HIPAA

Million Dollar HIPAA Settlement
Fines, HIPAA

OCR Announces $1,000,000 Settlement With Aetna for Multiple HIPAA breaches

October 28, 2020 Comments Off on OCR Announces $1,000,000 Settlement With Aetna for Multiple HIPAA breaches

October 28, 2020 Thought we’d be able to skate through the rest of October without another HIPAA fine? Not so fast. The Office for Civil Rights (OCR) just announced another $1,000,000 settlement to add to October’s tab, settling with Aetna on not one, not two, but three separate HIPAA violations.  Aetna Life Insurance Company, as well as the affiliated covered entity (Aetna), agreed to a million-dollar payout in addition to a two year corrective action plan as a result of multiple HIPAA incidents experienced back in 2017.  The first violation occurred in April 2017, after Aetna discovered that two web services used to display plan-related documents to their members did not have the necessary login protections and were accessible through regular internet search engines. Aetna’s report noted that the incident exposed the protected health information (PHI) of over 5,000 individuals.  Violation number two came just a few months later in July, when Aetna received complaints that sensitive health information was made visible through benefit notice mailers. The 11,887 affected individuals’ medication information could be seen through the window of the envelope below the member’s name and address, clearly exposing their PHI to anyone who happened across the mailings.  Last but not least, the third violation occurred in September 2017, after a similar mailer was sent to 1,600 individuals displaying the name and logo of a research study on atrial fibrillation (irregular heartbeat) that some members were participating in. Because the logo on the envelope clearly conveyed the type of study the recipients were a part of, it was automatically an impermissible disclosure of PHI. Three HIPAA violations in one year is already enough to get you on the OCR’s bad side, but after further investigation, they found other aspects of Aetna’s HIPAA compliance program missing, including:  2017 was certainly a bad year for Aetna, and 2020 has now been a very bad year for all covered entities – practices, insurance companies and business associates alike – without a complete HIPAA compliance program in place. This latest settlement brings this year’s total to a whopping $13,186,500 – almost a million dollars over last year’s total fines, with 2 months still left on the clock in 2020.  We know you’re sick of hearing us harp on the importance of being compliant before an incident happens (seriously, we’re turning into our own mothers) but in the OCR Director, Roger Severino’s own words, “Aetna’s failure to follow the HIPAA Rules resulted in three breaches in a six-month period, leading to this million dollar settlement.” 

2020 HIPAA Fines
Fines, HIPAA

State HIPAA Fines Add to Growing 2020 Fine Totals

October 23, 2020 Comments Off on State HIPAA Fines Add to Growing 2020 Fine Totals

October 23, 2020 The Office for Civil Rights (OCR) has left practices taking hit after hit after hit when it comes to HIPAA fines this year, but two recent multi-state HIPAA fines have added just as many $$$ to this year’s enforcement totals. While the OCR certainly makes headlines, state enforcement and state-specific HIPAA regulations are just as important to adhere to as federal laws. In fact, depending on the incident and patients affected, many states require their attorney general be notified of a breach and have the option to pursue the HIPAA violation in addition to the investigation at the federal level.  Driving the point home for us, two healthcare organizations found themselves emptying their pockets for a second time in the past few weeks – agreeing to multi-million dollar settlements with multiple states for HIPAA violations already settled with the OCR. These fines are the latest in over $66 million collected by states as part of HIPAA enforcement actions.  Anthem, Inc.  The health insurance provider Anthem went one round with the HIPAA police in 2018, and suffered their first loss against the Office for Civil Rights (OCR) with a $16 million settlement relating to a breach that exposed almost 79 million patients records back in 2014. The results of round 2 have just come in, and it’s a K.O. – Anthem, Inc. has just settled with 43-states and California relating to the same HIPAA breach, with a whopping $48.2 million in total fines.  If you aren’t able to recite every HIPAA fine from memory (it’s ok, we’re probably the only ones that would win that trivia contest) the original incident resulted from a cyberattack that exposed almost 79 million individuals records. OCR investigation revealed Anthem was missing an enterprise-wide security risk analysis, various technical safeguards, and the proper response to suspected or known security incidents – resulting in the first place trophy for largest HIPAA settlement ever. Community Health System (CHS) Just last month, the OCR settled a $2.3 million fine with a business associate, Community Health System (CHS), who exposed 6.1 million patients records as a result of another 2014 cyber attack. While most of us wish we could fast forward to 2021 and escape 2020, we’re sure CHS probably feels that way more than anyone after the announcement of another $5 million added to their tab in a 28-state settlement of the same incident. These recent fines are starting to feel like deja-vu, so here’s more on the announcement to help jog your memory. Not surprisingly, in their investigation the OCR found CHS was missing a security risk analysis, had no proper security incident procedures in place, and failed to implement necessary access controls.   While the breaches themselves may be old news, the latest settlements are a fresh reminder of how healthcare practices must take notice of state HIPAA enforcement. Both state fines mentioned above, though split among all the states listed in each settlement, actually totalled more than the amount the OCR fined each organization.  Having a complete HIPAA compliance program with necessary safeguards in place will not only reduce your risk of being targeted by a hacker, as was the case in both these incidents, but will also keep your chances of federal and state-level fines to a minimum. Federal HIPAA requirements certainly put enough on your plate, but having a HIPAA partner that can provide all your state-specific HIPAA requirements for you makes complying that much easier – and helps avoid costly state audits. 

