HIPAA HITETCH Compliance Blog Archive

Business Associates Need Proof of HIPAA Compliance

To guard against data breaches, healthcare organizations must demand more proof of how their business associates are safeguarding patient data and mitigating related risks, says privacy and security expert Daniel Schroeder.

Continue reading…

"Certified HIPAA Compliant" False Advertising

HHS has repeatedly stated that there is no authorized certification process for HIPAA compliance, but companies still make the claim.  Beware of the FTC because they are fining companies that advertise false HIPAA compliance capabilities.

Continue reading…

HIPAA Risk Assessment: Telemedicine or House Call?

What is more efficient and cost effective, having a HIPAA consultant come to your site (house call) or connecting with them through the Internet (telemedicine)?

Continue reading…

HIPAA Risk Assessment Explained

Getting a HIPAA risk assessment is a requirement but what is the definition of a HIPAA risk assessment and what should you buy?

Continue reading…

Store PHI? You are a Business Associate

If you store either PHI (Protected Health Information) or EPHI (Electronic Protected Health Information) you are a business associate and must be HIPAA compliant.

Continue reading…

No Risk Assessment, No Business Associate Agreement: $3.5 million fine.

A healthcare insurer received a $3.5 million fine and CAP (Compliance Action Plan) for multiple breaches caused by no policies, no risk assessment, and no business associate agreement with a major vendor.

 

Continue reading…

Business Associates: A HIPAA Enforcement Priority?

Industry experts are calling for more enforcement of HIPAA regulations on business associates, according to this article in healthcareinfosecurity.com.

Continue reading…

Business Associates: HIPAA Compliance in 72 Hours

Business associates can go from zero to HIPAA compliance in 72 hours with the new Jumpstart program from Compliance Helper and ACR2 Solutions.  This includes an initial risk assessment, policies, training, and an updated risk assessment.  Everything you need to prove that you are HIPAA Compliant.

Continue reading…

Free HIPAA Risk Assessment

If you qualify for our Jumpstart program you can get a Free HIPAA Risk Assessment here: www.compliancehelper.com/free-hipaa-risk-assessment/ .  If you don't qualify but still need a risk assessment we would be happy to talk with you about our automated HIPAA risk assessment tool that is cost effective and meets the highest standards.

Continue reading…

HIPAA Triad: Risk Assessment, Policies, Training

While HIPAA covers a wide range of issues the basic organization is a triad consisting of periodic risk assessment, updated polices, and documented staff training.  The lack of any one of these will result in an audit failure and substantial fines.

Continue reading…

$750,000 Fine and Corrective Action Plan (CAP)

The $750,000 fine for HIPAA violations by Cancer Care Group shows that physician practices are not exempt from the rules but the Corrective Action Plan (CAP) is more instructive.  The CAP tells us what they needed to do to prevent the fine: "The CAP emphasizes general HIPAA compliance and the importance of conducting the security risk analyses at regular or as-needed intervals, implementing responsive risk management plans, and updating training materials and policies and procedures." http://www.healthlawupdate.com/2015/10/hipaa-fine-underscores-ocrs-focus-on-physician-group-compliance/ 

Continue reading…

Risk Assessment Critical for MU

Core measure 15 requires a HIPAA risk assessment and HHS states "In fact, in our audits of providers who attested to the requirements of the EHR Incentive Program, this objective and measure are failed more frequently than any other requirement."

 

 

Continue reading…

HIPAA "Gotcha" Questions for Business Associates

Got an up to date HIPAA risk assessment?  Got an up to date, written, set of policies and procedures?  Got documented staff training?  If not HIPAA auditors or your business partners "gotcha".

Continue reading…

HIPAA Audits for Business Associates

HHS audits for business associates will start in 2015 but they are the tip of the iceberg.  Audits by covered entities are a much greater threat to business associates.

Continue reading…

Medical Identity Theft and Human Cost

I just read, Why HIPAA Matters: Medical ID Theft and the Human Cost of Health Privacy and Security Incidents by Daniel Solove, who is a professor at George Washington Law school and it certainly rang true to me.

 

 

Continue reading…

Business Associate Sued in HIPAA Breach

Intermedix, a medical billing company and business associate, was sued for not protecting PHI which caused a breach and failing to notify patients of the breach.

Continue reading…

HITECH Act Failing

 The HITECH Act was supposed to help create richer and deeper pools of patient data and to protect them with stricter HIPAA rules.  With over 100 million patient records breached in the first half of 2015 the protection part is not working.

Continue reading…

Reasonable and Appropriate HIPAA Compliance

 You only need to be HIPAA compliant in a manner that is reasonable and appropriate to your organization.  For a small organization this could mean that over 1/3 of the rules may not apply to you, but the question is, which ones?

Continue reading…

HIPAA’s Three Legged Stool

 If you want to have the quickest of tests for whether your organization is HIPAA compliant check for the three legs of the stool; risk assessment, updated policies and procedures, and staff training on the updated policies and procedures.

Continue reading…

Do The HIPAA Risk Assessment: Document the Mitigation

Documentation Critical for HIPAA Risk Assessment and Mitigation.  Roswell Park Cancer Institute did the risk assessment, developed a plan for mitigation of the high risk items but then couldn't show the auditor the documentation of that mitigation.

Continue reading…