In addition to paying $750,000 the Indiana practice will adopt a robust corrective action plan to correct deficiencies in its HIPAA compliance program. According to Office of Civil Rights director Joceyln Samuels, "Organizations must complete a comprehensive risk analysis and establish strong policies and procedures to protect patients’ health information."
"$750,000 HIPAA settlement emphasizes the importance of risk analysis."Part of a comprehensive risk assessment is controlling access to personal health information (PHI). In addition to preventive controls strong detective controls are key to protecting PHI. Organizations can proactively detect inappropriate access and data theft, even by authorized users, by utilizing SaaS analytics services.
- OCR Director Jocelyn Samuels
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.Sources:
(a) HSS Privacy Enforcement Cancer Care Group, P.C. - www.HHS.gov, 09/02/2015