HIPAA Blog Posts: HIPAA HITECH Act
AvMed paid a $3 million dollar class action settlement which is on top of any HIPAA penalties and costs. Penny wise pound foolish is an adage that applies to HIPAA compliance. Spend thousands to save millions.
What Next with HIPAA Omnibus? David Finn of Symantec on Top Compliance Challenges "It's going to be imperative that covered entities monitor and know what the business associates are doing, but they're not going to realistically be able to do that themselves."
Now that SCOTUS and POTUS have been settled it is time for healthcare to get serious about HIPAA HITECH compliance. There are no more plausible reasons to put off publishing the rules. For the people in denial their white kight will not appear to sweep away ACA or HITECH.
Another month goes by without the publication of the final Health Insurance Portability and Accountability/ Health Information Technology for Economic and Clinical Health (HIPAA/HITECH) rules. It’s now been three and a half years since the HITECH statute was passed and more than two years since the proposed HITECH rules were published in July of 2010. And there’s no clear end in sight to this delay.
Omnibus Package Applies HIPAA HITECH to Business Associates and Subs: Susan McAndrews,OCR's deputy director of health information privacy
From what I saw and heard at HIMSS this week I think a signficant number of physician practices have made false attestations for meaningful use. The lack of knowledge on the part of the EMR vendors is significant. Item 15 of the Core Measures for Meaningful Use requires you to do a 45 CFR 164.308(a)(1) HIPAA risk assessment and correct identified security deficiencies as part of a risk management process. This is not well understood by many vendors and could cause significant problems for their clients.
A California health system is notifying about 30,000 patients that their personal health information was accessible via search engines for about a year.
St. Joseph Health System in Orange, Calif., says the records for patients treated at five of its hospitals were stored on the organization's internal computer network with incorrect security settings that allowed for the potential for inappropriate access. The information was available to search engines from early 2011 until this month, when the glitch was discovered.
HIPAA HITECH Rules in March Says Susan McAndrew, OCR's deputy director for health information privacy.
The Department of Health and Human Services' Office for Civil Rights has set a March target date for release of the long-delayed final version of HIPAA modifications and the HIPAA breach notification rule.
Although an HHS semi-annual regulatory agenda published Feb. 13 in the Federal Register did not mention these regulations, a January "unified agenda" document, with far more details, shows a March target date, notes Susan McAndrew, OCR's deputy director for health information privacy.
It is quite likely that the HIPAA rules will become almost a de facto national security standard, if the reach of these rules applies to anyone in the contracting chain. : "What to Watch for in Privacy and Security in 2012: The Top Five, Kirk J. Nahra January 2012 | Privacy In Focus
“We need the regs, we need the regs, we need the regs.” The Senate Judiciary Subcommittee on Privacy, Technology, and Law