Security Rule

Henry Schein Data Breach
Cybersecurity, Fines, HIPAA

Dissecting the Henry Schein Data Breach: A Stark Reminder for Dentists to Prioritize HIPAA

December 7, 2023 Comments Off on Dissecting the Henry Schein Data Breach: A Stark Reminder for Dentists to Prioritize HIPAA

December 11, 2023 In October 2023, Henry Schein, a major dental supply distributor, suffered a significant data breach. The ransomware attack compromised sensitive information belonging to both patients and dental practices, including names, addresses, Social Security numbers, and financial information. This incident serves as a stark reminder for dentists of the importance of taking data security and compliance seriously. Key Takeaways from the Henry Schein Data Breach: Mitchell Rubinstein DMD, a practicing dentist and noted cybersecurity educator in New York City is hoping this is the wakeup call that dental professionals need to start taking cybersecurity and HIPAA seriously. “An important thing to learn from the Henry Schein breach is that everyone is vulnerable. They’re a multibillion dollar healthcare corporation with far greater resources than any dental practice. If they can fall victim to a cyberattack, then so can any of us.” He went on to add, “Having a plan in place to respond to a cyberattack is just as important as having a plan to prevent one.” What dentists can do to protect their practices: “The companies we do business with accumulate a great deal of information about us,” Dr. Rubinstein stated. “If that information is compromised in a cyberattack, it can result in several layers of harm, not only to us, but to our patients as well.” Abyde: Your Partner in Cybersecurity and Compliance Abyde understands the importance of data security and compliance for dental practices. We offer a comprehensive solution designed to help protect you from data breaches and audits while also helping you ensure HIPAA compliance. Our solution includes: By taking data security and compliance seriously, dentists can help prevent data breaches, protect their patients, and avoid legal ramifications. Let’s work together to create a safer environment for everyone involved in dental care.  Contact Abyde today to learn more about our HIPAA-compliant solutions and how we can help you protect your practice. Call Abyde! 800.594.0883 or Email Us info@abyde.com Additional Resources:The Department of Health and Human Services (HHS) website on HIPAA: https://ocrportal.hhs.gov/

LA Care HIPAA Violation
Fines, HIPAA

Lessons from the HHS OCR Settlement with LA Care Over HIPAA Security Rule Violations

September 11, 2023 Comments Off on Lessons from the HHS OCR Settlement with LA Care Over HIPAA Security Rule Violations

September 11, 2023 In a recent episode of “Healthcare’s Most Expensive Mistakes,” LA Care, the nation’s largest publicly operated health plan, made a special guest appearance. They settled a case with the U.S. Department of Health and Human Services’ Office for Civil Rights (HHS / OCR) over potential violations of the HIPAA Security Rule. The cost? A cool $1.3 million and a multi-year “compliance babysitting” plan. Key Violations They say it is all in the details. Well, the violations that led to this hefty settlement were the ones that are overlooked so often. They included: The Importance of Proactive Measures OCR Director Melanie Fontes Rainer emphasized that it’s better to be proactive than reactive—unless you enjoy cutting million-dollar checks to the government. The OCR will be keeping a watchful eye on LA Care for three years, so let’s hope they don’t pull a “Groundhog Day” and repeat their mistakes. Corrective Actions To avoid their past mishaps, LA Care will be following a corrective action plan. Steps include: The LA Care case is a cautionary tale that even healthcare giants can stumble if they don’t take HIPAA seriously. But hey, mistakes are human; it’s how you fix them that defines you. If you’re reading this and are suddenly concerned about your organization’s compliance, you’re not alone—well, unless you’re from LA Care, in which case, hang in there! How Abyde Can Help Now, for healthcare organizations that want to avoid starring in the next episode of “Healthcare’s Most Expensive Mistakes,” meet Abyde. We’re the fairy godparent you wish you had during a compliance crisis. Our HIPAA and OSHA Compliance SAAS platform helps you sail through risk analyses, craft impeccable risk management plans, and even preps you for those scary OCR audits—making compliance as easy as pie. So, if you’re tired of the compliance nightmares and ready to sleep easy, Abyde is your dream come true. Don’t be the next LA Care; be the carefree healthcare provider everyone envies. Embrace peace of mind and secure your organization’s future with Abyde today. Because in the world of healthcare, it’s better to be safe, compliant, and a little bit cheeky than sorry.

