In the healthcare industry complying with the HIPAA Security Rule is not optional and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) will hold organizations accountable for systemic non-compliance. This is demonstrated in a recent settlement between OCR and a clinical laboratory.
According to OCR's announcement, the clinical laboratory has agreed to pay $25,000 to OCR and to implement a corrective action plan to settle potential violations of the HIPAA Security Rule. The clinical laboratory is certified under the Clinical Laboratory Improvement Amendments of 1988 (CLIA). Their services include providing diagnostic and laboratory-developed tests, including clinical and genetic testing services.
During OCR's compliance review of the clinical laboratory's compliance with the HIPAA Privacy and Security Rules, OCR found systemic noncompliance with the HIPAA Security Rule, including:
- Failures to conduct an enterprise-wide risk analysis
- Implement risk management and audit controls
- Maintain documentation of HIPAA Security Rule policies and procedures
"Clinical laboratories, like other covered healthcare providers, must comply with the HIPAA Security Rule. The failure to implement basic Security Rule requirements makes HIPAA regulated entities attractive targets for malicious activity, and needlessly risks patients' electronic health information" said Robinsue Frohboese, Acting OCR Director. "This settlement reiterates OCR's commitment to ensuring compliance with rules that protect the privacy and security of protected health information."
These problems are so avoidable!
Healthcare Compliance Pros understands the importance of all healthcare organizations who are responsible for safeguarding the confidentiality, availability, and integrity of patients' electronic health information, complying with all HIPAA Privacy and Security Rule requirements.
Do you have questions regarding your organization's compliance with HIPAA requirements? We are happy to help. Contact us by phone 855-427-0427 or by email firstname.lastname@example.org