HHS Gears Up for HIPAA Audits

HHS Office for Civil Rights recently announced that it will initiate a survey of 1,200 organizations, including both covered entities and business associates, as it begins to determine which entities will be audited for the second round of Health Insurance Portability and Accountability Act (HIPAA) audits. The audits will assess compliance with a number of HIPAA-related issues such as privacy, security, and breach notification. The major focuses of the audit will include whether entities have implemented security risk assessments, data encryption, and updates required by the HIPAA Omnibus Rule.

Free Software Released to Aid HIPAA Compliance

Free software released by federal regulators seeks to help health care providers, insurers, and clearinghouses meet HIPAA security requirements. Accessible on both desktop computers and tablets, the software allows users to input basic company information, including names of business associates who must comply with HIPAA safeguards and lists of equipment that may contain protected health information. Subsequently, users answer questions concerning their data-protection activities and are then presented with current threats to data security and possible safeguards. Notably, however, the tool does not guarantee HIPAA compliance but seeks to aid businesses in meeting required levels of data security.

Class Certification Sought After Widespread Data Breach

A class action lawsuit has been filed against Los Angeles County and a medical billing contractor after computers containing the names, addresses, Social Security numbers, medical diagnoses, and dates of birth for about 168,000 people were stolen. The plaintiffs allege negligence and violations of medical record privacy laws, arguing that their personal and medical information was not stored securely and that Los Angeles County and the contractor failed to notify potential victims of the breach within a reasonable amount of time. Due to the amount of personal information stored on the computers, the class may consist of thousands of members.

Hospital Settles Data Breach Action for $4 Million

After 19,500 emergency room patients’ names, diagnoses, and account numbers were accidentally posted online, a California judge has preliminarily approved a $4.1 million settlement. The class action sought violations of the California Confidentiality of Medical Information Act after Stanford Hospital & Clinics and its contractors accidentally leaked a spreadsheet of personal information. The leak was brought to the attention of Stanford after a patient noticed the information posted on the website Student of Fortune.