Information Blocking
Best Practices, HIPAA

What Does ‘Information Blocking’ Mean?

October 15, 2020 Comments Off on What Does ‘Information Blocking’ Mean?

October 15, 2020 If you’re at all familiar with the 21st Century Cures Act, you may have heard the term ‘information blocking’ tossed around. Even if you’re not, you may be familiar with the ongoing healthcare battle to prevent information blocking and more effectively share patient information. If you’re not familiar with any of these things…well…keep reading anyways, if you’re an independent practice we promise this is going to be increasingly important information to know.  A major goal of the Cures Act is to break down the barriers currently erected to interfere with, prevent, or discourage the access, exchange, or use of electronic Protected Health Information (ePHI) within the healthcare industry – otherwise known as information blocking. HIPAA outlines the specific ways information can be shared (and these rules still apply) but the statement of “sorry we can’t share that information because of HIPAA” is often applied incorrectly, and part of what the Cures Act hopes to correct. Deliberately blocking information that should be shared with patients and other appropriate covered entities, such as with Health Information Exchanges (HIE’s), can prevent or delay proper treatment and ultimately reduces the effectiveness of patient care. Before the Cures Act rules go into effect (November 2, 2020), organizations must reevaluate or remove any barriers currently in place that constitute information blocking. Not 100% what that really means? You aren’t alone, which is why the Office of the National Coordinator for Healthcare Technology (ONC) has created a helpful cheat sheet for what does and does not qualify as information blocking. There are some exceptions to what falls under the “information blocking” umbrella, including:  All of these exceptions are only permissible provided certain conditions are met. In general, think of information blocking as refusing to share data even when there is no reason not to – i.e., none of these exceptions or regular privacy concerns apply. Where it gets tricky is when information sharing might – though the situation makes it unclear – violate HIPAA compliance regulations (really violate them, not just as an excuse). It’s always helpful to ask the experts in these circumstances – such as your HIPAA compliance program provider (*cough cough*). 

HIPAA Right of Access Investigation
Fines, HIPAA

OCR Settles Ninth HIPAA Right of Access Investigation

October 9, 2020 Comments Off on OCR Settles Ninth HIPAA Right of Access Investigation

October 9, 2020 The OCR has proven they keep their promises (unlike that former friend we all know), taking only two days to fulfill their recent pledge of continued right of access enforcement and announcing yet another HIPAA fine. For those of you counting, that’s 7 right of access fines in less than a month – so take the hint, and pay attention to what your practice should be doing when it comes to patient right of access. This time, the fine goes to NY Spine Medicine (NY Spine), a New York based neurology and pain management medical practice, who was hit with a $100,000 fine and two year corrective action plan for failing to provide records to a patient in 2019. After making multiple requests beginning in June 2019, NY Spine failed to provide diagnostic film records to a patient, only providing the records in October 2020 after OCR investigation. Important to note about this case is that NY Spine did provide some records to the patient, but not the ones she had actually requested – making this still a right of access violation.  As OCR Director Roger Severino put it, “no one should have to wait over a year to get copies of their medical records. HIPAA entitles patients to timely access to their records and we will continue our stepped up enforcement of the right of access until covered entities get the message.”  If you’re a covered entity of any kind, now would be the right time to say ’message received’. If the OCR’s words aren’t enough, take a look at the stats: If you need a refresher, read up on the five right of access fines announced in September or this Wednesday’s $160,000 right of access fine.  What should your practice be doing right now? First, don’t panic. Second, if you think you might not be up to snuff on patient right of access, we have the inside scoop on how to get compliant and update your policies and know-how (wink wink). Just sign up for an educational webinar to learn what steps you can take right away to prevent being the next enforcement victim. 