HIPAA Security Risk Analysis
Best Practices, HIPAA

SR-Hey, Have You Conducted a Security Risk Analysis?

July 28, 2023 Comments Off on SR-Hey, Have You Conducted a Security Risk Analysis?

July 28, 2023 In the ever-evolving landscape of healthcare, the safeguarding of sensitive patient information is of paramount importance. To protect patient privacy and maintain health data integrity, the Health Insurance Portability and Accountability Act (HIPAA) sets stringent standards for compliance. One of the vital components in achieving HIPAA compliance is conducting Security Risk Analyses (SRAs). Understanding HIPAA and its Compliance Requirements HIPAA, enacted in 1996, is a landmark piece of legislation designed to protect the privacy and security of patients’ health information. The regulation establishes a set of rules that healthcare providers, health plans, and other covered entities must follow to ensure the confidentiality and integrity of patients’ protected health information (PHI). Failure to comply with HIPAA can lead to severe consequences, including hefty fines and reputational damage. But we all knew that, right? What is a Security Risk Analysis (SRA)? Now this is what we need to know! A Security Risk Analysis systematically evaluates an organization’s information technology infrastructure, policies, and procedures to identify potential vulnerabilities and risks to the confidentiality, integrity, and availability of PHI. An SRA aims to assess the organization’s current security measures, identify weaknesses, and implement necessary safeguards to mitigate risks effectively. Why is an SRA Important for HIPAA Compliance? Identifying Vulnerabilities: An SRA helps healthcare organizations identify potential vulnerabilities in their systems and processes that could lead to unauthorized access or disclosure of PHI. By understanding these weaknesses, organizations can take proactive measures to address them before any security breach occurs. Preventing Data Breaches: Data breaches in healthcare can expose sensitive patient information, leading to significant legal and financial consequences. Conducting an SRA helps preemptively prevent data breaches by bolstering security measures and ensuring compliance with HIPAA’s Security Rule. Mitigating Risks: Risks in healthcare are constantly evolving due to new cybersecurity threats and technological advancements. Regular SRAs allow organizations to stay ahead of potential risks and adopt measures to mitigate them effectively. Tailoring Security Measures: Each healthcare organization has unique systems and processes. An SRA helps identify specific security needs and allows the organization to tailor security measures to address its individual risks effectively. Demonstrating Compliance: HIPAA compliance requires organizations to conduct regular SRAs. By documenting assessments, organizations can demonstrate their commitment to safeguarding patient data, which is essential during audits and investigations. Improving Security Posture: SRAs are not just a checkbox exercise; they provide valuable insights into the organization’s overall security posture. Based on the analysis results, organizations can continually implement improvements to enhance their security measures. Legal and Reputational Protection: A data breach can tarnish an organization’s reputation and erode patient trust. By conducting SRAs and implementing robust security measures, healthcare entities can enhance their legal and reputational protection. At Abyde, we take a distinctive approach to SRAs by offering a personalized and tailored experience for you and your practice. Think of our SRA module as your dedicated companion, guiding you through the process of identifying vulnerabilities specific to your practice. Recognizing that each practice is unique, our intuitive software will present only the questions relevant to your business as you respond. This streamlined approach is one of the many ways we ensure simplicity and effectiveness in achieving your compliance goals. The protection of patient data is not only a legal obligation but also an ethical responsibility for healthcare organizations. HIPAA compliance is critical in ensuring that patient information remains secure and confidential. Regular SRAs are an indispensable aspect of HIPAA compliance, allowing organizations to identify vulnerabilities, prevent data breaches, and mitigate risks effectively. By investing in security measures and staying proactive in their approach, healthcare organizations can reinforce patient trust and safeguard the integrity of their services in today’s increasingly digital healthcare landscape.

iHealth Solutions HIPAA Fine
Fines, HIPAA

Firewall Fireworks: iHealth Solutions Wrapped in $75,000 Worth of Red, White, and Blue Compliance Flags

June 28, 2023 Comments Off on Firewall Fireworks: iHealth Solutions Wrapped in $75,000 Worth of Red, White, and Blue Compliance Flags

