Not all healthcare entities are reporting breaches as required by the Department of Health and Human Services’ Office of Civil Rights (OCR).
We can help your practice stay on top of the latest healthcare news, rules, regulations and trends. Subscribe to stay current and up to date on important matters that will impact your practice. (To subscribe to our blog click here).
Healthcare breaches continue to affect practices and hospitals nationwide, but breach reports are not increasing as they should.
HIPAA requires healthcare entities to report breaches to affected individuals and to notify media outlets when breaches affect 500 or more individuals.
Recently, Presence Health settled allegations of untimely breach reporting for $475,000.
Presence Health had a breach that occurred on October 22, 2013. The breach was reported to the OCR on January 31, 2014.
Over 4,000 ransomware attacks occur each day, and yet only nine organizations reported malware or ransomware breaches to the OCR in 2016.
Hospitals have stopped reporting ransomware, because of how common the threat is.
Hospitals are also afraid to report breaches because of the potential economic and liability issues. There is also a lack of ownership and acknowledgement on the part of employees who may have made a mistake resulting in a breach. Hospitals also don’t want to disrupt business to deal with breaches.
OCR has made an example out of Presence Health regarding the necessity of timely reporting.
The OCR has stated that it will continue to hold entities accountable for failing to report a breach in the required amount of time. The OCR is aware of the trend of underreporting.
Breach reporting will be part of the OCR’s audit program. Healthcare entities will need to show breach reporting methods during an audit.
Prepare your practice for a breach and/or an audit. Make sure your employees are trained on breach readiness.
In our next blog post, we will keep you informed of related issues. To get this important information delivered directly to your mail box, click here to Subscribe.
Do you need help staying current and compliant with the latest laws, rules and regulations? We can help. To contact us about your new government rules and regulations, your practice’s risk assessment, or about your other legal needs: CLICK HERE.
P.S. If you or your patients are interested in consumer healthcare issues, check out myhealthspin.com.