Life Before HIPAA
HIPAA

Life Before HIPAA

October 8, 2020 Comments Off on Life Before HIPAA

October 8, 2020 Likely, the number of times someone older than you may have used the phrase “back in my day” is staggering. And while it’s unlikely previous generations did walk 20 miles uphill both ways in the snow to school every day, they DID have to deal with far less patient privacy protections than we have today. So when did protecting patients’ sensitive data become a priority? With the introduction of the Health Insurance Portability Act, better known as HIPAA, in 1996. HIPAA has had a bad reputation since being signed into law but read on to see why HIPAA is actually a good thing – for your practice, and for patients everywhere. Prior to 1996, health information privacy was like the wild west. There was no federal rule governing the privacy and protection of health information. While most providers acted within reason, no one had defined what protecting your sensitive information meant or how it was going to be regulated. So let’s take a moment to picture ‘life before HIPAA’. Imagine you’re in the running for the big promotion at work. You’re definitely the best candidate, but your anxiety (undiagnosed bipolar disorder) has started to affect your work performance. Instead of seeking medical help, you pretend everything’s a-okay. You know that if you see a professional, your employer could be notified and your chance at promotion would be out the window. Meanwhile, your anxiety over hiding your anxiety takes an even greater toll – the promotion goes to Chad from Accounting instead.  This scenario was REAL for many individuals prior to HIPAA. Companies used to receive detailed updates regarding employees’ health insurance. At the same time, patients weren’t necessarily able to receive their own medical records. This was a problem. The only way to protect your health information at the time was not to have any created in the first place – preventing patients from seeking the care they needed. Enter HIPAA. HIPAA laws standardize the ’right way’ to handle sensitive patient information. While sometimes these standards are anything but simple, it’s clear HIPAA guidelines make sure PHI is actually protected – not just given away like candy. Protecting PHI means ensuring its privacy (the HIPAA Privacy Rule) as well as its security (the HIPAA Security Rule). Ultimately, HIPAA law standardized protections for your patient data through required safeguards in addition to privacy requirements to prevent unauthorized disclosures. Because of HIPAA, individuals can feel comfortable going to a doctor to receive treatment without fear that it will be the talk of the office break room the next day. Not only do patients have the ability to determine who can and can’t be in the know, but they also have the ability to access records themselves to stay on top of their own care. So next time you’re frustrated with the need to have patients sign a HIPAA authorization form, just remember that HIPAA is what stands between you and chaos. Well, maybe we’re being a bit dramatic, but when sensitive data falls into the wrong hands, it could certainly feel like the end of the world.

HIPAA Settlement Patient Right of Access
Fines, HIPAA

OCR Levies 8th Patient Right of Access Fine, $160,000 Settlement Reached with St. Joseph’s Hospital and Medical Center

October 7, 2020 Comments Off on OCR Levies 8th Patient Right of Access Fine, $160,000 Settlement Reached with St. Joseph’s Hospital and Medical Center

