Category Archives: Risk Assessment & Compliance

An overview and information source for risk analysis and requirement compliance for IT and online security systems to ensure compliance with regulations such as: FFIEC, NERC, GLBA, BSA, NCUA, ISO 17799, ISO 27001 and many others.

$ 3.5 Million Dollar Fine for Fresenius Medical Care North America (FMCNA) to settle potential violations of the HIPAA Privacy and Security Rules for FIVE different breaches.

RISKAlert Report Updated: Feb 2, 2018

FMCNA, a German company with US Operations based in  Waltham, Massachusetts, has agreed to pay a hefty $ 3.5 million dollar fine that covers 5 separate HIPAA Violations.

FMCNA is a provider of products and services for people with chronic kidney failure with over 60,000 employees that serves over 170,000 patients. Their facilities include dialysis facilities, outpatient cardiac and vascular labs, and urgent care centers, as well as hospitals and post-acute care providers.

US Dept. of Health and Human Services said the company failed to heed HIPAA’s risk analysis and risk management rules. FMCNA is also required to adopt a Comprehensive Corrective Action Plan. DHHS’ Office of Civil Rights,(OCR) investigation into the data incidents found that FMCNA covered entities failed to conduct an accurate and thorough risk analysis of potential risks and vulnerabilities to the confidentiality, integrity, and availability of all of its ePHI.

The breaches spanned three states including Florida, Alabama, and Georgia. Each provider had specific
deficiencies and the Agreement calls out each deficiency by provider. You can read the entire Resolution Agreement at https://www.hhs.gov/sites/default/files/fresenius-racap.pdf.

Fresenius Medical Care’s corporate headquarters is in Bad Homburg, Germany. The North American headquarters is in Waltham, Massachusetts and the Asian-Pacific headquarters is located in Hong Kong.

LESSONS LEARNED:

1. All providers need to have a current Risk Analysis that identifies potential threats,
     analyzed solutions, and provides a concrete plan to fix any deficiencies. The Risk Analysis
     must adjust to new threats, such as Ransomware attacks.

2. Covered entities like FMCNA are responsible for all the providers in their network.

THANKS FOR READING THE RISKAlert Report©

For more information and more great content:
www.riskandsecurityllc.com or www.caroline-hamilton.com

For a no-cost subscription, write to caroline@riskandsecurityllc.com

KENTUCKY HIGH SCHOOL STUDENT KILLS TWO, INJURIES EIGHTEEN (18) IN DEADLY ATTACK

 

 

RISKAlert Report # 1005                            January 25, 2018                                   Benton, Kentucky

 

KENTUCKY HIGH SCHOOL STUDENT KILLS TWO,  INJURIES EIGHTEEN (18)
IN DEADLY ATTACK

A 15-year old teenage boy, armed with a handgun, opened fire on Tuesday inside Marshall County High
School, killing two classmates and wounding 18 others. He has not been named yet, but the Assistant Country
Attorney Jason Darnall said he will be charged as an adult.

I talked to a mother with children at the high school, and she described the extreme panic and fear that gripped
the community, where parents didn’t know whether their child was dead or alive.

The unnamed student entered the school’s common area are started shooting, before entering the main building.
According to student Bryson Conkwright, a junior at the school, said he was talking with a friend on Tuesday
morning when he spotted the gunman walking up near him. “It took me a second to process it,” Mr. Conkwright, 17,
told law enforcement.

“One of my best friends got shot in the face, and then another one of my best friends was shot in the shoulder.”
He said he was part of a group of students who fled, kicked down a door to get outside and ran.


This was the 16th mass shooting in the U.S. in 2018!

LESSONS LEARNED:

1. Every school should be required to have instant lockdown. This shooter was
    able to fire his weapon over and over, from outside to inside the school.

2. The school’s communication system was deficient. It should have sent
     texts to all students directing them to an area of refuge, and updating
     frantic parents.

 

THANKS FOR READING THE RISKAlert Report©

For more information and more great content:
www.riskandsecurityllc.com or www.caroline-hamilton.com

 

To subscribe: write to info@riskandsecurityllc.com

We provide in-depth security risk assessments, Active Shooter assessments,
emergency preparedness risk assessments for clients around the world, that
meet compliance requirements and directly reduce liability!

 

 

 

Shooting at University of Cincinnati Medical Center Ends in Suicide

“I thought he was going to kill everyone”, said the witness taking her child to Cincinnati Children’s
Hospital and Medical Center, before a 20-year-old shot and killed himself after shooting a University of
Cinncinnati Health security guard inside the UC psychiatric emergency services facility.

The man the witness saw was Isaiah Currie, 20, who eventually shot himself after shooting a UC Health security
guard inside the psychiatric emergency services facility on Burnet Avenue.

