Two articles that I came across today highlight the serious risk of poor data destruction procedures. The National Health Service in Surrey (UK) has been fined £200,000 (about US$300,000) for failing to completely remove patient data from recycled PCs – some of which ended up on an online auction site.… Continue Reading Don’t Ignore Data Destruction

WASHINGTON – The United States has intervened and filed a complaint in a whistleblower suit pending under the False Claims Act against Education Management Corp. (EDMC) and several affiliated entities, the Justice Department announced today. In its complaint, the government alleges that EDMC falsely certified compliance with provisions of federal… Continue Reading U.S. Files Complaint Against Education Management Corp. Alleging False Claims Act Violations

For New York State accredited office-based surgery practices (“OBS”), the terms of continued accreditation (varying with an OBS’ specific accrediting agency) often come with strict requirements and guidelines concerning the hiring and retention of employees and independent contractors.  Most unexpected (and often overlooked by OBS employers) are the requirements and guidelines that… Continue Reading Compliance Considerations for Accredited Office-Based Surgery Practices When Hiring Employees and Contractors

With few exceptions, rules relating to privacy and security such as HIPAA and GLBA (Gramm Leach Bliley) cover the information, and don’t specifically relate to any particular technologies. So, they apply whether you’re using your PC, a fax machine, a photocopier, a USB flash drive, or even your cell phone.… Continue Reading Privacy and Security Rules Cover Information – Not Technology

E-learning is one of the major internet tools that allow us to share and manage knowledge. The experts or instructors can easily connect online with an individual or group of learners to share their expertise. E-learning mode of education saves transport costs and time. The customized courses enable students to educate… Continue Reading E-Learning: A Blessing For Healthcare Industry

Call centers often handle highly sensitive information for customers including financial data such as credit card details, Social Security numbers, and bank account details; and, in some cases, health information. This means that they need to comply with an increasing number of regulations such as PCI DSS and HIPAA which… Continue Reading Security Awareness Training for Call Center Reps

The Washington Post recently reported that an employee in the National Finance Center sent an Excel spreadsheet of employees’ personal information to a coworker in an unencrypted email. The Commerce Department sent a letter to all affected employees notifying them that there had been a breach, and is working to… Continue Reading Data Exchanged Between Employees Could be a Security Breach

A couple of interesting articles today. Germany has just enacted a new law that requires companies to obtain a signed consent from employees before their work communications can be monitored. How this affects monitoring for inappropriate, illegal and insecure communications by – say – email is fairly obvious. How it… Continue Reading Signed Policies Are a Must-Have

In her IT Compliance blog, Rebecca Herold posted an article about the implications of the FTC’s Health Breach Notification Rule. As usual, it’s probably going to take a while for the dust to settle so that we can understand the full implications of the rule. But Rebecca noted one fascinating… Continue Reading HIPAA /HITECH Breach Notification Applies to Deceased Individuals