Healthcare Privacy News Roundup: The Transformative Effects of AI in Healthcare, the Most Common HIPAA Violations, and More



Healthcare Privacy News Roundup: The Transformative Effects of AI in Healthcare, the Most Common HIPAA Violations, and More

Every month, we compile the most compelling healthcare privacy and security related news stories. Below, you’ll learn more about AI in Healthcare, HIPAA violations you should be aware of, opioid intelligence, and more.

The Most Common HIPAA Violations You Should Be Aware Of

“Data breaches are now a fact of life.” With that statement, HIPAA Journal outlines a worrisome truth for healthcare organizations. Even after implementing fortified security controls and privacy monitoring, the OCR understands that data breaches are a reality that health systems face. However, compliance isn’t about guaranteeing that data breaches never happen – it’s about reducing risk while ensuring that facilities do their due diligence to protect sensitive information.

In this article, HIPAA Journal outlines the 10 most common HIPAA violations that privacy and security officers should be aware of in order to mitigate risks, survive OCR audits, and fortify your organization against threats.

How Will Artificial Intelligence in Healthcare Transform Clinical Experiences?

From clinical uses to IT, privacy, and security, artificial intelligence (AI) and machine learning are transforming healthcare. In fact, 77% of respondents from a HIMSS survey on artificial intelligence said they’re already using it to assist with clinical decision-making, and most have an optimistic outlook about its overall impact on healthcare. From triage chatbots to natural language processing (NLP), artificial intelligence carries myriad benefits. What are the surprising uses of AI in healthcare and how does it affect organizations? Find out more in this HIMSS article.

HHS Confirms When HIPAA Fines Can be Issued to Business Associates

HIPAA defines a business associate as “a person or entity, other than a member of the workforce of a covered entity, who performs functions or activities on behalf of, or provides certain services to, a covered entity that involve access by the business associate to protected health information. A ‘business associate’ also is a subcontractor that creates, receives, maintains, or transmits protected health information on behalf of another business associate.”

In short, to be considered a business associate under the HIPAA definition, the entity – whether a subcontractor, vendor, or other party – must have access to PHI. As essential as they are for the healthcare industry, they also pose risks – in January 2019, the largest healthcare breach was perpetrated by a business associate, which impacted nearly 112,000 records. For these types of situations, the HHS has outlined the liability of business associates for HIPAA noncompliance and the penalties incurred.

9 Steps to Creating a Drug Diversion Monitoring Program

“A nurse gets into a car accident and requires surgery. After surgery, the nurse is prescribed painkillers and becomes addicted. Because she works in a hospital, the nurse has access to drugs and continues to pilfer them to feed her addiction.”

In the midst of the opioid crisis, this scenario is shockingly common – and 15% of healthcare workers are addicted to drugs vs 8% of the general population. When medical workers have daily access to highly addictive medications, drug diversion – removing a prescription from its intended path – becomes a real possibility.

With these staggering statistics, how do you keep your healthcare facility safe? In this article, learn how to build an effective monitoring program that protects patients and staff from the dangerous consequences of drug diversion.

CMS and ONC Tell Senate HELP Committee Rapid Progress is Required to Advance Interoperability

In an effort to prevent information blocking in healthcare, ONC and CMS proposed rules earlier this year. And on May 7, the second Senate HELP Committee hearing on the subject was held with the goal of ensuring efficient access and sharing of PHI between patients and providers. By eliminating data blocking, it paves the way for increased interoperability – the ability to seamlessly exchange information from one facility to another – while empowering patients to make more informed decision about their own health.

“According to Dr. Brett James of the National Academies, as much as 50% of the costs of healthcare are unnecessary. Patients are having to repeat tests because their information cannot be shared between different healthcare providers and there is considerable duplication of administrative tasks as a result of information blocking.”

Healthcare data breaches reach record high in April

In April 2019, 44 breaches were reported to the federal government – the highest number in a single month since the Office of Civil Rights (OCR) introduced its online breach database in 2010 – breaking last year’s record of 42 breaches in April 2018.

Despite the record-breaking number, less people were affected than in the previous month.  in April, 686,953 records were compromised – as opposed to March 2019, with 963,794 people affected. What caused the most severe breaches? Read on for more information about the past month’s breaches.

HHS Changes HITECH Act Penalties for HIPAA Violations

The Department of Health and Human Services (HHS) has announced a significant change to HIPAA violation fines. The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 labeled four tiers of culpability for violations:

  • Tier 1: No Knowledge: This tier applies to an organization that couldn’t have known about an incident and made a genuine effort to protect itself ahead of time.
  • Tier 2: Reasonable Cause: The organization either knew or should have known about the violation after performing due diligence, but it did not occur as a result of willful neglect.
  • Tier 3: Willful Neglect – Corrected: Although the violation was caused by negligence, it was promptly corrected.
  • Tier 4: Willful Neglect – Not Corrected: Caused by neglectful behavior and action was not taken in a timely manner to correct the problem.

For the three lowest-level HIPAA violations, maximum penalties have been drastically reduced. Find out how they’ve been affected – and the potential costs of a HIPAA violation – by checking out this article.