“He was focused. It was, ‘I’m here to do what I need to do and that’s it,'” she said. “I see him do this and
then drop (the gun) down and then I see the concrete come up, where the bullet had hit the concrete.
I thought he was on his way into the facility and I thought, ‘Oh, my god, he is going to kill everybody
.'”

At this point, the witness called 911 to report the suspect. Authorities didn’t know where or how Currie
obtained the two handguns he carried into the lobby Wednesday at UC Medical Center’s Emergency Psychiatric
Services. Cincinnati Police Eliot Isaac said at news conference Thursday that one of the guns had been
reported stolen in Kentucky.

Currie, 20, who had a history of mental illness, shot the security officer twice in the torso, before turning the gun on himself. The officer was reported to be seriously injured.

LESSONS LEARNED:

1. Even when the witness saw the shooter advancing on the hospital, and called 911 – IT WAS ALREADY TOO LATE! Police could not get there in time to prevent the shooting. For an Emergency Psychiatric
facility, use of metal detectors is a MUST HAVE.

THANKS FOR READING THE RISKAlert Report

For more information and more great content:

#ActiveShooter #RISKAlerts #riskandsecurityllc

www.riskandsecurityllc.com
or  www.caroline-hamilton.com

Patient Killed at Hospital

 

RISKAlert Report Updated:  Jan. 15, 2018

A 46-year old patient, identified as Andrew Merryman, was in a hospital treatment room with his wife on the 14th floor of the Center for Advanced Medicine at 10 a.m. Friday morning.

According to St. Louis Police Lt. Col. Rochelle D. Jones, Merryman pushed his way out of the om and pulled out two pocket knives, she said. As Merryman came down the hall, Jones called security and two officers responded.    Two officers arrived and ordered Merryman to drop the knives. He refused, so both officers fired their guns, killing him. He died at the scene.

Police commented that Mr. Merryman was suicidal and had been treated for depression. Lt. Col. Jones said the guards were being questioned by police as part of the investigation.

Kara Price Shannon, a spokeswoman for Barnes-Jewish Hospital, said police are handling the investigation and directed all questions to them.  “There is no threat to the public or our patients,” she told the Post-Dispatch shortly after the shooting.

 

LESSONS LEARNED:

  1.  All incoming patients in emotional distress, should be wanded with a metal detector as
    a condition of treatment.  Weapons can be returned as the patient leaves the hospital.

2.  A recent study by Johns Hopkins, discovered that most hospital shootings take
place in the Emergency Room (29%), and only 19% in a patient room.

 

THANKS FOR READING THE RISKAlert Report

For more information and more great content:
www.riskandsecurityllc.com or www.caroline-hamilton.com

#activeshooterhospital #hospitalsecurity #patientshot

ATTORNEY SHOOTS HIS TWO FELLOW ATTORNEYS AT PROMINENT LONG BEACH, CALIFORNIA LAW FIRM’S HOLIDAY PARTY Updated: Jan. 8, 2018

ATTORNEY SHOOTING IN LONG BEACH, CALIFORNIA – SHOOTER HITS TWO FELLOW
ATTORNEYS AT PROMINENT CELEBRITY LAW FIRM’S HOLIDAY PARTY

Updated:  Jan. 9, 2018

The Long Beach, Calif. Police Department named John Alexander Mendoza, 58, of Redondo Beach, Calif., as the man who shot his two colleagues, one died at the scene, and other was injured at the scene, on Friday afternoon, January 5, 2018.

Attorneys at the Perona, Langer, Beck, Serbin, Mendoza and Harrison firm   in the Long Beach neighborhood of Bixby Knolls, were attending the firm’s holiday party, when Mendoza entered the offices shooting.

Major A. Langer, the firm’s Managing Partner, 75, was killed and Ronald Beck, 64, was wounded in what police called a workplace violence incident.  After shooting Langer and Beck, Mendoza turned the gun on himself. The shooting occurred during a holiday party at the firm when others were present.

Mendoza had apparently been fired earlier in the day, but returned to the firm’s party.  On a report of an active shooter, Long Beach police officers swarmed to the office building. Believing an active shooter was still at work, police formed a small team and quickly went into the office looking for the gunman and any victims, according to a police source briefed on the incident. As they scoured the building, police reportedly came upon multiple groups of screaming and crying workers still hiding or trying to flee, but eventually confirmed the gunman was dead.

The firm has eleven offices in southern California and represented clients including Motley Crue, Pamela Anderson and  Tommy Lee.

Mendoza had worked at Perona Langer Beck for 10 years, said Michael Waks, a lawyer who also has offices in the same building where Perona Langer Beck is located in Long Beach. Mendoza specialized in workers compensation cases.

