“Encrypt your laptops and other mobile devices” is only one of the key lessons leaders of health plans, health care providers, health care clearinghouses (“Covered Entities”) and their business associates should take away from the Department of Health and Human Services Office for Civil Rights (OCR)’s April 22 announcement that Concentra Health Services (Concentra) and QCA Health Plan, Inc. of Arkansas (QCA) collectively are paying $1,975,220 under separate Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule resolution agreements resulting from thefts of unencrypted laptops. Along with the importance of encryption, however, these Resolution Agreements also contain equally significant, more broadly applicable lessons to Covered Entities, business associates and their leaders about some of the specific processes, actions and documentation that OCR them to implement and be prepared to defend the adequacy of their HIPAA “culture of compliance” if they file a breach report or otherwise face a HIPAA audit or investigation from OCR.
Consequently, while confirming the adequacy of their organization’s existing encryption of laptops and mobile…
View original post 2,838 more words
slphealthcareupdate.com 