A recent settlement agreement by the Department of Health and Human Services (HHS) Office of Civil Rights (OCR) provides reasons why covered entities (and their business associates) must adhere to the new policies and procedures for the Health Insurance Portability and Accountability Act (HIPAA) including those recently passed by the Health Information Technology for Clinical Health Act (HITECH).
A private dermatology practice has agreed to pay $150,000 and implement a corrective action plan to settle potential violations of HIPAA and HITECH.
According to the settlement, the private practice did not conduct a proper analysis of the potential risks and vulnerabilities of electronic personal health information or ePHI as part of its security requirements and did not fully comply with requirements of the breach notification rules found under HITECH (including training). This settlement is unique because it is the first involving the recently passed HITECH provisions.
You may view the settlement here:
If you have questions regarding HIPAA or HITECH, please contact Kinney & Larson.