Just uploaded to ClinicNerds a new article in the series: HIPAA Breach Case Studies. This article is about a small clinic (two locations) that was accidentally posting their appointments on an internet calendar that was visible to the whole internet. In addition to paying their own legal fees, the practice had to pay a HIPAA fine of $100,000 and agree to a one year HIPAA probation. Here is a link to the case study.
This is the post excerpt.
Over on the ClinicNerds blog, I just uploaded the third post in the series “Crushing Kim with HIPAA.” This post is about the confusing names Security Rule and Privacy Rule. My suggestion is to avoid using the similar sounding privacy / security and replace them with Patient Rights and Protected Health Information (PHI).
HIPAA is widely misunderstood, not because of any one thing, but rather the accumulation of many confusing concepts, phrases and terms. This series explores those confusing things through the eyes of Kim, a hypothetical office manager in a small clinic named Memphis Family Clinic. Big hospitals have departments of lawyers and information technology specialists (I/T, CIO) to handle HIPAA challenges. Kim and Memphis Family Clinic do not have those resources. This series tries to show how challenging HIPAA is for small clinics.