HIPAA HITETCH Compliance Blog Archive
While covered entities are focused on their own HITECH compliance their business associates are their "Blind Side".
ACR2 Solutions performs risk analysis and when they discover enities needing policies and procedures they recommend the service developed by Compliance Helper and Rebecca Herold.
Protected Health Information (PHI) is probably hiding on your copier without any protection.
The organizations affected by HIPAA and the HITECH Act are working their way through the five stages of grief; denial, anger, bargaining, depression, and finally, acceptance.
Breach happens and now when it doe the world knows. OCR posting breaches on their website. See who you know.
How can a covered entity be "reasonably assured" that a business associate is compliant with HIPAA HITECH? Trust but Verify.
Law firm suggests that business associate agreements (BAA) be amended to strengthen indemnification and assurance that the business associate (BA) is in compliance with HIPAA HITECH.
In her February article in Compliance Today, Rebecca Herold states that covered entities must take an active role in managing the compliance of their business associates. Hear her tomorrow on webinar https://www2.gotomeeting.com/register/207314795
As healthcare ponders "meaningful use" they need to also remember "willful neglect". David Blumenthal, in his New England Journalof Medicine, emphasized protecting privacy and security as a key factor in the HITECH Act.
At our HITECH Act Webinar on February 10th, Rebecca Herold, CISM, CISSP, CISA, CIPP, FLMI, one of the top privacy and information security experts, and Amy Leopard Esq, a leading healthcare IT attorney, give you the complete picture of the HITECH Act, its impact, and what to do next. Space is limited. Reserve your Webinar seat now at: https://www2.gotomeeting.com/register/207314795
HIPAA HITECH compliance requires an ongoing process driven by policies and procedures which are the business rules by which you run your company.
ONC states that just because you have a certified EHR that does not necessarily mean that you have met the privacy and information security requirements of the HITECH Act. Compliance is a process, not a tool.
Hacker Attacks Targeting Healthcare Organizations Doubled in the 4th Quarter of 2009 According to SecureWorks' Data
ATLANTA, Jan. 26 /PRNewswire/ -- SecureWorks®, Inc., a leading global provider of information security services protecting 2,700 clients worldwide, reported today that attempted hacker attacks launched at its healthcare clients doubled in the fourth quarter of 2009. Attempted attacks increased from an average of 6,500 per healthcare client per day in the first nine months of 2009 to an average of 13,400 per client per day in the last three months of 2009. Attempted attacks against other types of organizations, protected by SecureWorks, did not increase in the fourth quarter.
A letter to a congressman complaining about the impact of HITECH on small business associates.
Ponemon Institute survey states 90% of healthcare organizations not ready for HIPAA HITECH which goes into effect February 18, 2010.
A Webinar on January 28th at 11:00 AM PST, “HIPAA/Hitech Compliance for Benefits Brokers and Consultants” , cosponsored by The Industry Radar, ZIX Corp, and Compliance Helper.
The HIPAA HITECH Compliance Meter(tm) is getting noticed in the marketplace as more and more covered entities realize that they need to have a real time window into the compliance level of their business associates.
"It's Not The Size That Counts"
David Harlow has an excellent blog about the Connecticut AG suing Healthnet, his admonition:Don't be the "Son of HIPAA".
I would define willful neglect in the case of the HITECH Act as; sending an amended business associate agreement stating that the business associate should "be careful" and then assuming you are covered. As an old boss once told me, never assume because that merely makes an ass of u and me.