Legal
Court Blocks New CTA Business Reporting Requirement
A U.S. district court has issued an injunction blocking the enforcement of the Corporate Transparency Act (CTA) beneficial ownership reporting ...
Posted By Kate Harper, Friday, August 31, 2018
By Jay Reyero, JD, Partner, ByrdAdatto
Patient privacy and HIPAA go hand-in-hand in any medical setting, including your med spa. While cyberattacks, whether on large hospital systems or small clinics, make for splashy headlines, healthcare providers should not forget to look within when it comes to vulnerabilities.
A recent examination by Verizon of security incidents across 27 countries found that the majority (58%) of healthcare-protected health information ("PHI") data breaches were due to insider threats. (For more information on patient privacy, sign up for our upcoming live webinar. It is free for all AmSpa members.)
The report highlighted several areas that healthcare providers encounter on a frequent basis where risks could arise internally, such as the potential for privilege abuse. Personnel require access to specific PHI to perform their duties but providing such access puts them in position to easily use or access the PHI for other, malicious purposes. This can be especially problematic with disgruntled or recently fired employees. The three steps a healthcare provider should take to protect itself are: (1) Identify; (2) Address; and (3) Audit.
Identification requires healthcare providers to identify all of the vulnerabilities to PHI; not only those risks from the outside, but just as important, those risks from within the organization.
Once a healthcare provider identifies its vulnerabilities, steps should be taken to address each by implementing the appropriate safeguards necessary to protect the PHI, both in terms of technology and internal policies and procedures. Many may recognize this as the first step of any HIPAA compliance plan, which is the Risk Analysis and Management required under the Security Rule.
Finally, healthcare providers must continue to be vigilant against the ever-present threat to extremely valuable data through regular audits of the systems and policies in place to find new vulnerabilities or current vulnerabilities being exploited.
Healthcare providers would be wise to conduct an updated (or first) risk analysis and understand where they stand in the fight against threats to PHI.
For more information on ways to build and run a successful, profitable, and legally compliant medical spa attend one of AmSpa's Medical Spa & Aesthetic Boot Camps and be the next med spa success story.
ByrdAdatto represents physician practices, dental practices, law firms, medical spas, and other professional services companies throughout the United States. AmSpa members can take advantage of an annual compliance consultation call with the firm.
Jay Reyero, JD, is a partner at the business, healthcare, and aesthetic law firm of ByrdAdatto. He has a background as both a litigator and transactional attorney, bringing a unique and balanced perspective to the firm's clients. His health care and regulatory expertise involves the counseling and advising of physicians, physician groups, other medical service providers and non-professionals. Specific areas of expertise include Federal and State health care regulations and how they impact investments, transactions and various contractual arrangements, particularly in the areas of Federal and State anti-referral, anti-kickback and HIPAA compliance.
Related Tags
Medical spa news, blogs and updates sent directly to your inbox.
Legal
A U.S. district court has issued an injunction blocking the enforcement of the Corporate Transparency Act (CTA) beneficial ownership reporting ...
Legal
By Jay D. Reyero, JD In the evolving landscape of health care, innovative models such as concierge medicine have ...
Legal
By Jeffrey Segal, MD, JD The world of regenerative medicine is rapidly evolving, with stem cell therapy and exosome ...
Legal
By Clint L. Nuckolls, JD, ByrdAdatto Body sculpting, also known as body contouring, has surged in popularity as individuals ...