By:
On:
In: *Connecting the Dots Blog*, Uncategorized

  The California Division of Occupational Safety and Health recently fined the Children’s Hospital in Oakland for allegedly failing to protect workers from violence in the emergency department.  The hospital was penalized for “having an ineffective training program, incomplete and inadequate procedures to deal with safety concerns, and an incomplete and untimely hazard correction for workplace violence exposures in the emergency department.” Lessons Learned: The first lesson learned is obvious…organizations must have a comprehensive workplace violence program in place and ensure that all staff has been adequately trained on how to prevent and respond to incidents of violence, identify red flags and report all threats,Read More →

By:
On:
In: *Connecting the Dots Blog*, Incident Reporting, Information Privacy, Information Security, Risk Management

  CVS Caremark Corp has agreed to pay $17.5 million to resolve claims that it overbilled Medicaid.  The case was brought to the Justice Department by a whistleblower in Minnesota, who will receive $2.6 million. Which makes more sense to you and your bottom line?  A) Having employees report illegal and unethical situations internally so your organization can address situations and document them for legal and CYA purposes or B) having employees report illegal and unethical situations to the federal government and then dealing with expensive multi-million dollar fines, spending time and money and resources on repairing reputations and having the whistleblower get paid millions too?Read More →

By:
On:
In: *Connecting the Dots Blog*, Education, School Safety

  The parents of a bullied student who committed suicide in 2009 have filed a lawsuit against the Hillsborough School Board claiming school officials failed to take proper steps after learning their daughter showed signs of being suicidal. Lessons Learned:  If a student signs “a formal contract in which she expressly agreed not to commit suicide” at school with a school social worker…does the school have the responsibility to tell the student’s parents about the signed contract? School boards and school leaders need to make sure their policies and procedures define situational awareness – what steps should be taken in different situations – so counselors,Read More →

By:
On:
In: *Connecting the Dots Blog*, Health Care

  A new study revealed an enormous patient safety gap – up to 90 percent of patient injuries, infections and other safety issues are not being recorded.   What does this mean for hospitals?  What does this mean for patients?  What does this mean for regulators? Lessons Learned:  Hospitals face serious patient safety and patient quality challenges and the key to improving patient safety will be their People – management, nurses, doctors, staff, partners, business associates, etc.  Hospitals must ensure every individual has situational awareness and accountability for better decision making and a comprehensive incident reporting and incident management platform will be critical to get theRead More →

By:
On:
In: *Connecting the Dots Blog*, Health Care, Information Privacy

  Despite stricter privacy and security regulations, hospitals are struggling to protect patient information.  According to a recent Ponemon Study, breaches are costing the health care industry $6 billion annually. The top three causes of breaches: Unintentional employee action Lost or stolen computing devices Third-party accidents   Lessons Learned:  Failure to protect sensitive and personally identifiable information is expensive and damaging to a health care organization’s reputation.  Organizations need to complement their general awareness with ongoing situational awareness programs to ensure all employees (and third-parties) understand their individual roles and responsibilities for protecting sensitive patient information.  With mounting regulatory changes and the move to electronicRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Regulatory Compliance

  The HHS Office for Civil Rights plans to use powers authorized under the HITECH Act to tighten up privacy requirements, as well as exponentially increase the penalties for HIPAA privacy and security violations. Lessons Learned:  Organizations will need to ensure they are meeting all requirements and documenting actions under the HIPAA/HITECH Act and maintain a a high level of CYA – compliance year around!  All employees (and third-parties) must be aware of and accountable for their individual requirements as a single data breach or violation can cost an organization up to $50,000…which is much more expensive and costly than new compliance and risk platformsRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Regulatory Compliance

  The HHS Office for Civil Rights is asking for $46.7 million in funding, an increase of $5.6 million over the current level.  76 percent of the new funds will be for increased enforcement of health information privacy and security rules. Lessons Learned:  Increased enforcement of existing and new regulatory requirements are on the way.  Is your organization prepared and meeting all compliance requirements for HIPAA/HITECH or are you willing to take your chances?  Based on numerous other lessons learned stories in this blog (search the Lessons Learned Blog for your sector or other keywords), getting your compliance program in shape sooner than later makesRead More →

By:
On:
In: *Connecting the Dots Blog*, Health Care, Regulatory Compliance

  Cignet Health is facing a $4.3 M civil penalty after violating the HIPAA Privacy Rule and failing to cooperative with HHS’s subsequent probe.  This is the first civil money penalty for a violation of HIPAA. Lessons Learned: The Feds mean business and there will be more fines and lawsuits and more embarrassing headlines for health care organizations that do not take compliance, risk assessments and incident management seriously.  Is your organization meeting all HIPAA/HITECH compliance requirements?  Do you have the necessary documentation in place to provide HHS with information in the event of an audit? Does your documentation help your organization demonstrate all appropriateRead More →

By:
On:
In: *Connecting the Dots Blog*, Financial, Health Care, Information Privacy, Information Security

  According to Symantec’s Internet Security Threat Report, there were 286 million new threats in 2010 which equals an average of about 783,561 new threats per day.  The report also points to dramatic increases in both frequency and sophistication of targeted attacks and continued growth of social networking sites to distribute attacks. Lessons learned:  Your people are under attack…how is your organization keeping your people up to date on new attacks and new threats?Read More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Risk Management, School Safety

  Brazilian gunman fatally shot 11 children and wounded 18 others at a Rio de Janeiro public school… One person dead and three others hurt in a shooting at Southern Union Community College… Student Planned to Shoot “As Many as He Could”… If you followed the headlines last week, we saw multiple tragedies at schools and colleges around the globe.  However, one high school in Missouri was able to prevent what could have been a potentially devastating attack. An 18 year old student was arrested with conspiring to shoot other students at his school.  There were multiple warning signs identified and fortunately two brave students cameRead More →