Breaking Compliance News Blog

Have you upped your HIPAA game during COVID?

Posted by Margaret Scavotto, JD, CHC on 1/11/22 8:00 AM

HIPAA was a high priority for most healthcare providers before the pandemic.

 

COVID-19 stretched resources and lengthened to-do lists, and has made it harder to keep up with HIPAA compliance.

 

Which is tricky, because HIPAA risk has only increased during the pandemic, for two reasons.

 

First, hackers are opportunists.

They know the pandemic strains healthcare facilities, and a cyberattack might be more successful on a provider facing a COVID-19 surge. In March 2020, U.S. authorities warned that hackers were focusing their efforts on the three states hit the hardest by coronavirus: California, New York, and Washington – and hackers were targeting employees working from home.

Second, the pandemic has brought new ways to violate HIPAA.

Providers and vendors have scrambled to implement testing sites and vaccine clinics, ways to manage the data flowing in and out of testing sites and vaccine clinics, and software programs to sign up for testing and vaccines – to name a few. Many of these methods had to be put together hastily, as they were urgently needed. Was HIPAA the first consideration? Probably not. This inevitably led to breaches.

For example:

  • Denton County, Texas announced a breach involving a third-party application used by the County for COVID-19 vaccination clinics. This application had a configuration error that exposed information about individuals who received vaccinations.
  • An agency employee at Atacadero State Hospital in California improperly accessed patient and employee information, including COVID-19 test results. The records involved 1,735 employees and former employees, and 1,217 job applicants. The improper access was discovered during an “annual review of employee access to data folders, and the employee is believed to have been improperly accessing the information for about 10 months….”
  • The Lake County Health Department and Community Health Center in Illinois announced that 24,000 patient names were on a spreadsheet sent attached to an unencrypted email to an employee’s personal email address. 
  • Indiana’s COVID-19 online contact tracing survey was breached, compromising the data of hundreds of thousands of Indiana residents. The breach was caused by a software misconfiguration that left the information visible to the public.

I know resources are stretched thin, and people are exhausted. But it is still important to ask: Have you upped your HIPAA game during the pandemic? Has your organization addressed evolving threats that COVID-19 has brought the healthcare industry?

Here are some more questions to ask:

Read More

Topics: HIPAA, data breach, security, compliance, webinar

Earn 5 CEUs with MPA’s Virtual HIPAA Training!

Posted by Margaret Scavotto, JD, CHC on 8/10/21 9:15 AM

HIPAA is a lot!

MPA's e-course makes it easier to keep up with privacy, security, breach notification, and social media.

Sign up for MPA's Virtual HIPAA Training Course

*** Approved for 5 hours of NAB CEUs***

Read More

Topics: Training and Education, HIPAA, Social Media, security, breach notification, privacy, webinar

Earn 5 CEUs with MPA’s Virtual HIPAA Training!

Posted by Margaret Scavotto, JD, CHC on 8/5/21 11:40 AM

HIPAA is a lot!

MPA's e-course makes it easier to keep up with privacy, security, breach notification, and social media.

Sign up for MPA's Virtual HIPAA Training Course

*** Approved for 5 hours of NAB CEUs***

Read More

Topics: Training and Education, HIPAA, Social Media, security, breach notification, privacy, webinar

HIPAA hazard: Doctor appears in traffic court by webcam from the OR

Posted by Margaret Scavotto, JD, CHC on 3/9/21 1:27 PM

A California doctor recently appeared in traffic court by videoconference while he was performing plastic surgery. The traffic court session was livestreamed and posted to YouTube.

The traffic court commissioner could see that a medical operation was in process, and said: “I do not feel comfortable for the welfare of a patient if you’re in the process of operating….” The trial was rescheduled.

The Medical Board of California is investigating the incident.

I’m also concerned about privacy.

Read More

Topics: HIPAA, security, privacy

Do you have a HIPAA authorization for that social media post?

Posted by Margaret Scavotto, JD, CHC on 2/16/21 10:00 AM

The pandemic has changed a lot for healthcare providers – including their social media use.

Most providers we talk to say they have increased their use of social media during COVID-19. Some providers are turning to social media to disseminate information about COVID-19 precautions, and, now, vaccine availability. We also see many providers using social media to keep the public informed, and to keep people connected during visitor restrictions. Many nursing homes are posting resident pictures and videos on Facebook or TikTok to give their loved ones a glimpse into life inside a nursing home during a lockdown. These strategies have led to creative – and often charming – social media campaigns.

For example:

I truly enjoy these posts, and I appreciate the clever social media campaigns and the connection they bring during a challenging time.

BUT – All of these social media uses bring risks.

Read More

Topics: HIPAA, Social Media, security, privacy

* Free Webinar: HIPAA Wake-Up Calls!

Posted by Margaret Scavotto, JD, CHC on 2/10/21 10:27 AM

Sign up for MPA's free webinar:

HIPAA Wake-Up Calls

Tuesday February 16th at 12 pm CST

In 2020, there were 19 HIPAA settlements totaling $13,554,900. The settlements ranged between $10,000 and $6.85 million, and affected between one and 16,649,249 patients.

Read More

Topics: HIPAA, security, compliance, breach notification, privacy, webinar

Earn 5 CEUs with MPA’s Virtual HIPAA Training!

Posted by Margaret Scavotto, JD, CHC on 2/5/21 9:00 AM

HIPAA is a lot!

MPA's e-course makes it easier to keep up with privacy, security, breach notification, and social media.

Sign up for MPA's Virtual HIPAA Training Course

*** Approved for 5 hours of NAB CEUs***

Read More

Topics: Training and Education, HIPAA, Social Media, security, breach notification, privacy, webinar

Earn 5 CEUs with MPA’s Virtual HIPAA Training!

Posted by Margaret Scavotto, JD, CHC on 2/4/21 7:45 AM

HIPAA is a lot!

MPA's e-course makes it easier to keep up with privacy, security, breach notification, and social media.

Sign up for MPA's Virtual HIPAA Training Course

*** Approved for 5 hours of NAB CEUs***

Read More

Topics: Training and Education, HIPAA, Social Media, security, breach notification, privacy, webinar

* Free Webinar: HIPAA Wake-Up Calls!

Posted by Margaret Scavotto, JD, CHC on 2/3/21 10:57 AM

Sign up for MPA's free webinar:

HIPAA Wake-Up Calls

Tuesday February 16th at 12 pm CST

In 2020, there were 19 HIPAA settlements totaling $13,554,900. The settlements ranged between $10,000 and $6.85 million, and affected between one and 16,649,249 patients.

Read More

Topics: HIPAA, security, compliance, breach notification, privacy, webinar

Earn 5 CEUs with MPA’s Virtual HIPAA Training!

Posted by Margaret Scavotto, JD, CHC on 1/21/21 10:00 AM

HIPAA is a lot!

MPA's e-course makes it easier to keep up with privacy, security, breach notification, and social media.

Sign up for MPA's Virtual HIPAA Training Course

*** Approved for 5 hours of NAB CEUs***

Read More

Topics: Training and Education, HIPAA, Social Media, security, breach notification, privacy, webinar

    Privacy Policy           Terms of Use