Practical HR Tips, News & Advice. Updated Daily.
Reducing the risk of data breaches requires assessing your company’s vulnerabilities, then addressing them with policies, procedures, training and agreements. The media tend to focus on external hackers, but “the real culprits for most our clients are internal,” according to employment law attorney Robert Fitzpatrick. Employee data breaches can be classified into the deliberate and […]
A county government in Washington state agreed to pay $215,000 in a settlement with the U.S. Department of Health and Human Services, after its report of a minor breach led to an HHS investigation that found “general and widespread noncompliance” with HIPAA privacy and security rules. The incident originally reported by Skagit County, Wash., in […]
New concerns about data security on the health care reform exchanges are being raised by Republican lawmakers, who cite an internal agency memorandum that warned of inadequate testing on the eve of the exchanges’ Oct. 1 rollout. The security control assessment required by the Federal Information Security Management Act “was only partially completed” because the […]
Health plans now may begin applying for the standard health plan identifier required by HIPAA, CMS has announced. The online application was posted March 29 on CMS’ Health Plan and Other Entity Enumeration System (HPOES). Most HIPAA-covered health plans, including employer group health plans, must obtain an HPID by Nov. 5, 2014, except that “small health […]
The HITECH Act is now here in full. The whole litany of tighter privacy and security requirements is in the long-awaited, long-delayed “omnibus” rules finalized Jan. 17 by the U.S. Department of Health and Human Services, and most of these will have to be met by this Sept. 23. The omnibus rules also include changes […]
A standard health plan identifier proposed by the U.S. Department of Health and Human Services (HHS) could cost health plans a total of up to $1.3 billion to implement. The proposed rules, released April 9, would establish a unique health plan identifier (HPID) for HIPAA-covered health plans (both group health plans and insurers), and an […]
The proliferation of mobile devices has blurred the line between employer and employee information, and created new threats to sensitive data that are all too well chronicled. But common-sense steps can still be taken to minimize these risks without stifling the usefulness of these new tools, two data privacy and security experts said in a […]
A wave of HIPAA privacy audits far more comprehensive than anything attempted to date was officially launched Nov. 8 by the U.S. Department of Health and Human Services (HHS). While their official purpose is not enforcement, these audits are likely to cast a broader net than HHS scrutiny has to date — including possibly group […]