HIPAA Enforcement Action: Wake Health Medical Group Resolution Agreement and Corrective Action Plan

From the HHS site “Wake Health Medical Group, a provider of primary care and other health care services in Raleigh, NC, has agreed to take corrective actions and has paid OCR $10,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard. “ Resolution Agreement 

HIPPA Enforcement Action: Dr. Robert Glaser Notice of Proposed Determination and Notice of Final Determination.

From the HHS site “Dr. Robert Glaser, a cardiovascular disease and internal medicine doctor in New Hyde Park, NY, did not cooperate with OCR’s investigation or respond to OCR’s data requests after failing to provide a patient with a copy of their medical record. Dr. Glaser waived his right to a hearing and did not …

HIPAA Enforcement Action: Rainrock Treatment Center, LLC dba Monte Nido Rainrock (“Monte Nido”) Resolution Agreement and Corrective Action Plan

From the HHS site “Rainrock Treatment Center, LLC dba Monte Nido Rainrock (“Monte Nido”), a licensed provider of residential eating disorder treatment services in Eugene, OR, has taken corrective actions including one year of monitoring and has paid OCR $160,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard.” Resolution …

HIPAA Enforcement Action: Denver Retina Center Resolution Agreement and Correction Action Plan

From the HHS site “Denver Retina Center, a provider of ophthalmological services in Denver, CO, has agreed to take corrective actions that includes one year of monitoring and has paid OCR $30,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard;” RESOLUTION AGREEMENT 

HIPAA Enforcement Action: Advanced Spine & Pain Management (ASPM) Resolution Agreement and Correction Action Plan

From the HHS site “Advanced Spine & Pain Management (ASPM), which provides management and treatment of chronic pain services in Cincinnati and Springboro, Ohio, has agreed to take corrective actions that include two years of monitoring, and has paid OCR $32,150 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard;” …

Is Your Supply Chain Resilient?

The major upheavals of the last couple of decades, such as the global recession and the COVID-19 pandemic, have demonstrated that firms will suffer severe setbacks if their supply chains are not resilient. An entire supply chain becomes vulnerable if one component is exposed to risk, just like a house of cards will topple if …

What to Include in Your Incident Response Plan

A security incident can topple an organization’s reputation and revenue in a short amount of time. As billionaire Warren Buffet once said, “it takes 20 years to develop a reputation and five minutes to ruin it.” Keeping that in mind, it’s ideal to have an incident response plan in place before a security breach occurs.   …

HIPAA Enforcement Action: OCR Resolves Twentieth Investigation in HIPAA Right of Access Initiative with $80,000 Settlement 

From the HHS site “The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces the resolution of its twentieth investigation in its HIPAA Right of Access Initiative.  OCR created this initiative to support individuals’ right to timely access their health records at a reasonable cost under the HIPAA Privacy …

8 Elements of a Business Impact Analysis (BIA) for Compliance

A compliance program aims at protecting an organization from risk. The purpose of corporate compliance programs is to ensure that a business complies with laws or regulations relevant to it.  You could consider a Compliance Program to be a form of internal insurance policy to create evidence of conformity with regulations and instill a culture …

The Importance of Business Impact Analysis (BIA)

As the name signifies, a BIA quantifies the impact of a cyber disruption on your business. It doesn’t matter if the disruption happens because of an internet outage or a severe breach — a BIA covers it all. A business impact analysis lays the foundation for a strong business continuity and disaster recovery (BCDR) strategy …