HIPAA - Try another doctor

We don’t need no Stinkin HIPAA!!


Today one of our sales team members called to talk about a sales pitch strategy and results.  It was a simple everyday conversation. But before I go into the details of the conversation here is a little background on our sales pitch strategy:

Step one: Find a market of small to mid sized (1 – 8 physicians) clinics and distribute brochures.

Step two: Identify the non-compliant offices.

Step three: Meet with the HIPAA Compliance officer

Step four: COMPLIANCE!

Not having a HIPAA Compliance officer designated to your office is the first red flag! Not because my sales team does not …Read More

HIPAA - Try another doctor

Are you a Doctor or a Medical Practice Owner? Its time to #CYA!

By Ali Khan, CHP, CSCS, CHPSE,

Doctors! It’s time to be HIPAA Compliant.

Think there’s still time to ease your way into compliance? Most physicians I meet truly believe a HIPAA audit will result as a slap on the wrist. Not true. With deadlines long in the rearview mirror, leniency is a thing of the past. So far, OCR has fined $23 million. They have received over 123,065 complaints of which 116,266 have been resolved – some with heavy fines.

You’re probably thinking they will have to catch you first. And they will. They even have help. Now any employee or physician with …Read More

Hackers demand ransom from Hollywood Presbyterian Medical Center

Are you HIPAA secure? Hollywood Presbyterian Medical Center was not. You can outsource your IT worries to Khan & Marshall our trained and certified HIPAA IT experts can help secure your systems and IT infrastructure and make it HIPAA Compliant.

Comments from Bricker & Eckler:

Hollywood Presbyterian Medical Center has been the victim of a recent cyber-attack that shut down the hospital’s network and placed it in a state of crisis. The attack was conducted using a type of malware known as ransomware. The hack has caused a state of emergency for the hospital and has compromised the hospital’s ability to care for …Read More

Patient testimonial postings lead to $25,000 HIPAA privacy fine

Federal regulators have announced a privacy investigation settlement that could affect how any entity that collects protected health information (PHI) uses consumer testimonials.

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) says it has negotiated the settlement with Complete P.T., Pool & Land Physical Therapy Inc., a Los Angeles physical therapy practice.

In 2012, the practice posted testimonials from happy patients, including full names and photos, on the Web without getting what OCR classifies as valid authorizations, according to an OCR settlement announcement and a copy of the settlement agreement posted on the OCR website.

OCR officials say the Health …Read More

Reminder: Deadline for Reporting 2015 HIPAA Breaches Fast Approaching

Covered entities which experienced a HIPAA breach in calendar year 2015 are required to report all such breaches affecting fewer than 500 individuals to OCR by Monday, February 29, 2016. The reports must be submitted via OCR’s online portal, available here. This yearly reporting obligation is in addition to the requirement to report large breaches — those affecting 500 or more individuals — within 60 days of discovering the breach.

This is also an appropriate time to review and update breach notification policies and procedures to make sure that covered entities have in place the appropriate mechanisms to notify OCR timely and appropriately.

Khan …Read More

HIMSS16 Social Media Ambassador Matthew Fisher: HIPAA audits will reveal mass noncompliance

Matthew R. Fisher chairs the Health Law Group within the firm Mirick O’Connell in Worcester, Massachusetts, a fitting role given his passion for understanding the practicality of healthcare regulations in the real world.

At the end of this month at HIMSS16 he’ll bring this legal background to the Social Media Ambassadors program.

Fisher shared insights including understanding the next steps for IT security in healthcare, the microbreweries he cannot wait to visit in Las Vegas, and what he’s most looking forward to at the conference.

Q: One health IT prediction for 2016?

A: I think the HIPAA audits will finally occur. After the first …Read More

Avoid HIPAA Violation, Billing Issues at Your Practice

By Ericka L. Adler

 I sometimes find myself on the consumer end of the healthcare issues on which I advise my clients. Each experience is a learning opportunity I try to share with them.  For instance, I recently received a bill from a practice in Massachusetts addressed to my 13 year old son.

The bill outlined services provided by various different physicians, previous amounts paid and/or reimbursed by insurance (naming the insurer) and the amount due for services. There was nothing about the patient’s treatment in the past year that I could not tell by looking at this bill, including drugs injected …Read More

Williamson Memorial Hospital

Delbarton man accuses Williamson Memorial of HIPAA violations

CHARLESTON – A Delbarton man is suing Williamson Memorial Hospital after he claims it violated HIPAA by disclosing personal information about his surgery.

William Bub Prater was also named as a defendant in the suit.

On Oct. 7, John William Ray was to have surgery performed at Williamson by Dr. Subhash Vyas and Prater was part of the surgical team, according to a complaint filed Dec. 22 in Mingo Circuit Court and removed to federal court on Jan. 26.

Ray claims Vyas performed the surgery to remove an abscess from his testicle and the following Sunday and forced him to provide him with …Read More

Employees mishandle data, violate HIPAA in Washington State Medicaid breach

The Washington State Health Care Authority (HCA) announced yesterday that employees at two state agencies committed a HIPAA violation by improperly exchanging private data pertaining to its Apple Health Medicaid clients.

How many victims? 91,000

What type of information? Social Security numbers, birthdates, Apple Health client ID numbers and private health information.

What happened? Two state workers from separate state agencies exchanged Apple Health client files, after the HCA employee requested technical assistance with spreadsheets containing the private data. This HIPAA violation was uncovered during an unrelated whistleblower investigation into misuse of state resources.

What was the response? HCA conducted a joint internal investigation with the other involved …Read More

Are doctors ready for their customer reviews on Yelp? Not really!

Healthcare providers might be in for a rude awakening in 2016.

This year is quickly shaping up to be the one in which digital media moves from having an ancillary impact on healthcare organizations, to one in which it plays just as central a role as it does in other industries.

Blatant warning signs started to crop up in late 2015, but thankfully, there are ways to prepare.
One provider’s (very public) mistake
Before the age of digital and social media, the repercussions around HIPAA violations were somewhat limited in terms of reputation.

Of course, public notification was required, but most concerns stopped after a few traditional media announcements. Today though, …Read More