June 28, 2023 The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has decided to celebrate the 4th of July a bit differently this year. No, they’re not hosting a BBQ or a picnic. Instead, they’ve resolved a blazing inquiry with iHealth Solutions, a Kentucky-based firm providing a whole array of IT services to healthcare providers, including coding, billing, and onsite IT support. Like leaving the fireworks out in the rain before the big show, iHealth Solutions committed a significant faux pas by allowing the protected health information of 267 people to be as unguarded as a picnic basket at a bear convention.  “HIPAA business associates must protect the privacy and security of the health information they are entrusted with by HIPAA-covered entities,” said OCR Director Melanie Fontes Rainer. “Effective cybersecurity includes ensuring that electronic protected health information is secure, and not accessible to just anyone with an internet connection.” In 2017, the sparklers were lit when a report emerged stating that iHealth Solutions had experienced an unauthorized transfer of protected health information from its unsecured server. This information wasn’t just your average email addresses and phone numbers – the information included confidential information, including patient names, birth dates, Social Security numbers, diagnoses, treatment information, and medical histories. The investigation detected a potential failure on iHealth Solution’s part to adequately assess risks and vulnerabilities to electronically protected health information across the organization. So, what’s the big *BANG* at the end of this fuse? A pretty hefty $75,000 civil monetary penalty, paid to OCR by iHealth Solutions. The company also agreed to a corrective action plan which includes several measures to ensure the protection of electronic protected health information. These steps include conducting a thorough analysis to identify risks and vulnerabilities, implementing a risk management plan, evaluating changes that affect the security of information, and revising HIPAA policies and procedures as required. As a finale, iHealth will be under the watchful eye of OCR for two years, ensuring its compliance with the HIPAA Security Rule. Abyde helps organizations avoid catastrophes precisely like this one. Abyde is like the super-organized neighbor who prepares for the 4th of July celebrations months in advance, ensuring everyone’s safety and enjoyment. They’re not in the business of barbecues and fireworks but rather in making HIPAA compliance as smooth and worry-free as a classic American apple pie. So, as we celebrate our independence this July 4, let’s remember that freedom should never come at the expense of our security, especially when it involves our personal health information. Here’s hoping your barbecues are hot, your fireworks are safe, and your servers are secure!

Consequences of HIPAA Violations
Fines, HIPAA

HIPAA Violations Unveiled: Examining Critical Breaches of Patient Privacy

May 30, 2023 Comments Off on HIPAA Violations Unveiled: Examining Critical Breaches of Patient Privacy

May 30, 2023 We always talk about how important it is to set protocols to avoid HIPAA violations, but what exactly are you avoiding? The sobering examples of HIPAA violations are essential to be aware of so that you understand the gravity of safeguarding patient privacy and maintaining the trust placed in healthcare providers. Incidents serve as stark reminders of the profound consequences that can arise when personal health information falls into the wrong hands. These violation examples underscore the utmost importance of HIPAA compliance and the ethical imperative to protect patients’ privacy. Digital Data Disaster A healthcare organization falls victim to a malicious cyberattack, compromising its entire database of patient records. Personal information, medical histories, and even Social Security numbers are exposed, leaving thousands of individuals vulnerable to identity theft and potential harm. This incident serves as a critical reminder that cybersecurity measures must be robustly implemented to protect patient data from the ever-evolving threats lurking in the digital realm. Gossip Gone Wrong A trusted healthcare provider carelessly discusses a patient’s confidential medical condition with their friends during a casual gathering. This “meaningless” gossip spreads to an acquaintance of the patient, eventually getting back to said patient. The careless discussion that violated the patient’s right to privacy ends up in the papers. The patient is beyond embarrassed and the healthcare provider is in for a whirlwind of hurt including reputational carnage. This ever-so-cautionary tale accentuates the importance of professionalism and the duty to keep patient information strictly confidential. Insider Trading In a breach that shakes the foundation of trust, a trusted employee intentionally accesses patient records without a valid reason. Driven by curiosity or malintent, they betray the ethical responsibilities bestowed upon them. This particular violation underscores the significance of stringent access controls, regular auditing, and thorough background checks to maintain the integrity of patient information. Misdirected Medical Records A healthcare provider accidentally sends a patient’s medical records to the wrong individual. This innocent mistake exposes sensitive information to an unintended recipient, potentially compromising the patient’s privacy and causing emotional distress. This incident serves as a reminder of the importance of proper verification processes, double-checking recipient details, and implementing secure methods for transmitting confidential information. Disappearing Device A healthcare professional’s misplaced or stolen mobile device, containing unencrypted patient data, becomes a ticking time bomb. The consequences of the lost, unprotected device could be severe – ranging from identity theft to blackmail or even unauthorized disclosure of personal health information if caught in the wrong hands. This emphasizes the need for strong device security measures, including encryption, remote wiping capabilities, and constant vigilance when handling portable devices. In conclusion, HIPAA violations demand our utmost attention and respect for patient privacy. The examples here demonstrate the real-world implications of breaches in healthcare data security. As individuals and organizations, we must prioritize robust safeguards, ongoing training, and strict adherence to HIPAA guidelines to ensure the protection of sensitive patient information. Let Abyde unite our efforts to safeguard healthcare information and “Abyde” by HIPAA laws.  