October 7, 2020 The Office for Civil Rights (OCR) has officially kept their foot on the gas heading into October, announcing their 8th HIPAA right of access fine and adding to a string of nine total HIPAA fines announced since September 15th. Five of those recent fines also centered on providing patients appropriate access to their records, an initiative the OCR pledged to enforce in 2019. The latest practice left in the OCR’s dust is St. Joseph’s Hospital and Medical Center (SJHMC), an acute care hospital with several hospital-based clinics providing a variety of health services out of Phoenix, Arizona. SJHMC was slapped with a $160,000 fine, along with a 2-year corrective action plan to settle their potential HIPAA violation.  Continuing the patient right of access violation trend, SJHMC failed to provide patient records requested by a patient’s personal representative within any sort of a reasonable timeframe, and certainly not within HIPAA-mandated and state-specific deadlines. OCR involvement began in April 2018, when a complaint was received from an SJHMC patient’s mother stating that since January of 2018 she made various requests for a copy of her son’s medical records that SJHMC had failed to fulfill. While the hospital provided partial records, they failed to produce the full records requested despite follow-ups made by the mother in March, April, and May of 2018. The records were only provided a long 22 months later, in December 2019, after the OCR got involved to investigate the complaint. The deadline to provide patient records after a request in Arizona is 30 days.   If you haven’t realized the enforcement trend yet, the OCR made it pretty clear in their statement announcing the fine. “It shouldn’t take a federal investigation to secure access to patient medical records, but too often that’s what it takes when health care providers don’t take their HIPAA obligations seriously,” OCR Director Roger Severino stated, “OCR has many rights of access investigations open across the country, and will continue to vigorously enforce this right to better empower patients.”  Not only did OCR Director Roger Severino call out practices who aren’t actively focusing on their HIPAA compliance program, he emphasized that there is more to come related to patient right of access. This fine, along with the many others announced in recent weeks, emphasizes just how important a HIPAA compliance program is and having the right policies in place to fulfill all aspects of HIPAA compliance – including meeting patient’s access requests.    

Business Associate Exposes 6 Million Records
Business Associates, Fines, HIPAA

OCR Drops Another HIPAA Fine, Business Associate Exposes 6 Million Records

September 23, 2020 Comments Off on OCR Drops Another HIPAA Fine, Business Associate Exposes 6 Million Records

September 23, 2020 The Office for Civil Rights has been dropping fines left and right in the last week, releasing their 7th (and largest) HIPAA settlement earlier today and bringing their running total to seven fines in just 8 days. The latest violation came with a hefty payout of $2.3 million as well as an extensive 2-year corrective action plan – and not to mention a whole lot of apology letters to write.  The lucky winner of the latest HIPAA settlement is CHSPSC LLC, a business associate who serves a number of hospitals and clinics owned by Community Health Systems, Inc out of Tennessee. You may be thinking, “well no biggie, I’m a covered entity not a business associate so that wouldn’t be me,” but the 6 million+ patients affected and the reasons the OCR gave for levying a fine would beg to differ. Just like any covered entity might be, this business associate was the victim of a cyberattack that even after alarms were raised went unmitigated for months. As if that wasn’t enough, the OCR investigation discovered long standing non-compliance with the HIPAA Security Rule ultimately landing the business associate at the top of the most expensive 2020 fines list. On April 10, 2014, CHSPSC’s information system was infiltrated by a threat group that went unnoticed until the company was notified by the FBI 8 days later. The hackers continued to have a field-day, accessing the sensitive data for 4 months after the initial attack. CHSPSC’s continued disregard for implementing the necessary security protections required by HIPAA even AFTER receiving federal notice was described by OCR Director, Roger Severino, as “inexcusable”. The cyberattack affected 237 different covered entities served by CHSPSC and withdrew the PHI of 6,121,158 individuals including everything from names and birthdays to emergency contact information and social security numbers.  As if over 6 million patients records being taken wasn’t bad enough, an OCR investigation into the business associate found several gaps in their compliance program including:  It doesn’t matter whether you’re a healthcare provider, business associate, or just the average joe – falling victim to a cyberattack is fair game. Because business associates require the same HIPAA safeguard requirements as covered entities, no matter who gets hacked the OCR is looking for the same requirements and can hand out the same fines for either type of health related entity.  For providers especially, entrusting your patients sensitive data to your business associates comes with added risks. In this case, 237 covered entities had to find that out the hard way. While there’s no way to be 100% in the clear from things like cyber attacks, having the proper business associate agreements in place at least takes the liability of an incident off your practice’s hands. If you had been one of those 237 entities affected here, lack of an agreement could have put your practice on the same chopping block as CHSPSC. 

