In April 2017, the Office for Civil Rights (OCR) announced a $400,000 HIPAA settlement with a federally qualified health center. Although the health center responded appropriately to an email phishing incident affecting over 3,000 patient records, OCR found that the health center failed to complete the required risk assessment process and it failed to implement any corresponding risk management plans to address the risks and vulnerabilities identified in a risk analysis. With each settlement announced, OCR is sending a message to similar health care entities and this time the message was clearly directed at health centers.
In this session, we'll review the health system settlement and several other recent settlements to identify enforcement trends, settlement trends, and lessons learned.
Identify key HIPAA Privacy and Security Rule enforcement actions relevant to health centers and other community providers.
Understand risk assessment and risk management requirements under HIPAA
Draft activities related to HIPAA risks for inclusion in their health center's compliance work plan