’s a 29-minute mental break when our work is done for the day. But America’s favorite soccer coach also brings us some priceless compliance lessons. Leading a compliance program through and beyond a pandemic isn’t too different from leading a downtrodden soccer team in England: it’s challenging and requires continuous sources of motivation.

SIGN UP

 

May 11, 2022: Affordable Care Act Compliance Programs for Nursing Homes

1.2 CCB CEUs

It’s been a long road since the Affordable Care Act mandated compliance and ethics programs for nursing homes in 2010. Since then, we have had rules issued; enforcement delayed; and a pandemic. Compliance is never easy in the highly regulated world of long-term care – but it has only gotten harder since this mandate was announced.

SIGN UP

 

The Compliance Certification Board (CCB)® has approved this event for up to 1.2  live CCB CEUs based on a 50-minute hour. Continuing Education Units are awarded based on individual attendance records. Granting of prior approval in no way constitutes endorsement by CCB of this event content or of the event sponsor.

Read More

Topics: Training and Education, HIPAA, compliance

Sign Up: Top 10 Compliance Tips for a Sucessful 2022

Posted by Margaret Scavotto, JD, CHC on 10/20/21 9:45 AM

 
Read More

Topics: Training and Education, HIPAA, compliance, COVID-19, webinar

Sign Up: Top 10 Compliance Tips for a Sucessful 2022

Posted by Margaret Scavotto, JD, CHC on 10/13/21 3:12 PM

Read More

Topics: Training and Education, HIPAA, compliance, COVID-19, webinar

Free webinar: HIPAA Security Risk Analysis!

Posted by Margaret Scavotto, JD, CHC on 9/14/21 10:54 AM

 

Sign up for MPA's FREE Compliance & HIPAA webinars:

All webinars are 11:00 a.m. CST - 12:00 p.m. CST

 

October 20, 2021: HIPAA Security Risk Analysis!

The HIPAA Security Risk Analysis is required by law, extremely helpful for reducing security risk - and very daunting. It's a lot of work, but well worth it. MPA will walk through what the Security Risk Analysis is, why you need one, and some practical tips to get you started on your own SRA.

SIGN UP

 

We hope you will also join us for September's webinar:

September 29, 2021: MPA Answers Your Burning Compliance Questions

Got a burning compliance (or HIPAA) question? We will send out an email asking for your questions in advance. We'll also take questions live, and go over our most frequently asked compliance and HIPAA questions. Get your questions answered on September 29!

SIGN UP

Read More

Topics: Training and Education, HIPAA, compliance

Free webinar: HIPAA Security Risk Analysis!

Posted by Margaret Scavotto, JD, CHC on 8/31/21 10:54 AM

 

Sign up for MPA's FREE Compliance & HIPAA webinars:

All webinars are 11:00 a.m. CST - 12:00 p.m. CST

 

October 20, 2021: HIPAA Security Risk Analysis!

The HIPAA Security Risk Analysis is required by law, extremely helpful for reducing security risk - and very daunting. It's a lot of work, but well worth it. MPA will walk through what the Security Risk Analysis is, why you need one, and some practical tips to get you started on your own SRA.

SIGN UP

 

We hope you will also join us for September's webinar:

September 29, 2021: MPA Answers Your Burning Compliance Questions

Got a burning compliance (or HIPAA) question? We will send out an email asking for your questions in advance. We'll also take questions live, and go over our most frequently asked compliance and HIPAA questions. Get your questions answered on September 29!

SIGN UP

Read More

Topics: Training and Education, HIPAA, compliance

    Privacy Policy           Terms of Use