THANKS FOR READING THE RISKAlert Report

For more information and more great content:

www.riskandsecurityllc.com   or   www.caroline-hamilton.com

#LongBeachShooting              #RISKAlertReport

Deaths in Florida Nursing Home Rise to 10 – Will Climb Higher

A tenth patient from a Florida nursing home that lost power during Hurricane Irma died Wednesday, as state officials suspended the facility’s license.

On Friday, September 22,   the Hollywood Police Department announced the death of another resident,  94-year-old Martha Murray.

The Agency for Health Care Administration (ACHA) said Wednesday it suspended the license of the Rehabilitation Center at Hollywood Hills, after previously banning the facility from admitting new patients and from receiving Medicaid.

“As more information has come to light on this egregious situation, this facility absolutely cannot continue to have access to patients,” Agency Secretary Justin Senior said in a statement. “This facility failed its residents multiple times throughout this horrifying ordeal.”

The Hollywood Hills Rehabilitation facility was covered in yellow crime scene tape, with highly visible police vehicles.

Convicted embezzler, Dr. Jack Michel, was the owner of the facility where ten seniors died after the generator failed to
function.  The facility has a long list of maintenance problems, lack of care of the patients, and worse.

8 Dead in Nursing Home Disaster in Hollywood, Florida

RISK Alert   #924                #HollywoodDeaths        #CMSFinalRule         #nursinghome   

Dateline,   September 14, 2017,  Fort Lauderdale, FL

8 DEAD IN HOLLYWOOD, FL NURSING HOME DISASTER AFTER IRMA.  PATIENTS DIED AFTER
GENERATOR FAILED AND TEMPS REACHED 100 DEGREES.  CRIMINAL CHARGES WILL BE FILED!

The impact of Hurricane Irma on healthcare care organizations in Florida came home yesterday when it was discovered that 8 elderly patients died in a nursing home just north of Miami, in Hollywood, Florida.  Florida Gov. Rick Scott called the situation “unfathomable,” promising to “aggressively demand answers on how this tragic event took place.”

Hollywood police launched a criminal investigation, and agents from the state attorney general’s office and the state Agency for Health Care Administration were on the scene, authorities said. State officials closed the
facil Wednesday night and barred it from admitting new patients.

“This was a terrible incident. The scene was chaotic when I arrived,” said Dr. Randy Katz, medical director for emergency services at Memorial Healthcare System, where about a dozen of the 158 people who were evacuated from the facility were admitted for respiratory distress, dehydration and heat-related issues.

Katz said so many patients needed assistance that his hospital, which is just down the street, called in more than 50 doctors, nurses and other staffers under a mass casualty protocol.

Fire crews were first called to the Hollywood Hills facility at 3 a.m. ET for a report of a cardiac arrest. More fire and emergency response crews were sent when a second call came in at 4 a.m. for a patient having breathing issues, she said. Three people were found dead on the second floor, and by 6:15 a.m., a full-scale evacuation of the facility was underway.

The new CMS Final Rule on Emergency Preparedness stresses the Dr. Donald Miller, an ER doctor, added, “Nursing home patients are generally more frail than the normal population and we need to have controls in place to guard their safety in a crisis situation, like Hurricane Irma.”

Lessons Learned:

1.  Nursing homes need to be on a first name basis with other providers so they can shift patients to safer
facilities during severe weather emergencies like Irma and Harvey.  The new CMS Final Rule on
Emergency Preparedness spells like the procedures for these emergencies.

2.  The November 15, 2017 Deadline for 17 Healthcare Providers to finish their All-Hazards Facility Risk
Assessments is fast approaching.  Emergency Communication Plans need to be finalized, in addition to
staff training and community drills precisely to PREVENT THESE INCIDENTS IN THE FUTURE.


RISKAlerts is a
publication of Risk & Security LLC
  www.riskandsecurityllc.com

Write to info@riskandsecurityllc.com for more information on the new CMS
Emergency Preparedness Program, including All Hazards Facility Risk Assessments

RISKAlert No. 843 March 31, 2016 Patient Dies After 6th Floor Fall from Hospital Room

RISKAlert # 843 -March 31, 2016

Maine patient, hospitalized with a severe brain injury after a motorcycle accident, climbed out of a 6th floor window in the hospital and fell to his death at 5:10 pm on March 29th.

Paul Cady, 43, from Hollis, Maine, had entered the hospital on March 9th, after a motorcycle accident, and had been in a medically-induced coma for a period of time following the accident.  His family emphatically stated he was not trying to commit suicide, but that he was only trying to get home to his family.

