Breaking Compliance News Blog

Free Webinar: Most Questionable Healthcare Social Media Posts of 2020

Posted by Margaret Scavotto, JD, CHC on 1/13/21 12:29 PM

Start 2021 off strong with the next TWO webinars in MPA's Free Compliance Webinar Series!

 

Read More

Topics: Training and Education, HIPAA, Social Media, compliance

Free Webinar: Compliance New Year's Resolutions for SNFs

Posted by Margaret Scavotto, JD, CHC on 1/11/21 10:30 AM

Start 2021 off strong with the next TWO webinars in MPA's Free Compliance Webinar Series!

 

Read More

Topics: Training and Education, HIPAA, Social Media, compliance

Free Webinar: Most Questionable Healthcare Social Media Posts of 2020

Posted by Margaret Scavotto, JD, CHC on 1/7/21 9:15 AM

Start 2021 off strong with the next TWO webinars in MPA's Free Compliance Webinar Series!

 

Read More

Topics: Training and Education, HIPAA, Social Media, compliance

Train Remotely with Compliance and HIPAA Training Handbooks

Posted by Margaret Scavotto, JD, CHC on 12/2/20 10:30 AM

The pandemic has led covered entities and business associates to rethink training.

For starters, in-services are not always practical right now. With more remote employees, and concerns about trying to contain spread of the virus, in-person, classroom-style training is not working for everyone.

Plus, many providers are dealing with an evolving workforce: more agency/temp staff, more healthcare professionals newly hired due to loosened education or certification requirements during COVID-19. All of these people need training - and providers have less time to train.

Compliance and HIPAA training does not have to be in the form of a live in-service to be effective. 

MPA's Compliance and HIPAA Training Handbooks can help.

Read More

Topics: Compliance Basics, Training and Education, HIPAA, Culture of Compliance, MPA's Compliance Store, COVID-19

HIPAA interrupts an historical tour: Pause before you pitch!

Posted by Margaret Scavotto, JD, CHC on 11/19/20 10:00 AM

It’s not often that a HIPAA incident also provides a history lesson, but there’s a first time for everything.

Read More

Topics: HIPAA, data breach

The Compliance Cartoon Caption Contest is here!

Posted by Margaret Scavotto, JD, CHC on 11/18/20 10:00 AM

Boost your culture of compliance with MPA's Compliance Cartoon Caption Contest!

 

This new download on MPA's store includes four compliance cartoons ready for your employees to caption. The HIPAA version includes four HIPAA cartoons.

Distribute one (or more!) cartoons to your staff by email, or print and post them in your building. Ask staff to come up with captions, and return their cartoons to the Compliance Officer. Then, choose a winner: A caption that embodies your culture of compliance, and will resonate with your organization. Post the winning caption (or captions), and award the winner(s) a prize. 

Consider:

  • holding the contest in connection with Compliance Week, or annual compliance training.
  • framing your top captions and displaying them in a hallway or common area.

Each caption is followed by Compliance Officer notes: An explanation of the compliance risk involved, and a sample caption.

Compliance Cartoon Caption Game: $95

Compliance Cartoon Caption Game - HIPAA Version: $95

Here's a sample:

Read More

Topics: HIPAA, Culture of Compliance, compliance

HIPAA Alert: How many former employees can access your PHI?

Posted by Margaret Scavotto, JD, CHC on 11/17/20 10:00 AM

Hopefully you can answer this question, with 100% certainty, with a single word: Zero.

But that’s often not the case.

Recently, the City of New Haven, CT, entered a $202,400 settlement with the OCR to resolve potential HIPAA Privacy and Security Rule violations.

The New Haven Health Department filed a breach report after “a former employee returned…eight days after being terminated, logged into her old computer with her still active user name and password, and downloaded PHI that included patient names, addresses, dates of birth, race/ethnicity, gender, and sexually transmitted diseases test results onto a USB drive.” This former employee also gave her user name and password to an intern.

MPA sees this scenario frequently – an employee leaves, access is not terminated in a timely manner, and the former employee continues to log in (typically out of curiosity).

Read More

Topics: HIPAA, breach notification

Healthcare Provider Ransomware Risk is Elevated – What Do We Do???

Posted by Scott Gima on 11/5/20 10:00 AM

On October 28, a joint cybersecurity advisory was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) that provided a warning of imminent ransomware attacks to U.S. hospitals and healthcare providers.

This advisory provides technical information on the methods used by the hackers so healthcare providers can better protect themselves. In particular, the advisory mentioned the hackers’ use of Ryuk and Conti ransomware.

Leading up to this advisory, Universal Health Services was a recent target of a ransomware attack in late September. UHS is a large health care provider with 26 hospitals in the U.S., Puerto Rico and the U.K. It is believed that the Ryuk ransomware was used in the attack.

I don’t know about you, but for me, a non-IT person, the technical details are way over my head. However, the user awareness best practices are relevant to anybody who uses a workstation or laptop. Here are the user awareness best practices found in the advisory (direct quote):

Read More

Topics: HIPAA, data breach, security, compliance

Train Remotely with Compliance and HIPAA Training Handbooks

Posted by Margaret Scavotto, JD, CHC on 11/2/20 11:56 AM

The pandemic has led covered entities and business associates to rethink training.

For starters, in-services are not always practical right now. With more remote employees, and concerns about trying to contain spread of the virus, in-person, classroom-style training is not working for everyone.

Plus, many providers are dealing with an evolving workforce: more agency/temp staff, more healthcare professionals newly hired due to loosened education or certification requirements during COVID-19. All of these people need training - and providers have less time to train.

Compliance and HIPAA training does not have to be in the form of a live in-service to be effective. 

MPA's Compliance and HIPAA Training Handbooks can help.

Read More

Topics: Compliance Basics, Training and Education, HIPAA, Culture of Compliance, MPA's Compliance Store, COVID-19

HIPAA ALERT: OCR CRACKS DOWN ON PATIENT RIGHTS VIOLATIONS

Posted by Margaret Scavotto, JD, CHC on 10/13/20 10:15 AM

On September 15, 2020, the Office for Civil Rights (OCR) announced five settlements with providers who were accused of failing to comply with HIPAA’s right of access requirements. On October 7th, the OCR announced another patient rights settlement, which is the eighth HIPAA Right of Access Initiatives settlement to date. And on October 9th, the ninth settlement was announced (two Right of Access settlements were announced early in 2019 and 2020).

The Privacy Rule requires covered entities to respond to patients’ requests to inspect or obtain a copy of their medical records within 30 days. In some circumstances, the provider may extend this timeframe by 30 days – but it must let the patient know of the delay within the original 30-day period.

The new settlements involved:

Read More

Topics: Penalties and Enforcement, HIPAA, compliance

    Privacy Policy           Terms of Use