Audits heat up HIPAA liability
February 9, 2012 -- In November 2011, the Office for Civil Rights (OCR) began audits to assess compliance with the HIPAA Privacy, Breach Notice, and Security Rules. The OCR compliance audits will be conducted by KPMG LLP and generally will consist of an initial document request, an onsite visit by the auditors, and then negotiation of an audit report. In a time when fines for HIPAA non-compliance surpass the million dollar mark, covered organizations should take action now to evaluate HIPAA compliance and mitigate potential liability:
- Documentation: Ensure, at minimum, that all the policies and procedures required by the HIPAA Privacy, Breach Notice, and Security Rules are finalized and regulator-ready. If you are audited, you will have only 10 business days to respond to the initial documentation request. Therefore, we recommend developing a comprehensive list of all relevant policies so they can be produced quickly. Also begin noting what other documentation would support your compliance efforts (such as a log of disclosures) and how it can be produced for OCR inspection.
- Business Associates: If you have not identified all of your vendors that handle protected health information, do so now. Negotiate business associate agreements with all such vendors.
- Risk Analysis: Covered entities must periodically conduct a comprehensive, formal risk analysis. OCR likely will request the results of that analysis during an audit. If you have not conducted a risk analysis in the last 12 months, do so now. Evaluate the results and determine how best to mitigate or manage each risk identified (an activity also required by the Security Rule). Document the entire process.
- Evaluate Compliance: Covered entities must evaluate periodically the effectiveness of their HIPAA compliance programs, including compliance with recent changes due to the HITECH Act and applicable regulations. If you have not done a formal evaluation of your program, such as conducting a trial run of your breach incident response plan, do so now. Document the process, and adjust procedures in light of the results.
- Training: If you have not consistently or recently trained employees, now is a good time for a refresher. Maintain documentation evidencing that every relevant employee has been trained.
- Subject Matter Experts: OCR will expect you to know which individuals in your organization can speak to each aspect of HIPAA implementation. You should make a list of these people now and ask them the kinds of questions OCR might pose.
- Timely Response: Ensure that the appropriate people will receive any communications from OCR in a timely manner. Deadlines for responding during an audit are very short—sometimes as short as 10 business days. Do not let OCR communications sit in someone's inbox while they are on vacation for a week, potentially cutting your response time in half.
Imation Brings Enterprise-Strength Linear Tape-Open (LTO) Storage Solutions to Small and Medium-Size
OAKDALE, Minn., Feb 07, 2012 (BUSINESS WIRE) -- Imation Corp. IMN -1.14% , a global secure storage and data security company, today announced the availability of enterprise-strength Linear Tape-Open (LTO) storage tape libraries, which are crucial components to data archiving and backup solutions for small and medium-sized businesses (SMBs). The Imation L1200 LTO(R) 2U and Imation L1400 LTO(R) 4U Tape Libraries feature the highest LTO capacity and transfer rates available, giving SMBs flexibility to simultaneously manage rapid and unpredictable growth in digital content while still meeting strict industry regulations for retention, retrieval and recovery of data.
<p>
The continued embrace of modern IT infrastructure by SMBs is fueling the overall volume of digital content, which is expected to grow by 48 percent in 2012, according to industry research firm IDC. SMBs need to manage this data in ways that keep storage costs low, ensure regulatory compliance and protect the data--all at a price point that the organizations can afford. Imation LTO 2U and LTO 4U Tape Libraries are available through Imation's network of channel partners including Cranel, Inc., Promark Technology, NewWave Technologies, Inc. and Rorke Data.
<p>
"For SMBs facing rapidly increasing storage requirements, effective and secure tape archiving to manage valuable corporate information has been out of reach," said Bill Schilling, director, Scalable Storage Marketing, Imation. "That ends with solutions from Imation's scalable storage portfolio, including the Imation LTO 2U and 4U Tape Libraries. With our new LTO offerings, Imation is availing IBM-manufactured LTO solutions to a much wider portion of the channel; many value-added resellers previously did not have access to the enterprise-level functionality within these products."
<p>
Imation's LTO tape drives and libraries provide cost-effective, automated data storage and retrieval for companies that need to simplify IT operations while complying with regulatory and security requirements. The new Imation LTO 2U and LTO 4U Tape Libraries offer efficient operation, superior performance and scalability while meeting SMB demands for an intuitive and user-friendly storage platform. Among the products' features:
High Data Transfer Rates -- SMBs can move information faster with native data transfer rates of up to 140 MB per second.
Infinitely Scalable Capacity -- To accommodate increasing data storage capacity needs, the Imation LTO Tape Libraries store up to 1.5 TB of data natively per removable tape cartridge and can scale even further with LTO-5 tape drives.
<p>
Network Flexibility -- The Tape Libraries provide easy connectivity to a wide range of server hardware through a 6 Gb/s SAS interface.
Built-in Security -- To protect sensitive data, the LTO Tape Libraries support LTO-4 and LTO-5 data encryption standards and WORM media.
The availability of Imation LTO 2U and LTO 4U Tape Libraries follows the introduction of Imation's scalable storage portfolio, a suite of tiered storage products right-sized for today's data-intensive SMBs. In addition to LTO technologies, the scalable storage portfolio features Imation InfiniVault(R) and Imation DataGuard(TM) multi-tiered data-archive and data-protection appliances, as well as the company's existing Imation RDX(R) removable hard disk storage.
