In its August update, the OCR announced that its regional offices are now engaged in investigating data breaches affecting fewer than 500 records, which puts the spotlight on smaller private practices.
The two leading causes for OCR investigation are the inappropriate use and disclosure of protected health information (PHI) and the absence of safeguards for PHI. To address these and other compliance concerns, the OCR continues to strengthen its enforcement program. Current investigations are focused on confirming the following compliance activities:
- Completion of recent, thorough Security Risk Assessment, with remediation of findings completed or in progress.
- Implementation of breach notification policy that meets HITECH requirements.
- Implementation of Notice of Privacy Practices in compliance with HIPAA Privacy Rule.
- Implementation of documented policies and procedures to secure PHI (including ePHI) and to meet administrative, physical, and technical safeguard guidelines.
- Documentation of backup systems, disaster recovery plans, and other activity monitoring plans.
- Delivery and documentation of appropriate training.
"Private practices who continue to lag behind in meeting compliance requirements are gambling with the protected health information entrusted to their care," said Jaime Rodriquez, HIPAA security officer and director of technical services for JDL Technologies. "They are doing so at increasingly serious risk, not only to their practices, reputations and balance sheets but, more importantly, to their patients."
About JDL HealthTech
JDL HealthTech delivers services that enable healthcare providers to better manage their practices, achieve and maintain HIPAA compliance, avoid violations and data breaches, keep their systems up to date and running smoothly, and take advantage of new and emerging technologies. JDL is a credentialed Trustmark Managed Service Provider and one of the 2016 Elite 150 Managed Service Providers in North America, 2016 Solution Provider 500, and 2015 Fast Growth 150 as ranked by The Channel Company. JDL HealthTech is a division of JDL Technologies, a Communications Systems, Inc. company (NASDAQ: JCS).
Logo - http://photos.prnewswire.com/prnh/20151019/278391LOGO
To view the original version on PR Newswire, visit:http://www.prnewswire.com/news-releases/private-practices-top-list-of-data-breach-investigations-300329657.html
SOURCE JDL HealthTech