Systemic Noncompliance

Written by Kevin L MabryHSN



The storyline narrative varies slightly from episode to episode, however the result’s usually the same.  Pay an excellent, create a plan, regret not carrying this out all to begin with.  This isn’t some soap opera or Netflix binge-worthy series this really is real existence and also the figures would be the medical industry and Office for Civil Legal rights (OCR).

Lately we discover Athens Memory foam Clinic PA saying yes to pay for $1.5 million in fines and saying yes to consider a corrective plan of action to stay their 2016 breach which uncovered patient records.  They were contacted with a hacker demanding ransom money to acquire the stolen database.  This cybercriminal had used a vendor’s credentials to gain access to to electronic permanent medical record system and acquire the database of protected health information (PHI).  This access ongoing for any month until This summer 16, 2016.

In the finish of this month, Athens Memory foam filed a breach are convinced that alerted the OCR of 208,557 individuals struggling with this data breach.  The data utilized incorporated patient names, birthdates, social security figures, surgical procedures, medical health insurance information, and also the outcomes of medical testing.

The resulting analysis uncovered a lengthy good reputation for systemic noncompliance with HIPAA Security and privacy Rules.  It had been says Athens Memory foam had unsuccessful to conduct any risk analysis or implement any kind of risk or audit controls.  There wasn’t any securement of economic affiliate contracts (which incorporated multiple work associates), upkeep of HIPAA procedures and policies, nor was there any HIPAA Privacy Rule training for their team.

Ending shocker (or otherwise): They’d to pay for an excellent and implement a corrective plan of action.

What’s Systemic Noncompliance?

Athens Memory foam isn’t the only real healthcare agency to possess systemic non-compliance within its organization or business walls.  Which means that it may be assumed that other providers have experienced violations of documented rules in the OCR.  These repeat defects provide online hackers with ample chance to achieve access and therefore are the weakest links with regards to a previously threatened industry.

Corrective action must be taken NOW, not when it’s far too late, or perhaps is along with the hefty fine that’s inevitably put upon these companies.

In case your organization needs assistance having your HIPAA compliance so as, we’d gladly help! Call us anytime:


CEO, Author of the #1 Risk to Small Businesses

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}