Collector – August 2019 - 31

HIPAA enforcement actions raise
concerns for business associates.
You need to be prepared to fend off
a hacker attack or data breach.
By Tim Dressen

I

n 2018, the Office for Civil Rights at the
U.S. Department of Health and Human
Services settled 10 Health Insurance
Portability and Accountability Act cases
and was granted summary judgment in
another. Together, these enforcement
actions totaled $28.7 million, surpassing the
agency's previous record of $23.5 million
in 2016.
Among these actions was HHS's largest
individual HIPAA settlement of $16 million
with Anthem Inc., representing a nearly
threefold increase over the previous record
settlement of $5.5 million in 2016.
In the first half of this year, HHS
was already investigating well over 100
reported HIPAA breaches affecting 500 or
more people by health care providers and
their business associates. At least five of
them affect more than a quarter million
individuals each.
The number of enforcement actions and
their settlement amounts will likely grow as
HHS seeks to penalize organizations that fail
to sufficiently protect patient data.
While HHS is the primary source of
HIPAA enforcement actions, state attorneys

COLLECTOR 08.19

general have also taken up the cause. Last
December, a dozen states filed a federal
lawsuit against two companies accused of
exposing the protected health information
(PHI) of nearly 4 million people. This lawsuit
is reportedly the first federal HIPAA breach
lawsuit brought by multiple AGs.
"It's a scary time for anyone handling data
because you read about another breach,
intrusion or hack in the health care world
every day," said George Buck, president
emeritus with Frost-Arnett Company. "You
don't want to get sucked into that whirlpool
along with your client, and you definitely
don't want to be the cause of the breach."
With the HIPAA enforcement spotlight
shining bright, accounts receivable
management agencies should ensure their
policies, procedures and practices include
stringent data security measures and that
their business associate agreements are
thorough and current.

KNOW WHERE THE DATA
IS STORED
Protecting sensitive data is impossible
without a full understanding of how

it's used, where it's stored and how it's
transmitted.
"You may think you keep everything
in your collection software, but do you
really?" asked Leslie Bender, IFCCE, CCCO,
chief strategy officer and general counsel
for BCA Financial Services. "Where are
all the places in your organization where
nonpublic information is allowed to reside?
Is there any data stored in spreadsheets? Do
employees have Notepad on their computers,
where they may have copied and pasted
information? Is there anything preventing
them from sending nonpublic consumer
data using email?"
Consider how information is transferred
over your company's network. Some copiers,
printers and fax machines store past jobs
until the data is purged, for example.
Do you know whether such purges take
place automatically, or could your office
equipment contain a hard drive full of
protected information?
Similarly, some printers include
functionality allowing users to print
documents by sending them as attachments
to a unique email address. Are such emails
encrypted and secure? Is that data stored
on email servers belonging to the printer's
manufacturer?
Thoroughly evaluating all potential places
where data may be accessed, transmitted
and stored gives you a chance to identify and
patch potential data security weaknesses.

ENCRYPT YOUR DATA
The majority of reported HIPAA data
breaches in the first quarter of 2019 resulted
from email and network server hacking or
similar IT incidents. Storing and transmitting
only encrypted data significantly reduces the
potential severity of such hacks.
"It's surprising and alarming the number
of health care providers that still don't
want to or can't accept encrypted email
or data," Buck said. "There's still a lack of
sophistication among providers when it
comes to sending health care data back and
forth. A lot of information being