MedEvolve Pays $350k HIPAA Settlement
Fines, HIPAA

MedEvolve Pays $350k Settlement Following HIPAA Violations

May 16, 2023 Comments Off on MedEvolve Pays $350k Settlement Following HIPAA Violations

May 16, 2023 The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services disclosed a settlement concerning potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Rules. The settlement was with MedEvolve, Inc., a business associate offering practice management, revenue cycle management, and practice analytics software services to health care entities. This settlement brings an end to the OCR’s probe into a data breach incident where a server containing the protected health information of 230,572 individuals was left vulnerable and accessible on the internet. The potential HIPAA violations included the absence of an analysis to identify risks and vulnerabilities to electronic protected health information throughout the organization, and the failure to establish a business associate agreement with a subcontractor.  These agreements typically outline the permissible uses and disclosures of protected health information, implementation of appropriate safeguards, and the procedure for notifying the covered entity of any breaches. As a part of the settlement, MedEvolve paid a $350,000 monetary settlement to the OCR and consented to implement a corrective action plan to address these potential violations and enhance the security of electronic patient health information. OCR Director, Melanie Fontes Rainer, emphasized the importance of securing electronic protected health information, stating, “Ensuring that security measures are in place to protect electronic protected health information where it is stored is an integral part of cybersecurity and the protection of patient privacy.” The investigation into MedEvolve began in July 2018 after a breach notification report highlighted that an FTP server containing electronic protected health information was openly accessible on the internet. The exposed information included patient names, billing addresses, telephone numbers, primary health insurer and doctor’s office account numbers, and in some instances, Social Security numbers.  The OCR investigates every report of breaches affecting 500 or more people. In 2022, the most common type of large breach reported to the OCR was hacking/IT incidents, accounting for 79% of cases. It’s therefore essential for HIPAA-covered entities and their business associates to ramp up their efforts to identify and tackle cybersecurity threats. Under the settlement agreement, MedEvolve will be under OCR’s scrutiny for two years to ensure compliance with the HIPAA Security Rule. They have agreed to take measures such as conducting a comprehensive risk analysis, developing a risk management plan, revising policies and procedures as necessary, enhancing their HIPAA and Security Training Program, and reporting non-compliance within their workforce to the HHS within sixty days. In today’s world where data breaches are increasingly common, Abyde takes a proactive stance in ensuring that healthcare providers maintain the highest standards of compliance. Our comprehensive software solution is designed to alleviate the burden of HIPAA compliance for healthcare professionals, and mitigate the risk of a costly incident like MedEvolve’s.

OCR Settles Case Concerning Improper Disposal of Protected Health Information
Fines, HIPAA

OCR Settles Case Concerning Improper Disposal of Protected Health Information

August 24, 2022 Comments Off on OCR Settles Case Concerning Improper Disposal of Protected Health Information

August 24, 2022 When it’s time to clean out and organize that ole garage, you probably want to take time to make sure all your sensitive and sentimental items – files, photographs, etc. – are in the right spot before taking them to the dump. It should be no different when it comes to disposing of old devices or hard drives at the office that contain sensitive ePHI, yet practices continue to fail. In recent news, the OCR announced a settlement for a dermatology practice located in Massachusetts that failed to properly dispose of protected health information. As a result, the dermatology practice agreed to pay the hefty fine of $300,640 to the OCR and implement a Corrective Action Plan to resolve the investigation. It may be obvious that paper records require proper disposal – in most cases, shredding or recycling – so that the information cannot be read by the wrong parties. Despite this being common practice,  the Massachusetts dermatology practice had PHI that was exposed. Improper disposal is even more common when it comes to disposing of electronic protected health information (ePHI) properly. It is critical that your practice understands how and where to dispose of PHI. But what exactly constitutes proper digital data disposal? Disposing of your PHI is not as simple as clicking the delete or trash button. If you do not completely delete these files from your devices, they can be recovered using high-tech software. The following are some thorough methods for properly disposing of PHI: There are lots of devices that could have been used to store PHI even though you would never realize they do. These devices include: Before you burn those electronic devices in a campfire, remember that HIPAA requires practices to keep PHI for at least 6 years, and maybe longer depending on your state. Devices containing data that is older than six years should be backed up before being wiped clean, and data should be encrypted while being kept. At the end of the day, whether it is boxes of important documents in your garage at home or PHI at your very own practice, it is critical to dispose of it properly and safely.

