HIPAA Blog Posts: HIPAA HITECH Act

An ounce of HIPAA Prevention can save a pound of compliance costs

AvMed paid a $3 million dollar class action settlement which is on top of any HIPAA penalties and costs. Penny wise pound foolish is an adage that applies to HIPAA compliance.  Spend thousands to save millions. 

Continue reading…

What Next with HIPAA Omnibus? David Finn of Symantec on Top Compliance Challenges

What Next with HIPAA Omnibus? David Finn of Symantec on Top Compliance Challenges "It's going to be imperative that covered entities monitor and know what the business associates are doing, but they're not going to realistically be able to do that themselves."  

Continue reading…

Election Over: Time for HIPAA HITECH Rules

 Now that SCOTUS and POTUS have been settled it is time for healthcare to get serious about HIPAA HITECH compliance.  There are no more plausible reasons to put off publishing the rules.  For the people in denial their white kight will not appear to sweep away ACA or HITECH.

Continue reading…

HIPAA's Unanswered Questions: Kirk J. Nahra September 2012 | Privacy In Focus

 Another month goes by without the publication of the final Health Insurance Portability and Accountability/ Health Information Technology for Economic and Clinical Health (HIPAA/HITECH) rules.  It’s now been three and a half years since the HITECH statute was passed and more than two years since the proposed HITECH rules were published in July of 2010.  And there’s no clear end in sight to this delay.

Continue reading…

Omnibus Package Applies HIPAA HITECH to Business Associates and Subs: Susan McAndrews,OCR's deputy director of health information privacy

SUSAN MCANDREW: "That's right. The regulations were posted and accepted by the Office for Management and Budget [March 24], which means they begin their review of the regulatory package both for its economic impact as well as sharing the regulations with other federal partners. They centralize all the federal feedback, so we're looking forward to getting comments back from OMB as well as our other federal partners on this, and this is really the final clearance lap for these regulations. And we're very happy that has happened and anxious to get these done and out so that people can begin to have their new rights and business associates can begin to be covered by the HIPAA security and privacy rules directly."
 

Continue reading…

OIG Investigating False Attestations of Meaningful Use

From what I saw and heard at HIMSS this week I think a signficant number of physician practices have made false attestations for meaningful use.  The lack of knowledge on the part of the EMR vendors is significant.  Item 15 of the Core Measures for Meaningful Use requires you to do a 45 CFR 164.308(a)(1) HIPAA risk assessment  and correct identified security deficiencies as part of a risk management process.  This is not well understood by many vendors and could cause significant problems for their clients.

Continue reading…

On-Line HIPAA HITECH Breach at St Joseph Health System in California

A California health system is notifying about 30,000 patients that their personal health information was accessible via search engines for about a year.

St. Joseph Health System in Orange, Calif., says the records for patients treated at five of its hospitals were stored on the organization's internal computer network with incorrect security settings that allowed for the potential for inappropriate access. The information was available to search engines from early 2011 until this month, when the glitch was discovered.


 

Continue reading…

HIPAA HITECH Rules in March Says Susan McAndrew, OCR's deputy director for health information privacy.

The Department of Health and Human Services' Office for Civil Rights has set a March target date for release of the long-delayed final version of HIPAA modifications and the HIPAA breach notification rule.

Although an HHS semi-annual regulatory agenda published Feb. 13 in the Federal Register did not mention these regulations, a January "unified agenda" document, with far more details, shows a March target date, notes Susan McAndrew, OCR's deputy director for health information privacy.


 

Continue reading…

HIPAA HITECH Rules De Facto Standard?

It is quite likely that the HIPAA rules will become almost a de facto national security standard, if the reach of these rules applies to anyone in the contracting chain. :  "What to Watch for in Privacy and Security in 2012: The Top Five, Kirk J. Nahra  January 2012 | Privacy In Focus 

Continue reading…

Senate Hearings Focus on Lack of HIPAA Enforcement, Final HITECH Rule

“We need the regs, we need the regs, we need the regs.”  The Senate Judiciary Subcommittee on Privacy, Technology, and Law

Continue reading…