This is the ProactiveIT Podcast. This Week: The latest in IT and Cyber Security news plus Patch Tuesday for Everyone, the new trend in HIPAA breach costs and the HIPAA Omnibus Rule.
This is Episode EIGHT! Play some music
Hi Everyone and welcome to the Proactive IT Podcast. Each week we talk about the latest in tech and cyber news, compliance and more. We also bring you real world examples to learn from so that you can better protect your business and identity.
This podcast is brought to you by Nwaj Tech – a client focused & security minded IT Consultant located in Central Connecticut. You can find us at nwajtech.com.
Patch Tuesday Update:
Cyber Security News
UPDATE ON LOUISIANA Ransomware Attack
Topic 1: https://nwajtech.com/1-way-hipaa-breaches-might-cost-more-than-a-fine/
HIPAA Corner: HIPAA Omnibus (Sept 23 2013)
- New Rights to Individual Health Information
- Patients can now ask for their medical record in electronic form
- If patient pays out of pocket they can request that their information not be shared with their insurance provider.
- Sets new rules for how information is shared for marketing and fundraising, and prohibits the sale of an individual’s health information without authorization.
- Makes Business Associates liable for HIPAA violations for the first time (many BAs are not aware of this). BAs are now held accountable by consumers and HHS to safeguard PHI the same way a Covered Entity would.
- This rule extends to sub-contractors of Business Associates
- Requires Covered Entities to Report Breaches to HHS (within 60 days) unless they can demonstrate that there is a low risk to impacted patients (such as a stolen laptop with encryption).
- Sets enforcement guidelines including 4 tiers of fines based on culpability. Repeat negligence in the same calendar year can be fined up to $1.5 million dollars. Negligence can also cost up to $50,000 per record breached.