31



Collector – August 2019

Table of Contents for the Digital Edition of Collector – August 2019

President’s Page
Industry News
Best Practices
FYI
Collection Tips
How a background in making people laugh has helped Roger Weiss, ACA’s new president, educate and engage an industry.
No Good Option
“You’ve got to be a compliance cheerleader for the organization, and that takes a lot of energy.”
Protecting Health Care Data
Calendar
Honor Roll
Education Spotlight
ACA SearchPoint
Ad Index
Membership
Last Word
Collector – August 2019 - Cover1
Collector – August 2019 - Cover2
Collector – August 2019 - 1
Collector – August 2019 - 2
Collector – August 2019 - 3
Collector – August 2019 - 4
Collector – August 2019 - President’s Page
Collector – August 2019 - Industry News
Collector – August 2019 - 7
Collector – August 2019 - 8
Collector – August 2019 - 9
Collector – August 2019 - Best Practices
Collector – August 2019 - 11
Collector – August 2019 - FYI
Collector – August 2019 - 13
Collector – August 2019 - Collection Tips
Collector – August 2019 - 15
Collector – August 2019 - How a background in making people laugh has helped Roger Weiss, ACA’s new president, educate and engage an industry.
Collector – August 2019 - 17
Collector – August 2019 - 18
Collector – August 2019 - 19
Collector – August 2019 - 20
Collector – August 2019 - 21
Collector – August 2019 - 22
Collector – August 2019 - 23
Collector – August 2019 - No Good Option
Collector – August 2019 - 25
Collector – August 2019 - 26
Collector – August 2019 - “You’ve got to be a compliance cheerleader for the organization, and that takes a lot of energy.”
Collector – August 2019 - 28
Collector – August 2019 - 29
Collector – August 2019 - Protecting Health Care Data
Collector – August 2019 - 31
Collector – August 2019 - 32
Collector – August 2019 - 33
Collector – August 2019 - Calendar
Collector – August 2019 - Honor Roll
Collector – August 2019 - Education Spotlight
Collector – August 2019 - 37
Collector – August 2019 - 38
Collector – August 2019 - 39
Collector – August 2019 - 40
Collector – August 2019 - 41
Collector – August 2019 - 42
Collector – August 2019 - 43
Collector – August 2019 - 44
Collector – August 2019 - 45
Collector – August 2019 - 46
Collector – August 2019 - 47
Collector – August 2019 - ACA SearchPoint
Collector – August 2019 - Ad Index
Collector – August 2019 - Membership
Collector – August 2019 - 51
Collector – August 2019 - Last Word
Collector – August 2019 - Cover3
Collector – August 2019 - Cover4
http://online.collector.com/collectormagazine/201908/
http://online.collector.com/collectormagazine/201907/
http://online.collector.com/collectormagazine/201906/
http://online.collector.com/collectormagazine/201905/
http://online.collector.com/collectormagazine/201904/
http://online.collector.com/collectormagazine/201903/
http://online.collector.com/collectormagazine/201902/
http://online.collector.com/collectormagazine/201901/
http://online.collector.com/collectormagazine/201812/
http://online.collector.com/collectormagazine/201811/
http://online.collector.com/collectormagazine/201810/
http://online.collector.com/collectormagazine/201809/
http://online.collector.com/collectormagazine/201808/
http://online.collector.com/collectormagazine/201807/
http://online.collector.com/collectormagazine/201806/
http://online.collector.com/collectormagazine/201805/
http://online.collector.com/collectormagazine/201804/
http://online.collector.com/collectormagazine/201803/
http://online.collector.com/collectormagazine/201802/
http://online.collector.com/collectormagazine/201801/
http://online.collector.com/collectormagazine/201712/
http://online.collector.com/collectormagazine/201711/
http://online.collector.com/collectormagazine/201710/
http://online.collector.com/collectormagazine/201709/
http://online.collector.com/collectormagazine/201708/
http://online.collector.com/collectormagazine/201707/
http://online.collector.com/collectormagazine/201706/
http://online.collector.com/collectormagazine/201705/
http://online.collector.com/collectormagazine/201704/
http://online.collector.com/collectormagazine/201703/
http://online.collector.com/collectormagazine/201702/
http://online.collector.com/collectormagazine/201701/
http://online.collector.com/collectormagazine/201612/
http://online.collector.com/collectormagazine/201611/
http://online.collector.com/collectormagazine/201610/
http://online.collector.com/collectormagazine/201609/
http://online.collector.com/collectormagazine/201608/
http://online.collector.com/collectormagazine/201607/
http://online.collector.com/collectormagazine/201606/
http://online.collector.com/collectormagazine/201605/
http://online.collector.com/collectormagazine/201604/
http://online.collector.com/collectormagazine/201603/
http://online.collector.com/collectormagazine/201602/
http://online.collector.com/collectormagazine/201601/
http://online.collector.com/collectormagazine/201512/
http://online.collector.com/collectormagazine/201511/
http://online.collector.com/collectormagazine/201510/
http://online.collector.com/collectormagazine/201509/
http://online.collector.com/collectormagazine/201508/
http://online.collector.com/collectormagazine/201507/
http://www.nxtbookMEDIA.com