In December, the Office of Civil Rights (OCR) announced a $2.3 million settlement in lieu of civil monetary penalties with 21st Century Oncology — a large multi-site provider of oncology services. The company’s exchange server was breached through a remote desktop protocol, providing impermissable access to over 2 million patient records. OCR discovered that the provider failed to conduct an accurate and thorough assessment of the risks and vulnerabilities of its EMR, failed to implement security measures to reduce risks, failed to implement procedures to regularly review their information system and didn’t have written business associate agreements with third party vendors.
Don’t become a headline like this provider! Make sure your team knows its HIPAA responsibilities beyond basic staff orientation. Sign up for HCANH’s webinar Beyond HIPAA Training: The ABCs of HIPAA Compliance. Health information expert Joan Usher will share how to do the “must do’s” for your agency. The webinar is on February 15th, so sign up today!