HIPAA Blog Posts: HIPAA Compliance Online Software

The Checklist Manifesto and HIPAA HITECH

Dr Atul Gawande's book The Checklist Manifesto shows the power of a checklist in healthcare.  HIPAA HITECH policies, procedures, and forms are checklists that help you manage your business better.

Continue reading…

HIPAA HITECH "Satisfactory Assurances": The Compliance Meter (tm)

§ 164.308 Administrative safeguards.
(b)(1) Standard: Business associate contracts and other arrangements. A covered entity, in accordance with §164.306, may permit a business associate to create, receive, maintain, or transmit electronic protected health information on the covered entity's behalf only if the covered entity obtains satisfactory assurances, in accordance with §164.314(a) that the business associate will appropriately safeguard the information.

Continue reading…

HIMSS Study: 25% of Medical Practices Don't Do Risk Assessments (I think it's 80%)

"According to the survey, 75 percent of all respondents stated they perform a risk assessment at their organization, similar to the findings of the 2009 survey. However, this year's survey included a greater representation of medical practices, where twice as many respondents reported that their practice does not conduct a risk analysis (33 percent) compared to those who work at a hospital (14 percent)."

Continue reading…

HIPAA HITECH Compliance: The Cost

Case studies reveal cost of HIPAA HITECH compliance is much less than expected.

Continue reading…

Covered Entities Asking Business Associates for HIPAA HITECH Proof

"Covered entities should request due diligence documentation from their business associates and ask their system vendor(s) to provide the new accounting of disclosures functionality and have it tested by Jan. 1, 2011, to accommodate their consumers, if only a few, who ask for an accounting of disclosures.

We also recommend that covered entities begin to review their current NPP and P+Ps, and begin to draft changes that accommodate the new accounting of disclosures requirements. Once the new NPP and P+Ps become final, covered entities should train their work force accordingly." HITECH Accounting of Disclosures, Gerry Blass and Susan Miller JD

Continue reading…

100th HIPAA HITECH Blog: How To Manage Your Business Associates and Sub-Contractors

The major shift has been the law firms acknowledging that covered entities are responsible for their business associates and their sub-contractors.  Compliance Helper has developed the Compliance Meter tm  and The Compliance CO-OP for effectively managing BAs and Subs.

Continue reading…

Small Insurance Agent Gets HIPAA Compliant with The Compliance CO-OP

"I know each month when I get my compliance meter (monthly report card) that I have done all I can do to be HIPAA compliant for that month. At the end of the day, if there is a breach or the Department of Health and Human Services knocks on your door and asks for to prove you are in compliance with HIPAA/HITECH, I can, without a doubt, prove that I am in compliance." Burman Clark, Muneris Benefits

Continue reading…

"PHI warnings" in communications -- a potential source of unintended security breach? Fox Rothschild LLP

"Finally, if PHI is sent to a recipient prior to the parties’ execution of a compliant BAA and implementation of policies and procedures to protect PHI properly, a PHI Warning is unlikely to mitigate the liability of the sender (or recipient) for a security breach under HIPAA/HITECH."

Continue reading…

HIPAA Violations Not Always Due to Patient Data Breaches

You don't have to have a patient data breach to be guilty of HIPAA violations.  If you don't have a compliant privacy and security program in place today you are probably already in breach of HIPAA rules.

Continue reading…

HIPAA HITECH Compliance in 2 Hours a Week: The Compliance CO-OP

With a personal Helper answering your questions, an investment of 2 hours a week, and at a cost under $500 per year, your small (1-5 employees) company can be on the path to HIPAA HITECH compliance.

Continue reading…