HIPAA Violation not using encryption for secure forms

$218K HIPAA fine
Have you seen this July 13 article in HealthcareITNews?

Another medical provider has been hit with a hefty fine for violating HIPAA requirements -- this time for putting 500 patients at risk by using a Web-based document-sharing application without adequate security to store PHI.  Read More: HealthcareITnews

Is your business next? Mediprocity can help. Mediprocity is launching a new product called SECURE FORMS that will help add another layer of HIPAA violation protection to your business while saving you more time and money.

Secure Forms converts your business forms into encrypted electronic documents that can be safely emailed to anyone.  Your customers and vendors will simply click on a link that you provide, complete and submit your form online and a secure document is returned to your business using Mediprocity.
As stated in the article, "Organizations must pay particular attention to HIPAA's requirements when using Internet-based document sharing applications," said Jocelyn Samuels, OCR director, in a July 10 statement announcing the settlement. "In order to reduce potential risks and vulnerabilities, all workforce members must follow all policies and procedures, and entities must ensure that incidents are reported and mitigated in a timely manner."
The OCR has proven once again they are serious about not tolerating HIPAA violations. Don’t make the mistake of thinking that your business is not vulnerable.   
Mediprocity cares about your business and your customers. Check out the attached video and look for our introductory offer coming soon.  Mediprocity Secure Forms is about to arrive!


HIPAA Audits Begin as the OCR digs into BAA enforcement

In the lead-up to September 2013 we remember 60 days prior how frantic we were here at Mediprocity to make sure we had our technology audited and ready for detailed investigation by the OCR (Office of Civil Rights), and, how we were very detailed orientated when it came to locking in our BAA (Business Associate Agreements) and other documentation.

We were ready.  We were ready for an audit and we expected to see some sort of action within the market when it came to enforcement.  What we found on the other side of September 2013 was silence.  It was like preparing for a giant party, the venue was rented and decorated, all the invitations went out and everyone on our team was dressed, but when we opened the front door to our grand event only two people walked in out of the hundreds we invited.

In the party world they call that a total 'dud' of an event.  That did not deter us, we knew the law was not about to be repealed so we continued on.  Over the past few years there have been a number of breaches reported, some larger than others and the fines levied have been significant.  This reminded us that the jokes about the HIPAA police coming were not to be taken lightly and they were indeed coming.

On March 22nd, 2016 the announcements hit the wire with putting out an article that the Federal march had begun.  We knew that this was the year something was going to happen, we just didn't know when... well that day has arrived and it was recently reported by McKnight's. has released a FACT SHEET that everyone should read.  These initial desk audits will be the 'probing' to see just how prepared your organization is when it comes to the Omnibus ruling.  Keep in mind, September 2013 was not yesterday.  If you have not prepared your organization by now, your excuses will be ignored.  Be prepared.

The old saying we just do not allow people to "text" at work, or, we do not allow use of mobile devices are not going to put you in a defensible position.  How do you enforce that policy?  How do you know with certainty that people are not texting and are adhering to your 'do not do it' policy?  You need oversight, you need logging and metrics, you need encryption.  This is a true mobile policy for HIPAA protection in the year 2016.

Mediprocity provides secure messaging and secure forms.  We are an easy-turn-key system for your organization and we are built for healthcare.  Find out today how easy and affordable it is to not only protect your organization, but also improve your communication workflow!



The Fines Are Coming... it is time to listen to OCR!

paulrevereIt is somewhat still in debate if Paul Revere actually did yell 'The British Are Coming! The British Are Coming!' in his famous ride.  We do know that his ride at midnight did cemet his place in history to warn colonists of an impending British attack.  That part, along with his Lexington to Concord ride is not debatable and is a tale most Americans know.

Here is a new tale that we have been telling for years, 'The OCR Is Coming! The OCR Is Coming!'  If you don't know what OCR stands for by now, and you are in healthcare, then even Paul Revere cannot save you with his warning.  If anything, we have to give credit to HIPAA and the Office of Civil Rights (OCR), for actually being the Paul Revere of the Omnibus law.  They have been doing their best to slow their audits and fines and give covered entities and business associates time to prepare.  Sadly, their version of Paul Revere has still be falling on deaf ears...

Let's review some of the latest fines and penalties, because the OCR is most definatley coming.

HIPAA fines a nursing home company $650,000 for a lost phone.

Federal regulators lowered the boom on the former owner of several nursing homes after an iPhone containing the medical records of more than 400 residents was stolen.  Mediprocity could have prevented this fine and investigation immediately with our compliant technology.

Health system pays highest fine to date (as of August 2016)

To receive a fine this high is simply falling into the willful neglect category, where there are multiple breaches and vulnerbilities that were not addressed.

Health system fined for stolen laptop

Another area where encryption and remote log out / wipe was not in place.  Additionally, poor follow through on business associate agreements.  This fine could have easily been prevented.

If you are still on the fence on how to secure your mobile devices for messaging and forms - do not delay and contact us about how we can help to prevent a penalty and fine for a lost device with patient health information (PHI).



Send Us An Email
DO NOT add any patient health information here. We will follow up with you to discuss any PHI or security credentials. DO NOT share any PHI or any credentials in this help desk ticket. Thank you!

Send Us An Email