Oklahoma State University HIPAA Fine
Fines, HIPAA

Oklahoma State University – Center for Health Services Forks Over $875,000 to Settle Hacking Breach

July 15, 2022 Comments Off on Oklahoma State University – Center for Health Services Forks Over $875,000 to Settle Hacking Breach

July 15, 2022 What did the duck say when she went to buy lipstick? Put it on my bill! Speaking of bills (the money kind, not a beak), Oklahoma State University had to pay a huge bill of $875,000! It acts as a settlement for a huge hacking breach of the OSU CHS web servers. Oklahoma State University has agreed to pay the price and complete a corrective action plan over the next two years to resolve all of the violations of the Breach Notification Rules, Security, and HIPAA Privacy. OCR received a breach report in 2018 due to the hacking of the OSU’s web servers. They discovered that the hacker of this breach had access to 279,865 individuals’ electronic protected health information (ePHI). OSU found that the hackers had access to patients ePHI earlier than they originally thought, on March 9th, 2016. OCR Director, Lisa J. Pino, states, “HIPAA-covered entities are vulnerable to cyber-attackers if they fail to understand where ePHI is stored in their information systems.”  As technology in the healthcare business evolves, it is critical to understand how to appropriately secure personal health information (PHI) when being stored or sent. With cybersecurity dangers on the rise and electronic communication becoming more widespread, it’s imperative to secure your patients’ data. Encryption services are an excellent method to safeguard your practice and avoid those sticky HIPAA violations. Good news for you, you don’t have to be a sitting duck! (Cough, Abyde.)  The OCR reported that OSU failed to follow the HIPAA rules by: Unfortunately for the Cowboys, their failure to maintain proper security, risk analysis measures, and documentation of compliance cost them a large fine and put all of the OSU patients ePHI at risk. This breach, and corresponding financial settlement, highlight that even for huge organizations like OSU, the right risk analysis practices and HIPAA-compliant policies are a must in order to prevent impermissible safeguarding or access to ePHI.  Even as an independent practice, you may not feel like you have anything in common with a big fish like OSU. No matter if you’re a duck, fish, or cowboy, it doesn’t matter – everyone is monitored and at risk. As the penalties for these violations become more severe, it is more crucial than ever to ensure that your practice has a solid HIPAA program in place.

NIST Updated HIPAA Guidance
Cybersecurity, HIPAA

The National Institute of Standards and Technology (NIST) Updates Guidance on HIPAA Compliance Rules

January 29, 2022 Comments Off on The National Institute of Standards and Technology (NIST) Updates Guidance on HIPAA Compliance Rules

