Breaking Compliance News Blog

As we enter a new year, it’s a good time to review the status of data breaches, HIPAA hazards, and the state of security risk with some statistics:

• The average cost of a data breach in the United States is $9.05 million. The average cost is higher in organizations with greater compliance failures.
  
  
• Only 25% of employees are “very confident” they can identify a social engineering attack.
  
  
• 76% of healthcare employees have received security awareness training. That means 24% have not.
  
  
• 24% of employees believe “clicking on a suspicious link or attachment in an email represents little or no risk.”
  
  
• Only 31% of employees think “allowing family members of friends to use work devices for personal activities outside of work” is risky.
  
  
• In the past 12 months, 94% of organizations have had an insider data breach. The most common cause is human error.
  
• As many as 90% of data breaches are phishing attacks
  
  

It is always eye-opening to review the latest HIPAA stats – because they get colder and harder every year. Especially in healthcare.

What you can do

Join HIPAAtrek and MPA's Executive VP Scott Gima for a complimentary webinar:

The rise of social media has revolutionized the way people connect. In the health care workplace, social media also brings countless opportunities for employees to violate HIPAA. Balancing this new landscape of increased sharing through technology and unchanged patient privacy rights is a minefield for healthcare providers.

Without education and policies from their employers, health care employees can easily get into trouble, quickly putting their employers at risk for HIPAA penalties, lawsuits, and devastating PR consequences. The pandemic has only exacerbated the privacy challenges associated with social media. MPA’s HIPAA, Social Media & COVID-19 Roadmap tells you what you need to know about this challenge, and what you can do about it.

Taking on the unstoppable world of social media might seem impossible. But it's better to help employees use it properly--and know when they aren't - than to do nothing and wait to hear it from the patients (or the media).

Click here to download.

Ladies and gentlemen, long-anticipated compliance program requirements are changing, one more time. Let’s take a look at what has changed – and what hasn’t.

The proposed rule

On July 16, 2019, CMS published a proposed rule that would modify multiple aspects of Phase III of the Long-Term Care Facilities Requirements for Participation (the “Proposed Rule”). The goal of the Proposed Rule is to reduce regulatory burdens and costs, allowing nursing homes to focus resources on providing quality resident care. Some of the most discussed proposed amendments are those to the Compliance and Ethics Program requirements (42 CFR 483.85), which, if finalized, will become effective one year later. With comments from the public due September 16, 2019, our best guess is that enforcement will begin October or November 2020.

Good news: fewer compliance-related F-tags ahead

Nursing homes: LeadingAge (and other associations) successfully lobbied on your behalf. 

We have an opioid problem

In the United States, 134 opioid-related deaths occur daily. In 2016, more than 60,000 Americans died from drug overdoses, and two-thirds of those deaths were opioid related. Fentanyl is now responsible for more overdose deaths (28.8%) than heroin. And, three out of four new heroin users first misuse prescription opioids.

In 2017, almost one-third of Medicare Part D beneficiaries received opioids. About 460,000 beneficiaries received high amounts of opioids; 71,000 beneficiaries were at serious risk of misuse or overdose; and almost 300 prescribers had questionable prescribing. Everyone agrees our country has an opioid problem.