It also requires MedEvolve to augment its existing HIPAA training, among other requirements.The U.S. In addition to the monetary settlement, MedEvolve’s corrective action plan requires the entity to conduct a risk analysis to determine risks and vulnerabilities to electronic PHI and develop a risk management plan to address and mitigate identified risks. Covered entities, business associates, and subcontractor business associates who have not yet conducted a risk analysis, or whose existing analysis is not broad enough to assess all of the risks and vulnerabilities to electronic PHI held by the organization, should take steps to conduct a thorough and complete risk analysis. While the lack of an enterprise-wide risk analysis is a common element of HIPAA noncompliance, it is also a key enforcement point for OCR. OCR also found that MedEvolve did not conduct a “sufficiently accurate or thorough” risk analysis. Healthcare vendors regulated under HIPAA need to ensure that they are not only executing business associate agreements with their covered entity clients, but also with any of the vendor’s subcontractors if the arrangement involves access to, or the use or disclosure of, PHI. During its investigation, OCR determined that MedEvolve failed to enter into a business associate agreement with a subcontractor. The $350,000 settlement serves as a reminder that HIPAA compliance is not only important for covered entities, but for business associates as well. OCR noted in the resolution agreement that it has evidence that at least one unauthorized individual viewed PHI for patients of each covered entity while the FTP server was unsecured. The information on the FTP server included names, billing addresses, telephone numbers, primary health insurer, and doctor’s office account numbers, and in some cases Social Security numbers for patients of two of MedEvolve’s covered entity clients. The breach notification report stated that a File Transfer Protocol (FTP) server containing the protected health information (PHI) of 230,572 individuals had been openly accessible on the internet since January 1, 2018. In July 2018, OCR received a breach notification report that triggered a HIPAA compliance investigation of MedEvolve. Pursuant to its settlement with OCR, MedEvolve agreed to pay $350,000 and enter into a two-year corrective action plan. is a HIPAA business associate to healthcare organizations and provides practice management, revenue cycle management, and practice analytics software services. Department of Health and Human Services, Office for Civil Rights (OCR) announced a settlement with a software company for alleged noncompliance with HIPAA regulations. Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.Ĭourtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.Ĭreating positive impact in our communities through increasing equity, access, and opportunity. Offering a range of investment management and fiduciary services.īringing together companies and investors for tomorrow’s new deals. Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet. Providing actionable information to support strategic decision-making. Industry-leading conferences focused on affordable housing, tax credits, and more. Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys. Leveraging law and technology to deliver sound solutions.ĭelivering seamless service through partnerships across the globe. Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations. Helping clients respond correctly when a crisis occurs. Government Investigations & White Collar Defenseĭeveloping innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.Īdvancing professional knowledge and offering credits for attorneys, staff and other professionals.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |