Plus: Meaningful Use is set to sail away forever, so attest while you can.
Encryption continues to be the primary safeguard against HIPAA violations when mobile devices are lost in the field or breached in the office. Unfortunately, one healthcare organization recently found out what happens when you don’t keep your tools under lock and key.
On February 1, 2017, Children’s Medical Center of Dallas was fined $3.2 million for HIPAA violations dating back to 2009 and 2013 from a lost BlackBerry in 2010 that impacted 3,800 individuals ePHI and an unencrypted laptop in 2013 that contained the ePHI of 2,462 individuals. While Children’s did implement some security measures after the first breach in 2009, the healthcare organization didn’t fully protect its devices and a second breach followed in 2013, an OCR report suggests.
“Ensuring adequate security precautions to protect health information, including identifying any security risks and immediately correcting them, is essential” said Robinsue Frohboese, OCR acting director in a prepared statement. “Although OCR prefers to settle cases and assist entities in implementing corrective action plans, a lack of risk management not only costs individuals the security of their data, but it can also cost covered entities a sizable fine.”
Resource: To read the OCR release, visit https://www.hhs.gov/about/news/2017/02/01/lack-timely-action-risks-security-and-costs-money.html.
In other news …
CMS has extended its deadline for the last Meaningful Use (MU) attestation before it goes away for most Medicare providers under MACRA and the Quality Payment Program (QPP). Advancing Care Information (ACI) is replacing MU as the technical component under the QPP, and CEHRT measures will be reported under it.
The original deadline to report 2016 measures was Feb. 28, 2017 but has been changed to Monday, March 13, 2017 at 11:59 p.m. E.T., a CMS release from Feb. 8, 2017 says.
Payment adjustments will be made for those that get their attestations in late as the hardship deadline has come and gone.
Medicaid and hospitals that utilize MU programs will not be impacted by the changes.
For the MU registration and attestation link, visit https://www.cms.gov/regulations-and-guidance/legislation/ehrincentiveprograms/registrationandattestation.html.