ePHI

On January 8, HHS announced a settlement of $337,750 with USR Holdings for a violation of the HIPAA regulations. This is significant due to the nature of the HIPAA Violation. Among the violations by USR Holdings was Deletion of electronic Protected Health Information.

PIH Health in California was hit with a ransomware attack which severely impacted its computer and telephone systems. The attack forced the hospital to activate their Downtime Contingency Plan. A downtime contingency plan are the procedures that are followed to maintain the ability to provide patient care in the event of a computer outage. This typically involved going back to recording patient information on paper for later entry into the computer systems when they are back online.

in order to be HIPAA Compliant, you must maintain a "Culture of Compliance" at your office. This can include keeping your software up-to-date, regular required training and addressing risks that pose to your office. This month we address Phishing Emails, Battery Backups and Proper Disposal of Copiers/Printers/Fax Machines

New Haven, Connecticut failed to terminate an employee’s access to their Health Records System after the employee left. The former employee may have accessed a file containing the Protected Health Information of only 498 Patients.