Avoiding HIPAA Penalties

Avoiding HIPAA Penalties

The Office of Civil Rights (OCR) shared a resolution agreement it reached with Anchorage Community Mental Health Services (ACMHS) in 2014 as a way to emphasize the importance of basic security measures when it comes to HIPAA.

OCR and ACMHS entered into a resolution agreement after ACMHS failed to updates its IT requirements and had unsupported software. This compromise in security led to a breach of 2,743 individual accounts. The investigation by the OCR found that ACMHS adopted sample Security Rule policies, but failed to adhere to them. Not only did they fail to conduct accurate assessments of potential risks, ACMHS even failed to ensure information technology resources were regularly updated. Due to their carelessness, ACMHS paid a $150,000 fine and was required to come up with a corrective action plan. The OCR also required a two-year compliance reporting period from the mental health services provider. Listed below are some tips that can help  you avoid being in ACMHS’s situation.

Six Tips to Avoid HIPAA Penalties

Tip #1: Identify software key to the security of information and establish procedures. Maintenance schedules to ensure timely installation of patches and updates.

Tip #2: Identify employees who are responsible for monitoring and installing available patches and updates. Be sure to inform them about the importance of their job and the importance of adhering to HIPAA guidelines.

Tip #3: Ensure firewalls are in place with threat identification monitoring of inbound and outbound traffic.

Tip #4: Adequately support information technology resources.

Tip #5: Regularly conduct security risk assessments, including an evaluation of what risks might be posed by the software and hardware in use, and promptly address areas of high risk.

Tip #6: Implement, follow, and regularly update HIPAA policies and procedures that are developed to address the security risks of your organization, as identified by security risk assessments. Don’t put sample HIPAA policies on a shelf to collect dust, utilize them.

HIPAA was very generous to ACMHS in only fining them $150,000. Unfortunately, they are not always so generous. Following the tips specified above should help you avoid costly HIPAA penalties for your business or organization.

Source referenced: JD Supra




Maternity Leave Law in California: Explained!

As client’s ponder how to integrate their existing sick ,personal and vacation leave policies into conformance with California’s impending mandate for accrual of sick time for all employees starting July 1 of this year, questions about maternity leave seem to run in tandem.

Thanks for south land lawyers Smith & Lo for this excellent primer on California Maternity Leave.  A great explanation of the basic California law.

Maternity Leave Law in California: Explained!.

When Your Healthcare Claim Is “Denied”

You have Health Care Insurance – CHECK

You saw your Doctor – CHECK

He wants to run some tests – CHECK

You try to get pre-approval of your tests – DENIED:(

You get the test anyway and submitted your insurance claim – DENIED!

Lost in the Health Care Debacle debate is the dirty little secret of the Health Care Industry. And, sadly, this has nothing to do with ObamaCare.  This game has been played for decades.  Your insurance company is NOT in the business of taking care of you.  They are in the business of spending less, not more, on your health care. So, they will routinely deny approval of medical tests that you and your doctor deem prudent, and they will routinely deny coverage for expenses that you have incurred.

Unfortunately, many people stop there! Effectively denied sometimes critical health care.

This is a numbers game.  The insurance companies know that if they deny 10 approval requests for claims, only one or two of those insureds will protest, appeal, re-apply and/or fight for the coverage they are entitled to.  In the end, the loud protestor gets the treatment and care they deserve.  The meek suffer what is effectively the de facto rationing of health care by your    own insurance company.

The link below is to a great article from Forbes that lays out the steps you can – and MUST – take to protect yourself and get the care to which you are entitled.

  • Find out WHY you were denied and determine if you can correct any of those reasons.
  • Recruit your health care providers to advocate on your behalf in pursuing approval of the denial.
  • Apply again, re-apply, appeal, protect and threaten to sue!
  • Keep complete and accurate records of everything.
  • Find out how much the denied care “really costs” and negotiate for the best, contract and discounted rate available.

It is hard to live in a world where you have to fight with everybody for everything, especially when you are sick or injured. But the Health Care System is not going to get easy or accommodating anytime soon.  It is a battlefield. Those that understand this and approach the consumption of health care with the right attitude and tools are among the few that will get the care and treatment that they want, need and deserve.

The 5 Things You Should Know When Your Healthcare Claim Is “Denied” – Forbes.