Author: CJ Michael

I am a Privacy and Security Consultant with RISC Management & Consulting. I have experience with HIPAA and ISO 27000. My specialties include risk assessments, policies & procedures, business associate agreements, data loss protection, and training.
Data Breach, News Events

How a Stolen Computer Could Cost You Millions

CJ Michael

When a thief broke into “Breaking Bad” star Bryan Cranston’s car earlier this year and took his iPad and a script from the show’s coming season, the media seized on the potential secrets that had been leaked.

For health care providers, secret leaking can have far more serious consequences than making the news on “Entertainment Tonight” or bad TV ratings; violating patients’ rights to privacy can mean literally millions of dollars in fines.

A Massachusetts medical care provider was ordered last fall to pay the federal government $1.5 million to settle potential violations of the Privacy and Security Rules of 1996’s Health Insurance Portability and Accountability Act (HIPAA).

The case began when a laptop with unencrypted, protected health information – including prescriptions and clinical data – was stolen.

In announcing the settlement, the Department of Health and Human Services stated that Massachusetts medical care provider had “failed to take necessary steps to comply with requirements of the HIPAA Privacy and Security Rule, such as conducting a thorough analysis of the risk to the confidentiality of electronic protected health information (ePHI) maintained on portable devices, implementing security measures sufficient to ensure the confidentiality of ePHI that [the firm] created, maintained and transmitted using portable devices, adopting and implementing policies and procedures to restrict access to ePHI to authorized users of portable devices, and adopting and implementing policies and procedures to address security incident identification, reporting, and response.”

Proper security protocols can ensure your firm protects the privacy of your patients and stays on the good side of the Department of Health and Human Services.

Have questions or concerns? RISC Management and Consulting can help. Contact us today.

Education, HIPAA / HITECH Enforcement, Meaningful Use

What is Attestation?

CJ Michael

Check BoxAn Eligible Provider (EP) must attest to all 15 Core Measures of the Meaningful Use Stage 1 requirements in order to qualify for stimulus money. Core Measure #15 requires that Providers complete a series of activities, both initial and follow-on. It is important to note that there is no exclusion from Core Measure #15, that is, it is not an optional or excludable component of the attestation. Eligible professionals (EPs) must attest Yes to having conducted or reviewed a risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implemented security updates as necessary and corrected identified security deficiencies prior to or during the EHR reporting period to meet this measure. It is worth noting that Stage 2’s proposed requirements continue to reinforce the importance of Privacy and Security. All providers must achieve meaningful use under the Stage 1 criteria before moving to Stage 2.

RISC Management and Consulting can assist organizations, including medical practices and hospitals alike in performing a risk analysis, understanding the results, determining appropriate remediation steps, and managing security functions on an ongoing basis. RISC was founded by individuals with an extensive healthcare background so we understand your business and the unique challenges it presents!

There is serious risk in attesting to meeting every requirement for Core Measure #15 if you haven’t taken the process seriously. However, with some work and help from the professionals at RISC, you can meet or exceed every requirement for Meaningful Use and help your practice run safer and smoother!

This information provided by RISC Management and Consulting, http://www.RISCsecurity.com