Triple-S Management Corporation has accepted to settle possible HIPAA violations with the United States Department of Health and Human Services to the tune of $3.5 million, after frequently failing to put protection in place for its beneficiaries’ PHI.
Additionally, the San Juan, Puerto Rico-deployed insurance holding industry will execute a robust corrective action policy to fix its HIPAA agreement deficiencies.
“OCR remains devoted to powerful enforcement of the HIPAA Principles,” OCR Director Jocelyn Samuels, claimed in a statement. “This situation sends a significant message for HIPAA Covered Entities, not merely about agreement with the needs of the Security Rule, involving threat analysis, but agreement with the needs of the Privacy Rule, involving those addressing business associate agreements and the minimum essential use of secured health data,” she stated.
HHS got “multiple violation notifications” from Triple-S about unsecured protected health data, in accordance to OCR, which soon promoted its investigation to verify HIPAA agreement.
The subsequent investigation disclosed widespread non-compliance throughout Triple-S and its subsidiaries.
This involved failure to execute suitable administrative, physical and technical protections to secure beneficiaries’ PHI privacy; impermissible disclosure of beneficiaries’ PHI to outside vendors without suitable business associate agreements; utilization or disclosure of more PHI than essential for mailings; failure to conduct precise and thorough threat analysis; failure to execute security measures sufficient to lessen threats and susceptibilities.
Triple-S fully coordinated with the HHS investigation and accepted to instate a comprehensive HIPAA agreement policy, a condition of the settlement. Its wholly-owned subsidiaries Triple-S Salud Inc., Triple-C Inc. and Triple-S Advantage Inc., formerly called as American Health Medicare Inc. are also observed in the settlement.
OCR has provided technical assistance to help with the corrective policy and will sustain to work with the OCR to acquire HIPAA agreement.
To acquire good-standing, Triple-S must create a risk analysis and risk management policy; a procedure to evaluate and deal atmospheric or operational changes impacting PHI security; policies and processes to facilitate HIPAA agreement and a training program for entire TRIPLE-S workforce and business associates.
Your email address will not be published. Required fields are marked *
Nice post, Thank you for sharing valuable information. I enjoyed readi ...
Any study that compares opioids to other pain-relief medicines? ...
Hey, very nice site. I came across this on Google, and I am stoked tha ...
Thanks for the information. I attended it and it was nice to learn the ...
Oh my goodness! Awesome article dude! Thank you so much. Thanks!! ...
Aetna Announces The Completion of $1 Billion Bond Public Offering
Aetna Declares A Brighter Experience For Entire Members of Aetna Dental Team
Urgent care chain utilizes patient feedback to empower performance
Patrick Conway is quitting CMS to supervise BCBS North Carolina
Copyright© 2015 Healthcare insurance News All Right Reserved