Explore this issueMay 2014
Also by this Author
A recent costly settlement is the latest reminder of the importance of compliance with the Health Insurance Portability and Accountability Act (HIPAA). Recently, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) and a medical practice (the Group) entered into a resolution agreement that serves as an expensive reminder of potential HIPAA exposure for healthcare providers’ failure to maintain written policies and procedures. The settlement, which requires the Group to pay $150,000 and implement a corrective action plan, is based on OCR’s findings that the Group failed (i) to perform risk analysis (required under the HIPAA Security Rule) and (ii) to have written policies and procedures, and train members of its workforce (required under the Breach Notification Rule).
Landscape of Healthcare Data Breaches
In recent years, the number of reports of healthcare data breaches has skyrocketed. In 2013, the Identity Theft Resource Center (ITRC) identified 267 data breaches within the medical/healthcare industry, constituting 43% of all data breaches tracked by ITRC; in 2012, the ITRC identified 163 medical/healthcare data breaches, which comprised only 34.7% of all data breaches.