Facebook – The Health Care Privacy Time Bomb

A reporter asked me not that long ago how frequently health care providers post patient health information (PHI) that would permit a reasonable person to identify the patient (even without a name included). I hear rumors of such now and again, and I’ve had my share of clients panic over something posted by an employee. … Read more

Anthem Unfolding: Who has regulatory authority when it comes to security audits?

In a recent LinkedIn group discussion, there was some back and forth about an article that stated Anthem was refusing to cooperate in the security audit. What ensued was debate about what is required vs what is a good idea (particularly when you’re dealing with OPM [Office of Personnel Management] and OIG). I, personally, was … Read more

Never mind Big Brother, OCR is watching! HIPAA Enforcement Developments

It was a busy 2014 for the Office for Civil Rights (OCR). OCR entered into several resolution agreements and corrective action plans last year. Pay attention to the enforcement trend Covered entities (CE) and business associates (BA)! No matter how large or small, OCR is taking aim at CEs and likely soon BAs when it … Read more