HIPAA Expert Witness Experience and Commentary – Mobile Security

by Michael Arrigo

In my experience serving as HIPAA Expert Witness on HIPAA Privacy and Security advising clients in HIPAA breach litigation cases, one of the most important and challenging mandates for providers is to enforce policies and procedures across multiple technology platforms, devices, and a geographically distributed workforce. Recent HIPAA breaches I have seen were not caused by a certified EHR, but instead caused by non-secure connected servers, mobile devices, and poorly trained people.

Mike Arrigo, Managing Partner & CEO No World Borders, Inc.
Michael Arrigo, Managing PartnerĀ  No World Borders, Inc., HIPAA Expert Witness

The HIPAA Privacy Rule provides that a covered entity must have appropriate administrative, physical, and technical safeguards to protect the privacy of protected health information. The HIPAA Security Rule provides a covered entity must ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains or transmits by complying with various administrative, physical, and technical safeguards.

HIPAA Privacy and HIPAA Security are also important components of OIG Audits of Meaningful Use of Electronic Health Record attestations, as opposed to CMS Meaningful Use audits that focus more on the entire attestation by eligible hospitals (EH) and eligible providers (EPs) or physicians.

Read my article about HIPAA Privacy and HIPAA Security rules, mobile security and BlackBerry’s acquisition of Good Technology here.

Michael Arrigo

Michael is Managing Partner & CEO of No World Borders, a leading healthcare management and IT consulting firm. He serves as an expert witness in Federal and State Court and was recently ruled as an expert by a 9th Circuit Federal Judge. He serves as a patent expert witness on intellectual property disputes, both as a Technical Expert and a Damages expert. He leads a team that provides Cybersecurity best practices for healthcare clients, ICD-10 Consulting, Meaningful Use of Electronic Health Records. He advises legal teams as an expert witness in HIPAA Privacy and Security, medical coding and billing and usual and customary cost of care, the Affordable Care Act and benefits enrollment, white collar crime, False Claims Act, Anti-Kickback, Stark Law, Insurance Fraud, payor-provider disputes, and consults to venture capital and private equity firms on mHealth, Cloud Computing in Healthcare, and Software as a Service. He advises self-insured employers on cost of care and regulations. Arrigo was recently retained by the U.S. Department of Justice (DOJ) regarding a significant false claims act investigation. He has provided opinions on over $1 billion in health care claims and due diligence on over $8 billion in healthcare mergers and acquisitions. Education: UC Irvine - Economics and Computer Science, University of Southern California - Business, studies at Stanford Medical School - Biomedical Informatics, stutdies at Harvard Law School - Bioethics. Trained in over 10 medical specialties in medical billing and coding. Trained by U.S. Patent and Trademark Office (USPTO) and PTAB Judges on patent statutes, rules and case law (as a non-attorney to better advise clients on Technical and Damages aspects of patent construction and claims).

Leave a Reply