$1.5 million HIPAA Fine
Cybersecurity, Fines, HIPAA

OCR Announces $1.5 Million Dollar Settlement for Systemic Non-compliance after a Hacking Incident Sparked Investigation

September 21, 2020 Comments Off on OCR Announces $1.5 Million Dollar Settlement for Systemic Non-compliance after a Hacking Incident Sparked Investigation

September 21, 2020 The OCR is certainly seeing $$$ this September. On top of the record five fines announced last week, the Office for Civil Rights (OCR) has just announced the latest settlement of a whopping $1,500,000 fine and 2-year corrective action plan for an orthopedic clinic out of Georgia. Athens Orthopedic Clinic found themselves in the HIPAA violation hot seat after a hacking incident sparked an OCR investigation beginning in 2016. The OCR found Athens Orthopedic had longstanding noncompliance with HIPAA rules, especially required technical safeguards, that led to the breach incident.   On June 26, 2016, the orthopedic clinic was notified that their database of patient records had been posted online for sale. Two days later, a hacker contacted the clinic demanding money in return for the stolen database. After investigation, Athens Orthopedic determined that the hacker was able to gain access through a vendor’s credentials on June 14, 2016, and the hacker continued to access protected health information (PHI) for a month after the initial breach. On July 29, 2016, Athens Orthopedic filed a breach report with the OCR noting all of the sensitive PHI that had been hacked: names, dates of birth, social security numbers, and other personal medical information of the 208,557 patients affected. The breach initiated a full-scale investigation into the clinic’s HIPAA program, where the OCR discovered a laundry list of key compliance elements that the practice was missing: Cyber threats are an ongoing and rising threat to the healthcare industry. When practices lack the proper safeguards to secure their patients’ PHI, they put themselves at the top of hackers ‘easy target’ list (would your practice be posted if such a list existed?). Along with the fine, OCR Director Roger Severino emphasized that “Hacking is the number one source of large healthcare data breaches. Healthcare providers that fail to follow the HIPAA Security Rule make their patients’ health data a tempting target for hackers.” So how do you ‘hack proof’ your business? Well, you probably can’t completely prevent a hack given how quickly hackers adapt to new security measures, but your practice CAN go a long way to avoid being targeted (and getting slapped with a HIPAA fine) by ensuring your HIPAA compliance program – especially your technical safeguards – is up to scratch.

Requesting Access to Medical Records and HIPAA
Best Practices, HIPAA

Your Patient Requested Access to their Medical Records, Now What?

September 18, 2020 Comments Off on Your Patient Requested Access to their Medical Records, Now What?

September 18, 2020 When it comes to medical records requests, you just hand over patient files – right? Wrong! The HIPAA Privacy Rule unequivocally provides individuals with the right to see and receive copies of their medical records upon request – but has some requirements when it comes to the who, what, and how of handing those records off. Appropriate patient access can be a fine line, and if you stray too far to either side you may end up in the next historic Office for Civil Rights (OCR) announcement of multiple access-related fines. Here’s the 411 on patient record access: Access is just for the patient, right? We hope it’s obvious that patients should be able to access their own records (who doesn’t want a hard copy of their dry eye disease diagnosis), but it’s not just patients that have the right to request records. In fact, the OCR levied two fines just this week for not providing access to an authorized personal representative of a patient. A ‘personal representative’ is someone with the authority under state law to make health care decisions for another individual. This may be the case if: How must access be requested? Making things easy (cough cough), HIPAA law does not specify any required method of requesting access. Patients may ask verbally, in writing, or by secure email or patient portal – really, whatever method suits the patient. Your practice CAN specify the way you want patients to request access, they just have to be informed first about this requirement (possibly as part of your onboarding forms). We do recommend making access requests written, just to document the date of the request. Do I need to verify the requester is authorized? Once you have a patient or their personal representative requesting access, you can just hand over the records, right? Not so fast. The HIPAA Privacy Rule requires practices to take reasonable steps to verify the individual making a request for access is who they say they are. While there’s no specific form of verification required, such as a copy of their driver’s license, it’s extremely important for your practice to use professional judgment when determining that a request is ‘legit’. Verification must also be done without adding unnecessary delays in fulfilling the request. What form must records be provided in? We’re long past the days of keeping everything on paper, and most practice’s manage their health records electronically. However, the Privacy Rule requires a practice to provide access to protected health information (PHI) in the format that it was requested in – either a paper or electronic copy. If the records are not readily producible in the requested format, you’ll need to agree on an alternative format instead. How quickly do records need to be provided? The phrase “ASAP” is nice and all until it comes to meeting specific HIPAA deadlines. When a request is made, the practice must provide access as soon as possible and at minimum within 30 calendar days (the federal law) or less depending on your specific state laws. If unable to provide access within 30 days, the practice can inform the individual of the reasons for the delay and can have no more than one 30 day extension period.  Timeliness is key when it comes to patient access. One practice in particular didn’t provide patient records until 9 months after the initial request was made. The patient filed a complaint to the OCR that resulted in an $85,000 fine along with a corrective action plan. If you thought 9 months was bad, just this week the OCR announced another fine for failing to provide medical records for almost 3 years.    Can I charge patients for copies of their records? Depending on the format requested or the time needed to collect records, there might be some costs involved. Thankfully HIPAA accounts for this, and lets your practice impose a reasonable, cost-based fee for requests. This fee can include:  There’s a lot more that goes into requesting records than simply handing them over. If you’re confused about all this – and we get it, we were too – having a HIPAA expert on deck to help sort out specific scenarios quickly can help your practice stay on top of requirements without unintentionally violating HIPAA. Don’t have an expert to help? Work with an outside HIPAA compliance provider (just picture us saying “pick me!”) who can help you manage the intricacies of access laws before winding up on the next OCR HIPAA settlement announcement.

