Two recent updates to the ClinicNerds website to report:
- New HIPAA Breach Case Study about a small practice in Illinois that was fined $31,000 because they did not have a Business Associate Agreement with a third-party document storage company. The medical practice was storing paper medical records at this off-site location without ensuring that the document storage company was safeguarding the patient data. Note that this case was resolved just a few months ago (April 2017), though practice will be on HIPAA probation for two years till April 2019. It is very typical for these HIPAA investigations and probations to last 4 or 5 years.
- New article in the series Crushing Kim with HIPAA. This sixth article in the series discusses the meaningless terms ‘HIPAA Compliant’ and/or ‘HIPAA Certified.’ There are many shady salesmen, consultants, and instructors that make the false and meaningless claim that their product or service is HIPAA Compliant. When you hear this phrase, ClinicNerds encourages you to say: ‘Who says it is HIPAA compliant?’
Earlier this week, I posted the ninth case study on HIPAA Breaches. Why was this case important? The healthcare organization that got fined is a small hospice in the Northwest. The precipitating event was one stolen laptop that was not encrypted. The laptop contained a few hundred (441) patient records. The fine was $50,000.
Every small practice in the country has the same essential risks or vulnerabilities. An unencrypted laptop with a spreadsheet of all the practice’s patients.
An unencrypted laptop, with a few hundred patient records, is stolen and results in a $50,000 fine.
Over on the ClinicNerd’s blog, I put up the fifth article in the series: Crushing Kim with HIPAA. In this series of articles, I try to make the point that HIPAA is despised and misunderstood because the explanations of HIPAA are horrible. If HIPAA is ever going to be accepted and widely adopted, then a new curriculum is needed to explain HIPAA. The HIPAA Lifeguard app is my attempt at a new curriculum for explaining HIPAA. Article preview: ClinicNerds avoids using weird words like omnibus.
Over on ClinicNerds HIPAA Breach Case Studies, just published a new case study about a doctor whose laptop was stolen while lecturing in Asia. Though some precautions were taken, the laptop had unencrypted patient data going all the way back to 1988. The laptop was stolen in South Korea, but the US Government, HHS, levied a multi-million dollar HIPAA fine. Link: Unencrypted Laptop stolen while lecturing in Asia
Over at the ClinicNerds blog, I’m writing a series of articles about how the terrible explanations of HIPAA are creating a nightmare for small clinics. Just put up the fourth article in the series about Simplifying Protected Health Information (PHI). I believe that we need to have a conversation about ways to simplify HIPAA explanations.