Breaking News

The Florida supplier sets up with OCR for $ 800,000 on allegations of HIPAA security rules

Photo of ahsan65@gmail.com ahsan65@gmail.comMay 30, 2025
0 0 3 minutes read
The Florida supplier sets up with OCR for $ 800,000 on allegations of HIPAA security rules

The Office of Civil Rights at the United States Ministry of Health and Social Services announced this week that it had reached a regulation with the Baycare health system based in Tampa, Florida, on several potential violations of the HIPAA security rule.

Why it matters
The regulation, for $ 800,000, resolves an OCR survey on alleged access inadmissible to the protected electronic health information of a patient, or EPHI, in Baycare.

OCR says that he first received a complaint in October 2018, with someone who had received care in the alleging health system that she had subsequently contacted by “an unknown person who had photos of his printed medical records [and] Someone scrolling their medical records on a computer screen. “”

The OCR survey revealed that the skills titles that had been used to access the complainant’s medical file belonged to a former non -clinical staff member for the practice of another doctor who had access to Baycare electronic medical records.

Investigators claim that Baycare has potentially violated several HIPAA security rule requirements, in particular by not implementing policies and procedures for accessing EPHI which comply with the applicable requirements of the HIPAA confidentiality rule.

In addition, the OCR claims that the health system has failed to reduce the risks and vulnerabilities to EPHI to a reasonable and appropriate level and regularly examine records of the information system activity.

Under the regulations, Baycare agreed to pay $ 800,000 OCR and implement a corrective action plan which he will monitor for two years.

With this plan, the supplier will be responsible for “carrying out a precise and in -depth risk analysis to determine the potential risks and vulnerabilities to confidentiality, integrity and availability of his EPHI”, according to OCR.

He will also have to implement a risk management plan, revise his written policies and procedures to comply with the HIPAA rules and train staff who have access to EPHI on his HIPAA policies and procedures.

The biggest trend
In all presidential administrations, the HHS office for civil rights has been occupied in recent years investigating and by establishing surveys involving both the HIPAA confidentiality rule and the HIPAA security rule, which alleged violations implied the right of access, ransomware attacks, malicious initiates or other threats to EPHI of patients.

The security rule is defined for an update (its first since 2013), with a regulatory proposal notice published last January, during the last days of the Biden administration, containing new proposals and clarifications, such as the deletion of the distinction between the specifications “required” and “addressable”, and making them all compulsory, limited exceptions.

But well before that, the OCR has constantly called the covered entities of HIPAA – suppliers, health plans, health carications – and their commercial partners to take measures to protect the EPHI of patients, including understanding where EPHI is located in the organization and how it “enters, circulates and leaves the information systems of the organization”.

It also highlights the importance of integrating risk analysis and risk management in the organizational processes of an organization; Ensure that audit checks are in place to record and examine the activity of the information system; And the implementation of regular journals of the activity of the EPHI information and encryption system in transit and at rest to protect yourself against unauthorized access, among other risks of attenuation of risks.

At the same time as
“”At a time of hacking and ransomware attacks, HIPA regulated entities must always ensure that members of the workforce and other users having access to an electronic medical file only have access to the necessary health information to do their work, “said the acting director of the OCR Anthony Archeval in a press release.”

Mike Miliard is editor -in -chief of Healthcare It News
Send an email to the writer: mike.miard@himssmedia.com
Information on health care is a HIMSS publication.

Photo of ahsan65@gmail.com ahsan65@gmail.comMay 30, 2025
0 0 3 minutes read
Photo of ahsan65@gmail.com

ahsan65@gmail.com

Related Articles

Covid Wave was washed on California, some health officials urge the masking

Covid Wave was washed on California, some health officials urge the masking

September 3, 2025
Not surprising that Hochul supported Mamdani, the DEMS consider socialism as “big”, capitalism as “bad”

Not surprising that Hochul supported Mamdani, the DEMS consider socialism as “big”, capitalism as “bad”

September 17, 2025
Nigeria declares the holiday to honor the former deceased chief at the age of 82

Nigeria declares the holiday to honor the former deceased chief at the age of 82

July 14, 2025
The new variant covers nb.1.8.1 leads to infections in Australia. A virologist explains what you need to know | Lara Herrero for conversation

The new variant covers nb.1.8.1 leads to infections in Australia. A virologist explains what you need to know | Lara Herrero for conversation

May 29, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button