5 HIPAA Settlements at Once
Fines, HIPAA

OCR Announces Historic 5 HIPAA Settlements at Once

September 15, 2020 Comments Off on OCR Announces Historic 5 HIPAA Settlements at Once

September 15, 2020 Earlier today the Office for Civil Rights (OCR) announced five HIPAA settlements (yes, you heard that right, five) breaking the record for total HIPAA settlements in one day.  Since 2019 the OCR has honed in on their HIPAA Right of Access Initiative, prioritizing patient’s ability to access their medical records in a timely manner. These five settlements bring the total to seven access related enforcement actions – so if you need any hints on what to make sure your practice is looking out for, this is it.    1. Housing Works Inc. This $38,000 fine resulted from a complaint received by the OCR last July alleging that Housing Works Inc., a New York City based non-profit organization, failed to provide the complainant with a copy of their medical records. The OCR received a second complaint a month later stating that the practice still hadn’t provided the patient with record access (strike number two) which ultimately led to a hefty fine along with a corrective action plan.   2. All Inclusive Medical Service, Inc. This Carmichael, CA based medical practice agreed to a $15,000 fine and corrective action plan after the OCR received a complaint in April 2018 that the practice had denied patient access to inspect and receive a copy of her records in January 2018. Only after the OCR’s investigation was the patient given access to her records – 32 months (almost three years) after she had initially requested.   3. Beth Israel Lahey Health Behavioral Services (BILHBS) This whopping $70,000 HIPAA settlement came from a complaint alleging that the behavioral health corporation failed to respond to a request from a personal representative seeking access to her father’s medical records in February 2019. The OCR investigation found that BILHBS failed to complete the request which meant a costly violation of HIPAA Right of Access.  4. Wise Psychiatry, PC This Psychiatry Practice based in Colorado agreed to a $10,000 settlement along with a corrective action plan after the OCR received a patient right of access complaint related to not providing a personal representative with access to their minor son’s medical records in February of 2018. The OCR provided the practice with technical assistance and closed the complaint just a few months later, but Wise Psychiatry found themselves back on the OCR’s radar in October 2018 when a second complaint from the same individual was filed noting records still had not been received. It wasn’t until May 2019 that the patient records were finally provided.  5. King MD Last but not least (actually, we take that back, this is the smallest HIPAA fine to date), Patricia King MD & Associates – a psychiatric care provider in Chesapeake, Virginia – agreed to pay a $3,500 fine along with adopting a corrective action plan to settle a potential HIPAA right of access violation. In October of 2018, the OCR received a complaint that the practice had failed to respond to an individual’s request to record access in August 2018. After the OCR provided them with technical assistance the complaint was closed. However, in February 2019, the OCR received a second complaint stating that King MD had still failed to provide the same patient with proper access and as a result, the practice was hit with a violation.   The main takeaways? Well if it isn’t already obvious, providing patients with timely access to their medical records is extremely important and is something that is commonly missed by practices. While Patient Right of Access is an enforcement priority for the OCR, that doesn’t mean it’s the only thing you have to watch out for. OCR Director Roger Severino emphasized in the announcement that, “Today’s announcement is about empowering patients and holding health care providers accountable for failing to take their HIPAA obligations seriously enough.”  If you needed any more reason to get HIPAA compliance to the top of your priority list – 5 violation settlements announced all in one day should do the trick.      

Are you prepared for OSHA's Workplace Violence Prevention requirements? Learn what you need to do to be compliant.

DOWNLOAD CHECKLIST
X