PWW's resident HIPAA guru, Ryan Stark, is in Washington D.C. this week for the National HIPAA Summit, where the nation's premier authorities on HIPAA are revealing the latest about privacy and security. "I'm really excited to integrate the stuff I'm learning into the Privacy Update for abc360 and to the Certified Ambulance Privacy Officer Course," said Ryan.
First, the Gold
HIPAA's "top cop", Roger Severino, kicked off the Summit by touting that the Office of Civil Rights (OCR) brought in nearly $42 million in 2016 and 2017. That figure crushes numbers from all previous years. Severino sad we must "consider the patient data in [our] possession like gold". Then he dropped a few nuggets for the crowd:
- OCR is thinking about changing the Notice of Privacy Practices requirement and they are asking the public to comment. Hint, the requirement may get easier.
- OCR will soon be issuing guidance on texting, social media and encryption. This guidance could drive policies for EMS agencies on these topics.
- The government is setting the stage for using part of HIPAA penalties to compensate harmed individuals. Will this spell more enforcement?
Now, the Silver
The Acting Senior Advisor for HIPAA Compliance and Enforcement, Serena Mosely-Day, followed up by highlighting interesting enforcement cases. In one case, an orthopedic group engaged a business partner to digitize all of its old x-rays. Turns out, there's silver in the x-rays and, instead of properly destroying them, the partner took off with the records and likely mined silver from the film. "I read about these cases, but many times you never get the full story," Ryan said. "We have a lot to learn from what these companies did wrong."
Ryan will be bringing these "precious finds" to attendees this spring at abc360.