July 29, 2022 You know that exciting feeling when apps have an update that adds awesome new features?! It’s like Christmas morning over here for us at Abyde. The National Institute of Standards and Technology (NIST) just updated its guidelines and added an awesome new feature! After six years, NIST made a significant update by providing guidance to HIPAA-covered entities to follow the HIPAA Security Rule in order to better safeguard patients’ personal and protected health information. Read below to find out what changes were made to the guidelines.  The revised guidance connected HIPAA Security Rule items to NIST Cybersecurity Framework subcategories. The advice remains mostly unchanged, with a few minor structural changes and a renewed emphasis on risk assessments and risk management. NIST Cybersecurity Specialist, Jeff Marron states, “We provide a resource that can assist you with implementing the Security Rule in your own organization, which may have particular needs. Our goal is to offer guidance and resources you can use in one readable publication.” NIST recommended the following guidelines for practices: NIST Cybersecurity Specialist, Jeff Marron also stated, “The identification of vulnerabilities or conditions that a threat could use to cause impact is an important component of risk assessment. While it is necessary to review threats and vulnerabilities as unique elements, they are often considered at the same time,”. It is important to note that HIPAA and cybersecurity operate best as a team, and a practice with both will operate smoothly. We all understand the need of HIPAA compliance, but practices must also understand the importance of cybersecurity. The more funding and resources allocated to IT security employees, the better off the firm will be when cyber dangers eventually arise. Satisfying HIPAA and cybersecurity regulations is critical to safeguarding your practice and patients from a data breach or HIPAA violation. While these are undoubtedly items that should be emphasized regardless of the government’s spending intentions, the suggestions by the government and NIST add a sense of urgency to ensuring that these vital protections are in place. With the increasing frequency of cyberattacks going on nowadays, ensuring HIPAA compliance is more important than ever.  We were chatting with our Partner, Darkhorse Tech, and they talked about how HIPAA compliance services provide a framework for security (essential for any dental business), but they do not provide a proactive response to cyber threats. Instead, they provide preventative methods to safeguard your data and keep you in compliance. So in order to have everything covered your practice needs to adopt an additional layer of security, you should no longer rely exclusively on low-quality anti-virus software to defend you. By enlisting the help of specialists who are actively working to prevent an attack before it occurs, reacting to any threats in real-time, and staying up to speed on the current and impending dangers, you can shift your security measures from preventative and reactive to proactive. Darkhorse Tech CMO, Brian Ash, states, “The latest updates to HIPAA make compliance, reporting, and cyber security even more vital for our clients.  While we have been recommending the addition of Abyde for HIPAA compliance for some time, the new guidelines make now the time to commit.  Along with Abyde’s software we are making the addition of a Security Operations Center (SOC) our top priority.  We vetted many options but are recommending Blackpoint Cyber as our SOC of choice.” As we can see, the NIST provided a great update to their Quizlet so that your practice can maintain a good grade in compliance school. So, I think it is time to take a step back and review that NIST guidance so that your practice can always pass the exam! So ensuring that you’re adequately securing this data begins with a thorough knowledge of what needs to be secured and that’s why we have the ideal study partner for you (Abyde) to assist you with all of your compliance needs!

$600K Settlement for HIPAA Breach
Fines, HIPAA

NY Attorney General Announces $600K Settlement for HIPAA Breach Impacting 2.1M People

January 28, 2022 Comments Off on NY Attorney General Announces $600K Settlement for HIPAA Breach Impacting 2.1M People

January 28, 2022 We aren’t even a full month into 2022 and it’s already looking like increasing HIPAA enforcement might be a New Year’s Resolution for the state of New York. Starting the year off strong, New York Attorney General Letitia James just announced a $600k settlement with vision benefits provider EyeMed as a result of a healthcare data breach that compromised the Protected Health Information (PHI) of over 2 million individuals. It all started back in June of 2020 when cybercriminals got ahold of an EyeMed email account after the provider failed to implement any multi-factor authentication and sufficient password management processes. In just a week of the hackers having access to the EyeMed email account, they were able to obtain emails and attachments from up to six years prior. The following month, the same attacker used the email account to send out 2,000 phishing emails, looking to acquire the login credentials of other EyeMed users. This lack of proper safeguards and security protocols enabled millions of individuals’ names, social security numbers,  addresses, medical diagnoses’ and other sensitive data to be compromised. This latest settlement adds on to the continued rise in cyber attacks and government enforcement seen over past years, further proving just how important having a strong cybersecurity and HIPAA program are for healthcare providers. So if your New Year’s Resolution is to avoid a cyberattack yourself, we recommend ensuring that you have the following in place: While data breaches and cyberattacks aren’t always totally avoidable, checking off the list items above is a great way to reduce your chances. But in the case that you’ve already experienced a data breach in 2021, it’s important to note that the annual minor breach reporting deadline (classified by HIPAA as incidents impacting fewer than 500 individuals) is rapidly approaching on March 1, 2022. And as for any major incidents affecting 500+ individuals – the reporting requirement is within 60 days of discovery (or less depending on your state). So some final words of advice? Have the necessary compliance and security programs in place to protect your practice from falling victim to an attack like EyeMed. And in the chance that you do experience a breach, follow the breach reporting requirements to reduce the fines and penalties that could come as a result.  

Concerned about HIPAA & OSHA compliance requirements in 2025? Join our live webinar for expert answers to the most common questions to ensure your practice is protected.

REGISTER TODAY
X