Tuesday, June 19, 2012

Briskin, Cross & Sanford, LLC

Briskin, Cross & Sanford, LLC

HIPPA/HITECH Breach Notification Rules enforcement on the up-swing – Are you prepared?

Enforcement of HIPAA/HITECH Breach Notification Rules and related regulations is being significantly stepped up. As a consequence of the new fines and penalties associated with the HIPPA/HITECH Privacy Rule, being prepared in advance for an audits is becoming increasingly critical for covered business entities.
Enforcement of the new HIPAA Breach Notification Rule is big deal. In the past, audits had been performed only at entities against whom a compliant has been filed. Under the new rule audits are called for whether or not a complaint against the entity has been lodged. This means that the HHS  can show up at a covered entity’s door and perform an audit on short notice… and woe be it to the entity which is not ready.
If a business is not ready for such audits, it can be subject to new, significantly higher fines, including a mandatory minimum of $10,000 for willful neglect of compliance. These fines can, in fact, go up to $50,000 per day. All HIPAA Covered Entities and Business Associates need to be fully in compliance and prepared for an audit at any time, or risk the penalties for non-compliance.
In some cases, multi-million dollar fines are possible. Recent enforcement actions have included a one-million dollar settlement for a breach of only192 records, as well as another one a small, two-doctor medical office, which ended up entering into a $100,000 settlement with HHS over its lack of Security Rule compliance. It appears that the days of  “slap-on-the-wrist” penalties are over and much larger fines and settlements are being levied, with more on the way.
The take-away for covered entities is that, if your compliance and audit preparation with respect to HIPPA/HITECH issues is not at 100%, now is the time to get them there! Before it is too late.

Hacked companies fight back with controversial steps | Reuters

Hacked companies fight back with controversial steps | Reuters.
This is an interesting, timely, and valuable piece examining how companies are dealing with the growing onslaught of commercial cyber-attacks.
Gone are the days when a company can take for granted that a firewall and updated anti-virus software was enough to keep its data safe.
Increasingly companies are taking more proactive, and even retaliatory, actions to deal with this onslaught.
Needless to say, companies must tread a careful line here, lest they fall victim to liability for their own action.
In any event, this is a good read to stimulate thought about how companies are coping with increasing cyber-security threats. Is your strategy up to the task? It’s a question you cannot afford not to ask yourself!