Skip to content

Florida Passes New Data Security Law That Is More Stringent Than HIPAA

Florida Information Protection Act of 2014

shutterstock_149601545As of July 1st, healthcare providers, vendors and health plans doing business in Florida will have to follow the Florida Information Protection Act of 2014 (FIPA). The new law changes what information must be protected, increases who it applies to and requires different breach notification than HIPAA. The new regulation is more stringent than HIPAA and must be complied with in addition to HIPAA. CynergisTek CEO Mac McMillan recently told InformationWeek, “The law includes the most comprehensive set of breach notification requirements for both covered entities (CEs) and BAs”. Learn what FIPA means for your organization and what the new requirements are. 

Read more

Jocelyn Samuels is Named Director of OCR

Samuels to Replace Leon Rodriguez

HHS logoJocelyn Samuels has been named by Secretary Sylvia Burwell to be the next director of the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR). OCR is the federal agency responsible for development and enforcement of the HIPAA Privacy and Security Rules as well as the HITECH Breach Notification Rule. Samuels will replace Leon Rodriguez, whose nomination to serve as director of the United States Citizenship and Immigration Services (USCIS) of the Department of Homeland Security (DHS) was confirmed by the U.S. Senate on June 25th. President Obama nominated Rodriguez to his new post in December.

Read more

Are Medicaid Transportation Brokers Considered Business Associates?

HIPAA Requirements and the Medicaid Transportation Broker iStock_000002575226XSmall

The Omnibus Rule defined a number of businesses and quasi-governmental agencies that provide services to support public health care safety net programs as HIPAA Business Associates because of the protected health information they receive, create and/or maintain while performing services on behalf of a HIPAA covered entity. The changes to the HIPAA Rules to implement the provisions of the HITECH Act are still being felt. A case in point are Medicaid transportation brokers.

Read more
klas_logo

CynergisTek Listed in Top Three of New KLAS Report on Healthcare Security/Privacy

CynergisTek has been recognized by KLAS® as one of three firms provider organizations are turning to most for privacy and security assistance, in its groundbreaking report released in May 2014, entitled “Security and Privacy Perception 2014: High Stakes, Big Challenges.” CynergisTek leadership supported KLAS’ effort to develop its first ever report on firms providing privacy and security services, and commends the organization for its focus in the space.

Read more

How Would You Perform In an OCR Audit?

The Office for Civil Rights (OCR) piloted a random audit program to measure compliance with HIPAA Rules and will rollout the program later this year. During the pilot program, many organizations struggled to demonstrate compliance and the biggest reasons heard were, “unaware of the requirement” and “incomplete implementation”.* OCR found that only 11% of the selected entities did not have any findings or observations of non-compliance.All of OCRs findings and observations prove how important it is to periodically and thoroughly review your security program to ensure compliance with HIPAA rules, especially now that the Omnibus Rule was passed. It is important, necessary and the right thing to do. CynergisTek offers several solutions and workshops to help organizations improve their security programs. All of our services can prepare and help your organization demonstrate compliance if ever selected for a random audit.

Findings by HIPAA Rules

Privacy Rule Findings

Image1 Image2
60% of the violations fell under the HIPAA Security Rule. OCR reported that most didn’t have a thorough risk assessment (as required by the Security Rule). CynergisTek offers many services, including a third-party risk assessment, to help improve the integrity of your security program.

Click here to learn more about our OCR Audit Services.

Nearly half of the findings under the Privacy Rule fell under policy and procedures. Organizations need to regularly evaluate their privacy program to ensure compliance. CynergisTek can assess the current state of your privacy program and address any gaps that are identified.

Click here to learn more about our Privacy Assessment.


* U.S. Department of Health and Human Services, Office for Civil Rights. HIPAA Privacy, Security and Breach Notification Audits – Program Overview & Initial Analysis. April 2013.
%d bloggers like this: