By:
On:
In: *Connecting the Dots Blog*, Health Care, Information Privacy, Information Security, Regulatory Compliance

  OCR is offering HIPAA Enforcement Training to help State Attorneys General enforce the HIPAA Privacy and Security Rules and file federal civil lawsuits for HIPAA violations. Lessons Learned:  HHS and OCR are serious about Privacy and Security in Health Care.   Policies and procedures play a critical role in an organization’s culture of privacy and security and need to be updated as requirements, risks, regulations, etc. change.  Health care organizations will need to conduct internal audits and assessments rather than waiting for the OCR or AGs to arrive.  All employees and business associates must understand how to safely handle patient information and maintain a cultureRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Regulatory Compliance

  Health Net exposed as many as 1.9 million customer records in a breach after its IT vendor misplaced nine server drives.  This is the second breach in two years for Health Net when a portable hard drive containing medical and financial information on 1.5 million customers disappeared from a facility in Connecticut. Lessons Learned:  Technology is not the problem..People are the weak link and the solution.   Devices are often lost and misplaced due to People not being aware of or not being accountable for the policies and procedures that have been put in place by the organizational responsible for protecting customer information.  Organizations mustRead More →