What Are the Penalties for HIPAA Violations?

HIPAA featured

In October of 2015, the Excellus Health Plan suffered what was the largest HIPAA data breach of the year, with some 9.5 million patient records compromised. An investigation concluded in January 2021, stating that Excellus had five critical violations of HIPAA, including a failure to conduct risk analysis, implement sufficient network security measures and enact data security policies around data and access controls. 

The Office of Civil Rights (OCR) settled with Excellus for $5.1 million from the five violations found and after years of audits and investigations. 

Don’t let this become your story if you are working in the healthcare sector. Understand compliance and penalty structures. 


Read More

OMG USB! Physical Media and Protecting PHI

HIPAA featured

Imagine this scenario: you’ve received some test results from some procedure. Those results are to be moved between institutions because you have doctors in different departments of a healthcare system. 

Normally, we’d think that these institutions would electronically transmit these results through some secure channel… but then you see that your doctor has your results, in hand, in a USB key that they plug into their computer. 

This, of course, is a considerable risk. HIPAA regulations require that institutions protect PHI in specific ways with straightforward controls, and many threats can undermine physical media. 

So, what’s the issue with using USB thumb drives? 


Read More

What Is the HITECH Act, and How Can I Be Compliant?

HITECH featured

HIPAA was passed into law in 1996–not exactly the heyday of digital technology. It wasn’t until over a decade later that Congress decided to implement updates to the law to address the rise of digital technology. Their goal? To push providers to update their record-keeping to Electronic Health Record (EHR) systems, secure those systems effectively, and eliminate the loopholes that would prevent adherence to the law. 

Thus, the Health Information Technology for Economic and Clinical Health, or HITECH, was born. Here, we’ll discuss some of the changes that HITECH made to HIPAA law and how that informs the compliance obligations of businesses in the healthcare industry. 


Read More