<p>
About Imation
Imation is a global scalable storage and data security company. Our portfolio includes tiered storage and security offerings for business, and products designed to manage audio and video information in the home. Imation reaches customers in more than 100 countries through a powerful global distribution network and well recognized brands. For more information please visit, www.imation.com .
Imation, the Imation logo, InfiniVault and DataGuard are trademarks of Imation Corp. and its subsidiaries. All other trademarks are property of their respective owners. RDX is a registered trademark of Tandberg Data.
<p>
SOURCE: Imation Corp.
Medical Laptop Theft
A laptop containing information on more than 3,000 patients of Dean and St. Mary's Hospital in Madison, Wis., has been stolen
The Dean Clinic received a report of the laptop theft in early November, which was promptly reported to the police that same day and immediately investigated. The facility identified 3,288 patients who may have been affected and is notifying each patient or their guardians by letter.
Through an internal investigation, the clinic learned the laptop contained limited amounts of information, including names, dates of birth, medical record numbers, diagnoses, procedures and possibly pathology data. The laptop did not contain Social Security numbers, credit card information, home addresses, phone numbers or any other financial information. The clinic also stated there was no reason to believe the laptop was stolen to gain access to patient information or that the information would be misused.
In response, both Dean and St. Mary's Hospital are reviewing the breach of policy and are conducting an information and education initiative to ensure employees and providers are on-guard to protect patient information. Additionally, affected patients have been offered one-year identity theft monitoring and protection through ID Experts.
Maxell LTO Ultrium 5 Cartridges Utilize Dual Partitioning
Maxell Corporation of America announces its LTO Ultrium 5 technology provides companies and personnel responsible for archival footage and unstructured data, including web-based rich video or image content, with a highly reliable low-power archiving solution. Boasting a linear tape file system that mimics an HDD (hard disc drive), Maxell LTO-5 tapes utilize dual partitioning to provide a low cost of ownership, high storage capacity solution to post-production houses, television networks, movie studios, and data centers.
Acting as the "tape that thinks it's a hard drive," LTO-5 tapes can be easily accessed, as they utilize the same file structure/direct trees as HDDs. LTO-5 technology stands far above its predecessors, thanks to its linear tape file system. Utilizing dual partitioning, the linear tape file system dedicates one partition to the index, or directory. The index "tells" the drive exactly where a file is located, eliminating the slow, cumbersome task of searching for the correct file. The second partition stores the tape content to be accessed.
The advances of Maxell's LTO-5 technology address growing marketplace needs for a low cost of ownership product that addresses rich media content for entertainment and media, medical, and video surveillance. The linear tape file system's two media partitions can be independently accessed to provide enhanced data access and management. As one partition contains the content while the other stores its index, the tape can be self-describing. LTO-5 offers the ability to manage files directly on the tape.
Boasting a large storage capacity – 1.5TB native, 3TB compressed – Maxell's LTO-5 tapes feature twice the capacity of LTO-4, while retaining backward read/write compatibility with LTO-4, and backward read compatibility with LTO-3. They also provide faster transfer rates, reaching 140 MB/sec native, 280 MB/sec compressed. For network news and post-production applications, Maxell LTO Ultrium 5 cartridges feature encryption capabilities designed to enable hardware-based writing of encrypted data to the LTO Ultrium data cartridge. Therefore, it is a safe, secure cost-efficient archival media solution for a variety of professional broadcast and video applications.
As increasing investment requirements for data storage parallel the rapid growth of file sizes, businesses are challenged to find critically effective storage solutions. Power usage, for example, is a growing global concern for managers of broadcast stations, post production facilities, and data centers. When an LTO-5 drive is idle, with no tape mounted and handling no commands, it can use as little as five watts. A power saving mode is automatically initialized by the drive and requires no user interaction.
LTO Ultrium 5 cartridges from Maxell boast NeoSMART (Super Maximum-capacity Advanced Reliability Tape) technology, a convergence of advanced tape and manufacturing technologies that has been developed specifically for media with capacities in excess of one TB. NeoSMART draws on key technologies to achieve greater capacity on LTO media. Each technology makes a significant contribution to the overall goal of achieving high-performance and reliability over an operating life of at least 20,000 load/unload cycles.
Maxell LTO Ultrium 5 cartridges utilize ultra-fine, ceramic-armored metal particles, providing superior recording performance protection against corrosion throughout product life. In addition, the cartridges offer extremely accurate servo writing technologies, ensuring stable servo characteristics and superior tracking reliability corresponding to increased data track density. They also enhance stability for read/write performance, thanks to uniform, ultra-thin and a sub-micron magnetic coating. Finally, a built-in non-contact 8KB memory chip stores historical usage records and enables high speed data searches by the drive.
About Maxell
Maxell Corporation of America, a technology and marketing leader, is a full line manufacturer of digital media products for professional, data storage and consumer markets. Maxell has been recognized for over forty years for delivering a comprehensive line of digital tape and disc-based recording media products. The company offers a full line of disk and tape based media storage products, P2 Cards, SD Cards, Flash Memory and iVDR Technology products.
For more information, visit www.maxell-usa.com.
SOURCE: Maxell Corporation of America