Support our online development, and advance our onground research initiatives in free market economics, as we seek to showcase the brightest Next-Gen minds.
THE ME-P DISCLAIMER: Posts, comments and opinions do not necessarily represent iMBA, Inc., but become our property after submission. Copyright © 2006 to-date. iMBA, Inc allows colleges, universities, medical and financial professionals and related clinics, hospitals and non-profit healthcare organizations to distribute our proprietary essays, photos, videos, audios and other documents; etc. However, please review copyright and usage information for each individual asset before submission to us, and/or placement on your publication or web site. Attestation references, citations and/or back-links are required. All other assets are property of the individual copyright holder.
By Garfunkel Wild, PC
Early in July, the Department of Health and Human Services Office of Civil Rights (“OCR”) entered into a settlement for $865,500 with UCLA Health System (“UCLAHS”) as a result of complaints alleging that UCLAHS employees repeatedly and without permissible reason looked at the electronic protected health information (“ePHI”) of celebrity patients.
Initial Complaints
Although the complaint was initially made by only two patients, in its investigation OCR determined that from 2005-2008 unauthorized employees of UCLAHS repeatedly looked at the ePHI of numerous other patients as well. In addition to paying the settlement, UCLAHS committed to a correction action plan that includes (1) implementation of policies and procedures; (2) robust training for employees; (3) a commitment to sanction offending employees; and (4) designation of an independent monitor to assess compliance over 3 years.
Assessment
This settlement is the fourth settlement in a year and highlights OCR’s increasing enforcement of violations to HIPAA Privacy and Security Rules. Failure to have an effective HIPAA compliance program can result in significant monetary penalties, and therefore, providers and business associates alike should be evaluating their HIPAA compliance programs to ensure that appropriate safeguards are in place.
Conclusion
Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.
Link: http://feeds.feedburner.com/HealthcareFinancialsthePostForcxos
Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com
OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:
- DICTIONARIES: http://www.springerpub.com/Search/marcinko
- PHYSICIANS: www.MedicalBusinessAdvisors.com
- PRACTICES: www.BusinessofMedicalPractice.com
- HOSPITALS: http://www.crcpress.com/product/isbn/9781466558731
- CLINICS: http://www.crcpress.com/product/isbn/9781439879900
- ADVISORS: www.CertifiedMedicalPlanner.org
- BLOG: www.MedicalExecutivePost.com
- FINANCE:Financial Planning for Physicians and Advisors
- INSURANCE:Risk Management and Insurance Strategies for Physicians and Advisors
Share this:
Filed under: Health Law & Policy, Information Technology | Tagged: electronic protected health information, ePHI, Garfunkel Wild, HIPAA, OCR, Office of Civil Rights, PC, PHI, protected health information |
The Leading Business Education Network for Doctors, Financial Advisors and Health Industry Consultants 
‘Monetary Enforcement’ Is the New Aim Of OCR
The $1.5 million settlement that the Office for Civil Rights recently reached with BlueCross BlueShield of Tennessee heralds a new era of “monetary enforcement” by the agency, in contrast to its long-standing approach of what OCR Director Leon Rodriguez termed “hand-holding.” In an interview with Report on Patient Privacy, Rodriguez discussed the settlement and OCR’s plan to refocus its enforcement in pursuit of what he called “high-impact cases.”
Rodriguez emphasized, as well, that covered entities (CEs) and business associates (BAs) in the future will face sanctions on all lapses discovered during an investigation regardless of whether they are directly related to the incident that sparked OCR’s attention in the first place. And it’s not just CEs that will be the agency’s target. After the final business associate regulations go into effect, OCR will be able to impose settlements and penalties on BAs, but not to the exclusion of CEs, Rodriquez said.
Source: Report on Patient Privacy [4/13/12]
LikeLike
If your sweet words don’t work, Leon Rodriguez, what could possibly entice a dentist to choose to become a HIPAA-covered entity if he or she can avoid it? Is it the tremendous return on investment that comes with the NPI number?
Darrell
LikeLike
PHI,
For the record, Gmail and Yahoo and any other free email accounts are NEVER to be used for the communication of ePHI. Only domain email accounts which are encrypted may be used.
Dr. Sha
LikeLike