Loading

What Keeps You Up at Night?

HIPAA is challenging, and the downside risks can be a little scary. HiPAA HUB knows how to identify, address, and monitor your exposure so your team can focus on your core business. HiPAA HUB provides smart & timely solutions to make your organization compliant with HIPAA. 

 

HiPAA HUB serves all of your health information privacy and security needs.

 

  • All Healthcare: Hospitals, Providers, Payers & Business Associates.

 

  • All Sizes: Large, Medium & Smaller businesses.

 

  • All Service Levels: HiPAA HUB On CallTM access and Privacy & Security services.
 
Learn more about HiPAA HUB, LLC.
 
.
Turn your HiPAA program into a competitive advantage.

Latest Top (4) News


HHS Approves New Healthy Indiana Medicaid Demonstration

INDIANAPOLIS—On Friday, U.S. Health and Human Services Secretary Alex Azar joined Indiana Governor Eric J. Holcomb to announce the U.S. Department of Health and Human Services’ Centers for Medicare and Medicaid Services approval of Indiana’s Section 1115 waiver, known as the Healthy Indiana Plan or HIP.

The waiver has now been expanded to include a requirement for work or other forms of community engagement for able-bodied, working age Medicaid enrollees, just the second such Medicaid waiver in history to include this mechanism, which has shown success in other HHS programs at moving beneficiaries from welfare to work.

The Healthy Indiana extension also includes administrative reforms as well as a new funding authority to expand treatment options for Medicaid enrollees struggling with substance abuse, including opioid addiction.

“Today’s approval is the result of the hard work of Governor Holcomb, his team, and our team at CMS, and serves as a testament to Indiana’s ongoing commitment to improving the lives of its Medicaid beneficiaries,” said Secretary Azar. “We look forward to collaborating with Indiana on this next evolution of HIP, which serves as another example of the Trump Administration’s support of state-led efforts and innovative reforms to make our HHS programs really work for Americans.”

“A decade after it launched, Healthy Indiana has become the national model for a state-led, consumer-driven healthcare program that meets citizens’ healthcare needs, provides choices and improves lives,” Governor Holcomb said. “This approval continues coverage for hundreds of thousands of Hoosiers and unlocks funding to expand resources to help people struggling with addiction.”

On January 11, CMS announced new policy guidance to support state efforts to improve Medicaid enrollee health outcomes and promote independence by incentivizing community engagement among able-bodied, working-age Medicaid beneficiaries. The policy responds to numerous state requests to test programs through Medicaid demonstration projects under which work and other types of community engagement would be a condition of Medicaid coverage for that particular population. 

Indiana’s demonstration program is the second one of its kind to be approved, following Kentucky’s on January 12.



Friday, February 2, 2018 - 15:45


HHS Marks 2017 Accomplishments Under President Donald J. Trump

Marking the end of the first year of the Trump Administration, the U.S. Department of Health and Human Services (HHS) released a report highlighting accomplishments from 2017.

“In 2017, HHS took bold action to advance its mission to protect and enhance the health and well-being of the American people. From a newly aggressive approach to combat the opioid crisis to round-the-clock responses to three major hurricanes, the men and women of HHS did extraordinary work this past year to foster healthier Americans, stronger communities, and a safer country,” said Caitlin Oakley, HHS press secretary.

Some of the Department’s significant accomplishments, by the numbers:

HHS 2017 significant accomplishments by the numbers.


To read the document, visit https://www.hhs.gov/sites/default/files/hhs-end-of-year-accomplishments-2017.pdf.



Friday, January 26, 2018 - 09:00


HHS Secretary Azar Statement on President Trump’s FY 2019 Budget

Health and Human Services Secretary Alex Azar issued the following statement today on President Trump’s Fiscal Year 2019 Budget:

“The President’s budget makes investments and reforms that are vital to making our health and human services programs work for Americans and to sustaining them for future generations. In particular, it supports our four priorities here at HHS: addressing the opioid crisis, bringing down the high price of prescription drugs, increasing the affordability and accessibility of health insurance, and improving Medicare in ways that push our health system toward paying for value rather than volume.

“This budget supports the hard work the men and women of HHS are already doing toward these goals. In particular, the budget’s efforts to reduce the high cost of prescription drugs, especially for America’s seniors, are a reflection of President Trump’s deep commitment to addressing this important issue.”

The HHS Budget in Brief can be found here.



Monday, February 12, 2018 - 12:45


Five breaches add up to millions in settlement costs for entity that failed to heed HIPAA’s risk analysis and risk management rules

Fresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA is a provider of products and services for people with chronic kidney failure with over 60,000 employees that serves over 170,000 patients. FMCNA’s network is comprised of dialysis facilities, outpatient cardiac and vascular labs, and urgent care centers, as well as hospitalist and post-acute providers.

On January 21, 2013, FMCNA filed five separate breach reports for separate incidents occurring between February 23, 2012 and July 18, 2012 implicating the electronic protected health information (ePHI) of five separate FMCNA owned covered entities (FMCNA covered entities). 

The five locations of the breaches were Bio-Medical Applications of Florida, Inc. d/b/a Fresenius Medical Care Duval Facility in Jacksonville, Florida (FMC Duval Facility); Bio-Medical Applications of Alabama, Inc. d/b/a Fresenius Medical Care Magnolia Grove in Semmes, Alabama (FMC Magnolia Grove Facility); Renal Dimensions, LLC d/b/a Fresenius Medical Care Ak-Chin in Maricopa, Arizona (FMC Ak-Chin Facility); Fresenius Vascular Care Augusta, LLC (FVC Augusta); and WSKC Dialysis Services, Inc. d/b/a Fresenius Medical Care Blue Island Dialysis (FMC Blue Island Facility).

OCR’s investigation revealed FMCNA covered entities failed to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of its ePHI.

The FMCNA covered entities impermissibly disclosed the ePHI of patients by providing unauthorized access for a purpose not permitted by the Privacy Rule.

FMC Ak-Chin failed to implement policies and procedures to address security incidents.

FMC Magnolia Grove failed to implement policies and procedures that govern the receipt and removal of hardware and electronic media that contain ePHI into and out of a facility; and the movement of these items within the facility.

FMC Duval and FMC Blue Island failed to implement policies and procedures to safeguard their facilities and equipment therein from unauthorized access, tampering, and theft, when it was reasonable and appropriate to do so under the circumstances.

FMC Magnolia Grove and FVC Augusta failed to implement a mechanism to encrypt and decrypt ePHI, when it was reasonable and appropriate to do so under the circumstances.

“The number of breaches, involving a variety of locations and vulnerabilities, highlights why there is no substitute for an enterprise-wide risk analysis for a covered entity,” said OCR Director Roger Severino. “Covered entities must take a thorough look at their internal policies and procedures to ensure they are protecting their patients’ health information in accordance with the law.”

In addition to a $3.5 million monetary settlement, a corrective action plan requires the FMCNA covered entities to complete a risk analysis and risk management plan, revise policies and procedures on device and media controls as well as facility access controls, develop an encryption report, and educate its workforce on policies and procedures.

The resolution agreement and corrective action plan may be found on the OCR website at   http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/FMCNA/index.html.

To learn more about health information privacy laws and health information privacy rights, please visit www.hhs.gov/hipaa.

To file a complaint with OCR based on a violation of civil rights, conscience or religious freedom, or health information privacy, visit us at www.hhs.gov/ocr/complaints.

Follow OCR on Twitter at http://twitter.com/HHSOCR.



Thursday, February 1, 2018 - 10:00