Get the latest industry news first when you subscribe to our daily newsletter.
We will never sell or share your information without your consent. See our privacy policy.
U.S. Department of Health and Human Services Office of Inspector General and Centers for Medicare and Medicaid Services issued final rules modifying and expanding upon the regulatory safe harbors and exceptions to the federal Anti-Kickback Statute
Get Permission
Many of the major health data breaches added to the federal tally so far this year involve business associates, continuing a trend in recent years.
The largest breach added so far in 2021 to the U.S. Department of Health and Human Services HIPAA Breach Reporting Tool website – which lists health data breaches affecting 500 or more individuals – is a vendor hacking incident reported on Jan. 29 by Florida Healthy Kids Corp., a provider of children s health and dental health plans in Florida.
That breach – reported as affecting 3.5 million individuals - involved Jelly Bean Communications Design, a website hosting vendor that the health plans provider says failed to address vulnerabilities over a seven-year period, leaving patient data potentially exposed. Plus, the hackers tampered with some of that data, Healthy Florida Kids Corp. said in its breach notification statement last month.
The Complaint
HHS OCR says that in June 2019, it received a complaint alleging that Sharp failed to take timely action in response to a patient s records access request directing that an electronic copy of protected health information in an electronic health record be sent to a third party.
OCR says it provided Sharp with technical assistance on the HIPAA right of access requirements. But in August 2019, OCR received a second complaint alleging that Sharp still had not responded to the patient s records access request.
OCR initiated an investigation, and Sharp eventually provided access to the requested records.
Corrective Actions
As in OCR s 15 previous right of access settlements with other entities, in addition to the monetary settlement, Sharp will undertake a corrective action plan that includes two years of monitoring.