Recent HIPAA breach settlement emphasizes the importance of a security risk assessment

On April 12th, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR) announced a settlement with Metro Community Provider Network (MCPN), a federally qualified health center (FQHC) in Colorado. Pursuant to the settlement, MCPN agreed to pay $400,000 and implement a corrective action plan for alleged violations of the HIPAA Privacy and Security Rules.

The settlement stems from a breach that MCPN reported in 2012. Hackers used a phishing incident to access email accounts of MCPN employees, obtaining protected health information of 3,200 MCPN patients. Although HIPAA covered entities, such as MCPN, are required to conduct security risk analyses, MCPN did not conduct a HIPAA risk analysis until after discovery of the breach. In addition, OCR found that the risk assessments that MCPN did conduct were not sufficient to satisfy the requirements of the HIPAA Security Rule. Finally, OCR found that MCPN did not implement security risk management measures in compliance with the HIPAA regulations.

In addition to highlighting the importance of conducting security risk assessments, this breach settlement is another indication of how OCR is working through its backload of cases.

HIPAA compliance is one of the most important - and challenging - undertakings for a dental practice. Protect your patients - and your practice - by calling TREYSTA Dental and developing and implementing a complete HIPAA compliance program. With increased scrutiny by regulators and the possibility of penalties in the thousands and even millions of dollars for HIPAA violations, you can't afford not to. 

Call TREYSTA Dental for a risk assessment today!

The OCR press release on this settlement can be found here and the Resolution Agreement and Corrective Action Plan can be found here.


What is Szymon watching??


He's watching...!!!

What is Szymon watching?   As our Centralized Services Manager, Szymon does the following:

1.    Watches alerts sent from our monitoring software.   Szymon is looking for early warning signals that can be corrected BEFORE you have a major problem!   Alerts could be:  Running out of disk space, High memory usage, Overheating, etc. 

2.   Watches to make sure all monitored backups completed successfully.   Just because the backup system was setup correctly initially, doesn't mean that it will continue to work forever.   Syzmon checks backups daily for our Managed Services Agreement clients to ensure a good backup has occurred.   (PS   If you don't have a monthly agreement, we AREN'T us today if you would like to add this service).

3.    Watches and schedules patches.   On a weekly basis, our software will automatically send out patches to your Servers and PC's to keep them up to date.  Most patches are to plug a software security hole that has been detected so this is very important.   Again, if you aren't a Managed Service Agreement client, we don't send out patches and don't ensure that any automated patching is being completed successfully.

4.   Watches and automates a whole bunch of other stuff!    Makes sure that your Antivirus, openDNS, Office 365 and other applications are running correctly with no alerts.  

Isn't it great to know that Szymon is watching your network so you can stay productive, stay secure and stay up to date.   We all rely a lot on technology and we can't afford downtime.   With super Techs like Szymon on board at TREYSTA, we work hard to keep you running smoothly!