February 24, 2023 Believe it or not, the Office for Civil Rights kicked off NBA All-Star Weekend with their very own showcase of HIPAA enforcement’s latest and greatest. Last Friday the government released not one but two annual reports starring key HIPAA enforcement activities from 2021. While you probably won’t be seeing these reports featured on the next SportsCenter Top 10, the insights that they provide into recent healthcare data breaches and HIPAA noncompliance cases are certainly worthy of a highlight reel. So to give your practice some helpful pointers on how your compliance efforts should be focused, let’s break down the most important stats from each report: OCR’s 2021 Report to Congress on HIPAA Privacy, Security and Breach Notification Rule Compliance The biggest takeaway? Between 2017 and 2021, the OCR has seen a 39% increase in the number of HIPAA complaints received and in turn, has initiated 44% more compliance reviews. Meaning that not only are your patients paying more attention to non-compliance, but the government is too. OCR’s 2021 Report to Congress on Breaches of Unsecured Protected Health Information Now, what does all this data really mean? OCR Director, Melanie Fontes Rainer, made the intentions of these reports clear in her statement saying, “We will continue to provide guidance and technical assistance on compliance with the HIPAA Rules, as well as a vigorous enforcement program to address potential HIPAA violations.” Meaning that not only do each of those statistics provide eye-opening insight into what’s going on in the healthcare industry, but they help identify exactly what areas of compliance are too commonly overlooked. And when it comes to ensuring your practice has an all-star compliance line-up, here’s what the OCR identified as the top areas for needing improvement: So knowing what common compliance gaps exist and what a winning HIPAA program looks like, the ball is in your court. You wouldn’t put a rookie up against LeBron, and the findings from these reports are perfect examples of why you can’t go head-to-head with an evolving healthcare industry without having both compliance AND cybersecurity on your team.
Heads Up: Dodge These Top OSHA Violations!
February 14, 2024 Hey there! Ever heard of OSHA? Think of them as the workplace safety cheerleaders, ensuring everyone stays healthy and happy at work. Ensuring a safe and healthy workplace is paramount for our heroes on the frontlines. Let’s delve into the top OSHA violations to see what you need to avoid and prioritize workplace safety: Bloodborne Pathogen Management: Proper handling of blood and bodily fluids is crucial, with appropriate PPE and training mandated for everyone’s protection. Respiratory Protection: Implement proper respirators and ventilation systems to safeguard staff from airborne contaminants and ensure optimal respiratory health. Personal Protective Equipment (PPE) Utilization: Equipping everyone with the correct PPE and ensuring its proper use and maintenance creates a vital barrier against workplace hazards. Recordkeeping Meticulousness: Maintaining accurate and timely records of injuries, illnesses, and safety hazards facilitates proactive risk identification and mitigation strategies. Lockout/Tagout Procedure Implementation: Prevent accidental equipment activation by strictly adhering to established lockout/tagout procedures during maintenance activities. Remember, adhering to these guidelines fosters a safer and healthier environment for everyone, ultimately contributing to a thriving healthcare ecosystem. Let’s prioritize safety and empower your practice to shine! Thankfully, Abyde can help your practice avoid these common OSHA violations. Our revolutionary OSHA for Healthcare software includes entertaining training, dynamically generated documentation, a thorough facility risk assessment, and much more! To learn more about how you can simplify your practice’s compliance, contact us at info@abyde.com and schedule a demo here.
Big Fish, Big Fine
February 3, 2023 A hacker dropped a line and an Arizona-based nonprofit health system got baited, hook line and sinker. Yesterday, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights announced a settlement resolving a data breach. The breach, executed by a “threat actor”, disclosed the protected health information of 2.1 million consumers. Ouch! Outlined by the HHS, the HIPAA violations include: The investigation began back in 2016 after OCR received a receipt of a breach report. The hacker was able to access PHI such as patient names, physician names, dates of birth, addresses, Social Security numbers, clinical details, dates of service, claims information, lab results, medication, diagnoses and conditions, and health insurance information. As part of the settlement, the hospital paid $1,250,000 to OCR and agreed to a Corrective Action Plan. The plan highlights efforts to resolve their violations against the HIPAA Security Rule. Before you catch yourself becoming a victim of “here fishy fishy”, make sure all your ducks – or should we say fish – are in a row. As we continue to see the relevance and impact of cybersecurity incidents increase, you should be more alert and secure than ever. And if you’re thinking, well that was a hospital – that could never happen to me, be careful what your next Go Fish card is. Whether you’re a big fish in a little pond or a little fish in a big pond, hackers are targeting healthcare. This particular hospital is facing extensive hours of work to complete its Corrective Action Plan which includes conducting a risk analysis, developing a risk management plan, implementing and distributing policies and procedures, and regular follow-up with the HHS. Conveniently, these are all things Abyde can help with. Reach out today to find out how we can save you over 80 hours a year and a time-consuming Corrective Action Plan down the road.