HIPAA Blog Posts: HIPAA HITECH Act

Lack of Risk Assessments Could Cost $729 Million

Audit Finds Millions Paid Inappropriately Due to Lack of a Risk Assessment.  Under the HITECH Act meaningful use incentive program, conducting a security risk assessment of protected health information "created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities" is a core requirement.

Continue reading…

Fifty Ways to Lose Your Lover or PHI

Getting chosen for a HIPAA audit by HHS is a longer shot than winning the lottery, but there are other ways; lose a laptop, click on the wrong email link, sign a business associate agreement, expose PHI on the internet, toss paper records in the dumpster, etc., etc.

Continue reading…

Revitalize Your HIPAA Program with a Risk Assessment

HIPAA compliance can be like an old battery that just loses it's spark over time.  A risk assessment can help you Jumpstart that old tired HIPAA battery

Continue reading…

Sorry Laura and ecfirst, Still No HIPAA Certification

"We are very excited about the recertification by ecfirst,” said Laura Huska, Head of IT. “HIPAA continues to be a critical certification for ISI as many of our healthcare clients rely on this standard to meet their compliance needs when using ISI’s UC Reporting application.”   Sorry Laura, there is no such thing as HIPAA certification thus no HIPAA recertification.

Continue reading…

HIPAA Triad: Risk Assessment, Policies, Training

While HIPAA covers a wide range of issues the basic organization is a triad consisting of periodic risk assessment, updated polices, and documented staff training.  The lack of any one of these will result in an audit failure and substantial fines.

Continue reading…

$750,000 Fine and Corrective Action Plan (CAP)

The $750,000 fine for HIPAA violations by Cancer Care Group shows that physician practices are not exempt from the rules but the Corrective Action Plan (CAP) is more instructive.  The CAP tells us what they needed to do to prevent the fine: "The CAP emphasizes general HIPAA compliance and the importance of conducting the security risk analyses at regular or as-needed intervals, implementing responsive risk management plans, and updating training materials and policies and procedures." http://www.healthlawupdate.com/2015/10/hipaa-fine-underscores-ocrs-focus-on-physician-group-compliance/ 

Continue reading…

Risk Assessment Critical for MU

Core measure 15 requires a HIPAA risk assessment and HHS states "In fact, in our audits of providers who attested to the requirements of the EHR Incentive Program, this objective and measure are failed more frequently than any other requirement."

 

 

Continue reading…

HITECH Act Failing

 The HITECH Act was supposed to help create richer and deeper pools of patient data and to protect them with stricter HIPAA rules.  With over 100 million patient records breached in the first half of 2015 the protection part is not working.

Continue reading…

Do The HIPAA Risk Assessment: Document the Mitigation

Documentation Critical for HIPAA Risk Assessment and Mitigation.  Roswell Park Cancer Institute did the risk assessment, developed a plan for mitigation of the high risk items but then couldn't show the auditor the documentation of that mitigation.

Continue reading…

Initial HIPAA Compliance in as few as 48 Hours with HIPAAssure®

 Initial HIPAA Compliance in as few as 48 Hours with HIPAAssure®, including a risk assessment, editing policies and procedures, and training and awareness.

Continue reading…