HIPAA Blog Posts: HIPAA HITECH Act

The Checklist Manifesto and HIPAA HITECH

Dr Atul Gawande's book The Checklist Manifesto shows the power of a checklist in healthcare.  HIPAA HITECH policies, procedures, and forms are checklists that help you manage your business better.

Continue reading…

HIPAA: the new enforcement culture, Ober Kaler, James B. Wieland

"However, as the health care system moves inexorably towards electronic health records — and as more and more protected health information is stored and moved in electronic form — all covered entities should be paying attention to the security of their information systems, because the culture of HIPAA compliance is changing."  

Continue reading…

Medical ID (PHI) Targeted by Digital Thieves

"The going price of a medical ID, a Medicare number, is actually significantly higher than a Social Security number," Adam Greene, senior health IT and privacy specialist in HHS' Office for Civil Rights

Continue reading…

"Periodic Audits" Included in HIPAA HITECH Final Rule

Additionally, OCR, developing a HITECH Act required "periodic audit" plan, which will be targeted to ensure that covered entities and business associates comply with the requirements of the Privacy and Security Rules.    

Continue reading…

A Compliance Program is More Than HIPAA HITECH

An effective compliance program addresses the healthcare provider's / supplier’s need to prevent fraud and abuse as well as the unauthorized acquisition, access, use or disclosure of Protected Health Information (PHI) which compromises the security or privacy of the PHI, and carries the added benefit of improving the provision of quality health care at lower costs. The Law Offices of David Barmak

Continue reading…

HIPAA HITECH "Satisfactory Assurances": The Compliance Meter (tm)

§ 164.308 Administrative safeguards.
(b)(1) Standard: Business associate contracts and other arrangements. A covered entity, in accordance with §164.306, may permit a business associate to create, receive, maintain, or transmit electronic protected health information on the covered entity's behalf only if the covered entity obtains satisfactory assurances, in accordance with §164.314(a) that the business associate will appropriately safeguard the information.

Continue reading…

HIMSS Study: 25% of Medical Practices Don't Do Risk Assessments (I think it's 80%)

"According to the survey, 75 percent of all respondents stated they perform a risk assessment at their organization, similar to the findings of the 2009 survey. However, this year's survey included a greater representation of medical practices, where twice as many respondents reported that their practice does not conduct a risk analysis (33 percent) compared to those who work at a hospital (14 percent)."

Continue reading…

Another State Attorney General Sues Over Data Breach

Indiana Attorney General sues Wellpoint for $300,000 over a data breach.

Continue reading…

Final Rule by Late 2010 or Early 2011: Latest Rumor

"According to recent comments made by a senior staff member at the HHS Office for Civil Rights (OCR), the federal government expects to finalize regulations later this year or in early 2011 amending the HIPAA privacy, security and enforcement regulations..." Baker, Hostetler, LLP, John S. Mulhollan

Continue reading…

Covered Entities Asking Business Associates for HIPAA HITECH Proof

"Covered entities should request due diligence documentation from their business associates and ask their system vendor(s) to provide the new accounting of disclosures functionality and have it tested by Jan. 1, 2011, to accommodate their consumers, if only a few, who ask for an accounting of disclosures.

We also recommend that covered entities begin to review their current NPP and P+Ps, and begin to draft changes that accommodate the new accounting of disclosures requirements. Once the new NPP and P+Ps become final, covered entities should train their work force accordingly." HITECH Accounting of Disclosures, Gerry Blass and Susan Miller JD

Continue reading…