HIPAA Update

Health System Agrees to Largest Settlement to Date

In the largest settlement of its kind, Illinois healthcare system Advocate Health agreed to pay $5.5 million and develop a corrective action plan to settle HIPAA violations due to data breaches. The violations include data protection violations related to electronic protected health information (ePHI) that have occurred over the past three years.

According to the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR), the massive settlement was due to the extent and duration of the hospital system’s noncompliance with data security laws, and the number of patients affected. The security lapses affected four million patients and included patient names, insurance information, credit card numbers, addresses, clinical information, and dates of birth.

The investigations began in 2013 when Advocate Health submitted three breach notifications to OCR, including a breach that involved unauthorized access to 2,000 patient records by a third-party billing partner, and another that included theft of desktop computers containing four million patient records from an Advocate administrative office. The OCR investigation revealed Advocate Health did not conduct a thorough assessment of risks and vulnerabilities in the system; did not implement policies and procedures; failed to implement reasonable safeguards involving an unencrypted, stolen laptop; and did not ensure that third-party business associates would provide safeguards for ePHI.

“We hope this settlement sends a strong message to covered entities that they must engage in a comprehensive risk analysis and risk management to ensure that individuals’ ePHI is secure,” said OCR Director Jocelyn Samuels in a statement. “This includes implementing physical, technical, and administrative security measures sufficient to reduce the risks to ePHI in all physical locations and on all portable devices to a reasonable and appropriate level.”

AHC_Media_New_Logo_Transparent

 


Fraud Penalties Have Nearly Doubled

Ensure Compliance with Anti-Kickback Laws

For the first time in 20 years, penalties for violations of anti-kickback laws have nearly doubled, due to terms in the Bipartisan Budget Act of 2015. The act called for penalty fines to adjust for inflation by August 2016.

The penalty for each false claim will go from a minimum of $5,500 to $10,781. The maximum per each false claim increased to $21,563 from $11,000 for each individual false claim. Most cases allege thousands of claims and the civil money penalties can quickly add up to millions of dollars.

According to the U.S. Department of Justice’s Fraud Section Year in Review 2015, 225 convictions, and 11 corporate resolutions and pleas resulted in fines and penalties of almost $4 billion. Two-thirds of lawsuits came from corporate whistleblowers, while other cases are settled with no penalties.

 


Restraint and Seclusion Horizontal Email Banner


Banner Health Suffers Year’s Largest Data Breach

3.7 Million Patient Records Breached

In yet another case of healthcare organizations falling prey to hackers, Banner Health announced a cyberattack recently occurred on servers that process food and beverage payments and contain patient records. The records and credit card information of up to 3.7 million patients, insurance plan members, doctors, and other providers were compromised in the largest healthcare data breach of 2016.

Compromised information includes patient names, addresses, and birth dates; physician names, dates of service, and clinical information; health insurance information; and Social Security numbers. At Banner Health food and beverage locations, credit card holder names, card numbers, expiration dates, and verification codes used between June 23 and July 7 were compromised.

At press time, Banner Health officials did not know the scope of patient records compromised and how far back the records go. There have not been any reports of the hackers using the stolen information. Banner Health is offering free one-year credit monitoring services.

 


Medicare Readmission Penalties Hit All-time HighLife Safety Code Email Banner Vertical

2,597 Hospitals Forfeit $528 Millions

Beginning Oct. 1, hospitals and other Medicare patient providers will lose a collective $528 million in readmissions and quality of care penalties.

Fiscal year 2017 will see about the same number of hospitals penalized – 2,597 – as last year, but the average maximum penalty will increase to its lifetime high of 3%. In all, more than half of the nation’s hospitals will be penalized on high 30-day readmission rates and quality measures such as heart attack, pneumonia, heart failure, COPD, total knee replacement surgery, and total hip replacement. A new measure of coronary artery bypass graft surgery has been added for FY 2017.

About 1,400 hospitals are exempt from penalties, including hospitals in Maryland, critical access hospitals, children’s hospitals, Veterans Administration hospitals, and psychiatric facilities.

 


UPCOMING HOSPITAL WEBINARS
Now with Even Better Pricing!
 
 
AUG
15

The Latest and Greatest CMS Nursing CoPs

Sign Up →
 
 
AUG
16
CMS Medical Records: What You Need to Know Sign Up →
 
 
AUG
29
Give Falls the Slip: CMS, DNV & TJC Hospital CoPs & Standards Sign Up →
 
 
SEPT
1 & 7
EMTALA Update 2016: Deficiencies, Problematic Standards and Practitioner Liability Sign Up →
 
 
SEPT
6
Infant and Pediatric Abductions: Prevent the Unimaginable Tragedy Sign Up →
 
 
SEPT
12
Safe Injection Practices and IV Push Guidelines: Compliance with CDC and CMS Standards Sign Up →
 
 
SEPT
13
Restraint and Seclusion: CMS, DNV, & TJC Guidelines and Standards Sign Up →
 
 
SEPT
21
Discharge Planning: CMS Worksheet & Standards Sign Up →

FEATURED RESOURCES

   APN 20% off offer code image_APNM20_V2     EM Report Study Guide 2017     Mastering CMS Survey


sponsor-edpush