In this episode, Suzanne and Chase review the Office of Civil Rights (OCR, a subdivision of HHS) list of HIPAA violation settlements that occurred in 2018. To lead off, though, Chase breaks down the purpose of the HIPAA privacy and security rules, and what the basic HIPAA requirements are for employers. Suzanne and Chase then discuss several OCR investigations of employer HIPAA violations that eventually led to settlements. Chase breaks down HIPAA violations resulting from several situations. First: a doctor’s response to media inquiries regarding a patient’s complaint. Second: a hospital group that developed policies and procedures, but failed to implement them and later experienced a breach when unencrypted USB drives were lost and an unencrypted computer was stolen. Third: a document retention company that left a box of files containing sensitive information in an unlocked truck in its parking lot. The final case involves hospitals that failed to obtain authorization from patients while filming a TV mini-series. Chase and Suzanne close with a discussion of HIPAA compliance learning points for employers and their group health plans.
Every other week, NFP's legal experts make the subject of compliance personal for a wide audience. By breaking down the daunting details of emerging policies and bridging the gap between legislation and what it means for the listener, Chase Cannon and Suzanne Spradley make compliance issues relatable and relevant. Visit our Soundcloud page every two weeks for the most up-to-date episode.