Aetna Pays $1,000,000 to Settle Three HIPAA Breaches
Aetna Life Insurance Company and affiliated covered entity (Aetna) has agreed to pay $1,000,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS).
Aetna Life Insurance Company and affiliated covered entity (Aetna) has agreed to pay $1,000,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS).
Government declarations enabled tele-health to be, at least temporarily, a commonplace patient care modality. However, physicians should weigh a number of privacy and security factors before implementing telemedicine into their practice.
#5) Budget Budget Budget. Schedule your HIPAA training with mini training sessions throughout the year. Increased frequency of trainings helps employees retain information longer. Budget for software. Focusing on platforms that will allow you to flawlessly navigate, organize and store documents properly for the Compliance process.
#4) Minimize Workstation Security Risks. Record movement of data and hardware systems. Document all portable storage and end points. Review what’s in the cloud, do you know? Document retired equipment. Review and or update Proper disposal of electronic systems and documents. Update passwords and review how interoffice electronic information is transmitted. Review employee accountability and sanction policy.
“We are investigating a ransomware incident that has impacted a limited number of our applications. We are working diligently to restore these systems, and most importantly, to ensure our clients’ data is protected. Although our investigation is ongoing, there is currently no evidence that any data has been removed from our systems. We regret any inconvenience caused by this temporary outage.”
3.) Disasters, Natural or Human Made, Reviewing Your Contingency Plans. Review your disaster recovery plan. Revisit analysis for how most critical data is identified. Address incident response
2.) Business Associates, Vendor Contracts & compliance with HIPAA. Have you assessed your vendor or contractor’s HIPAA security? The regulations require you to do due diligence on your business associates. Have you checked out their HIPAA compliance? Changes made with the HIPAA Omnibus bill makes you responsible for any breaches your Business Associates may have. Checking their compliance is prudent.
1.) Review your security and privacy risk management plan, and revisiting your remediation plan. Evaluate how well your firm did last year; Did you have any breaches or near breaches? Have you updated your HIPAA policies & procedures to reflect any needed operational changes to protect your patient PHI? Have you updated your security, privacy risk assessment & remediation plan?
We are pleased to announce Carosh Compliance Solution’s President and CEO Roger Shindell, M.S., CHPS, CISA, has been elected as a board member of the Indiana Chapter of HIMSS. As a member of the Board of Directors, Shindell will hold the position of “Member at Large” for the term of July of 2017 until June 2020. During this time Shindell will serve to assist in the continued success of this acclaimed chapter.