Portland, Maine -- 03/30/16 -- Paul Cady, as seen in an undated photo provided by his daughter, Miranda Cady. Paul Cady died Tuesday evening after falling from his sixth story window at Maine Medical Center in Portland. Courtesy photo

In Maine, like other states, newly constructed hospital facilities must meet the American Institute of Architects 2006 general guidelines for hospitals, which doesn’t require windows in patient rooms to be operable.  However, if windows in patient rooms are able to be opened, “operation of such windows shall be restricted to inhibit possible escape or suicide,” the standards state.

Recently, hospitals have recognized the value of fresh air and ventilation, but as a Life Safety issue, the amount that the window opens has been regulated by CMS, the Centers for Medicare and Medicaid.  Studies that shown that windows provide a positive effect on both healing and on patient satisfaction, whether the windows can be opened or not.

Registered Architect Gene Wells of Marshall Erdman & Associates, a leading national health care design and construction firm, offers the following: “In today’s hospital, huge efforts are being made to create a healing environment for patients and their families. A non-institutional approach lessens the stress level for people who already have too much stress and leads to better outcomes. Patient’s rooms, in particular, are often designed to reflect local culture, connect with nature or create a hotel-like environment. Operable windows can be an integral part of this atmosphere.

Lessons Learned:

1.  Patient falls from hospital windows are extremely rare in the United States.
2.  This type of incident can create a potential liability issue for healthcare organizations.

                                       RISKAlerts®  are published by Risk & Security LLC
                                   To subscribe:  write to: 
caroline@riskandsecurityllc.com

Paris Attacks are opening shot in plan to exterminate Western Civilization

The six simultaneous attacks on Paris last night were the opening salvo in a long-planned event designed
to exterminate Western Civilization as we know it.

This is not the teenage shooter with acne and an AK15, these were trained killers, who, according to witness
statements, were professional, controlled and had no interest or compassion for their victims.  They could have
been shooting at a beer can instead of a young girl.   This is different from other terrorists attacks because it is

ATTENTION EDITORS - VISUAL COVERAGE OF SCENES OF INJURY OR DEATHGeneral view of the scene with rescue service personnel working near covered bodies outside a restaurant following shooting incidents in Paris, France, November 13, 2015.   REUTERS/Philippe Wojazer      TPX IMAGES OF THE DAY

carried out without emotion.  These terrorists are not killing PEOPLE, they are exterminating western culture, along with the people.   We saw this in Palmyra where treasured antiquities were destroyed, and ISIS plans to exterminate every vestige of
our western culture.

Security measures that may have worked for individual shooters, or small splinter group will not defeat ISIS.
We have been directly targeted and need to take drastic measures and take them immediately.  This assault
has no room left for political correctness, for ‘measured response”, or anything else.  We need to exterminate
this threat quickly and completely to maintain our quality of life.

Everything is at stake now, our paintings, our music, our art, our designer jeans, our freedom of expression,
our families and, ultimately, our lives.  As western leaders meet today, I hope they plan to present an overwhelming
attack aimed precisely at ISIS, with a show of force designed to blow them off the face of the earth.

RISK Alert #790 – St. Cloud Hospital Shooting Threatens CMS Funding

St. Cloud Hospital in Aitkin County, Minnesota, has been threatened with losing Medicare funding by CMS, after a shooting incident where a suicidal patient took the security officers gun and shot him to death
in the hospital.

According to a review by the Center for Medicare and Medicaid Services. The patient, Danny
Hammond, age 50,  told staff he was going to kill himself and any man who came into his room, as soon as he had the chance, the CMS report said. 

Hammond  had been airlifted to the hospital the morning of Oct. 12 after attempting suicide by an intentional overdose, according to the report. He had several warrants out for his arrest after being charged with kidnapping and assaulting his wife, and the hospital obtained the services of Aitkin County officers to monitor Hammond in his hospital room.

StCloudHospital

 

At 5:10 a.m. that morning, Hammond charged at Aitkin County deputy Steven Sandberg, took his gun, and fatally shot him. Hammond was subdued with a stun gun and later died.

The CMS Report cites the hospital, “The hospital’s failure to provide direct psychiatric care to the patient … resulted in the patient’s ability to obtain and engage the firearm of a peace officer,” the report said.

In response to the report, the hospital submitted a plan of correction updating its policies and training. According to the document, the hospital already has started mandatory training for staff reinforcing requirements that 72-hour holds can be ordered only by physicians, and that psychiatric consultations and treatment must continue until the hold is lifted. The attending physician and psychiatric provider must agree that services or treatment are no longer necessary.

Lessons  Learned :

Make sure the entire staff has current updated policies and procedures, mandated training which is continually checked and updated.

CMS is becoming more active in tracking shootings and violent incidents in
hospitals, using Medicare and Medicaid funding as a hammer to ensure compliance.

                    Stay Alert and make sure to subscribe to RISKAlerts

A Publication of Risk & Security LLC
info@riskandsecurityllc.com