HIPAA HITETCH Compliance Blog Archive
Insurance producers as well as their agents are being asked to provide proof of HIPAA compliance by the insurance carriers. They are asking for copies of policies and procedures as well as risk assessments.
We provide a free HIPAA checklist for business associates on our website at www.compliancehelper.com but you need to know how this differs from a HIPAA risk assessment.
HIPAAssure™ is the new name for the complete line of HIPAA compliance services from Compliance Helper. It is vital that a company can assure that they are HIPAA compliant on an on-going basis, not only for their own peace of mind, but also to assure their clients and business partners.
The new name for our services is HIPAAssure™ which reflects the fact that we not only help organizations get HIPAA compliant, we measure their compliance, display their compliance to them and their business partners so that everyone is assured that they are HIPAA compliant.
Here is Health and Human Service quote about HIPAA certification; " It is important to note that HHS does not endorse or otherwise recognize private organizations’ “certifications” regarding the Security Rule, and such certifications do not absolve covered entities of their legal obligations under the Security Rule. Moreover, performance of a “certification” by an external organization does not preclude HHS from subsequently finding a security violation."
There are many approaches to getting HIPAA compliant but an on-line method provides the most efficient and cost effective method of getting HIPAA compliant, staying HIPAA compliant, and proving HIPAA compliance.
Getting HIPAA compliant requires some work but for most business associates it does not have to be unmanageable task. The important thing is to have a plan and document your work.
A HIPAA breach involving the posting of information about 15,000 Boston Medical Center patients on a transcription firm's unsecured website serves as a reminder of the importance of monitoring the security practices of all business associates.
HIPAA is the Health Insurance Portability and Accountability Act and Hippa is the feminine of Hippo. Forgive the bad joke, but getting this wrong causes a red flag warning to everyone in the healthcare privacy and security industry. If it is just a typo then you might get forgiveness after everyone gets a good chuckle. If it indicates your lack of knowledge it can be a bigger problem.
In the next round of HIPAA audits the first stage will be a "desk audit" which will require the business associate to send copies of their latest risk assessment and copies of updated policies and procedures. The HIPAA Omnibus Rule took effect in September of 2013 and requires significant changes in policies and procedures. Policies and procedures written prior to the HIPAA Omnibus Rule are out of date.
A HIPAA compliance checklist gives you a snapshot view of your compliance while our Compliance Meter (tm) displays your on-going HIPAA compliance, why is that important? HHS says that HIPAA compliance is a process not an event, in fact it is an on-going process because things change in your company and that affects your HIPAA compliance. The Compliance Meter (tm) shows you and your business partners your level of compliance on and on-going basis.
Our free HIPAA compliance checklist can be a handy quick reference to your current level of HIPAA compliance. With all the changes brought about by the HIPAA Omnibust Rule your policies and procedures may be out of date. So download it today at www.compliancehelper.com/compliance-checklist .
The $4 million settlement of a class action lawsuit filed under California law, not HIPAA, was announced by Los Angeles County Superior Court Judge Elihu Berle. The breach was caused when Stanford handed over encrypted data to Multi-Specialty Collection Services which ended up posted on a student website where it was available to the public for over a year.
A class action lawsuit has been filed against Los Angeles County and a vendor that handles patient billing and payment collections for the county's departments of health services and public health in the wake of a breach last month affecting 168,500 individuals. The breach was the result of a Feb. 5 theft of eight unencrypted desktop computers from the Torrance, Calif. office of Sutherland Healthcare Services, the billing and collections business. Class Action Suit Filed in L.A. Breach, Seeking Damages in Wake of Computer Theft Incident, By Marianne Kolbasuk McGee, March 19, 2014. Follow Marianne @HealthInfoSec
Law firm recommends that covered entitiesand business associates "investigate subcontractors' data protection practices, including by way of reviewing third party audit reports and written data security policies where available". Interestingly this is not a HIPAA issue, yet but the FTC despite the fact that it is a healthcare transcripton company that caused the breach.
The HIPAA Omnibus Rule has created a new dialogue about HIPAA business associate agreements. Business associates need to be very careful about signing business associate agreements as covered entities and business associates are trying to shift liability to their business associates or sub-contractors.
HHS will be starting HIPAA business associate audits in 2014, but the most likely source of an audit is a covered entity or business associate seeking "satisfactory assurances that you are HIPAA compliant.
The FTC’s complaint alleges that GMR held itself out as a “HIPAA Compliant Medical Transcription Service” and overpromised customers “You can be assured that the materials going through our system are highly secure and are never divulged to anyone.” Beware the self described "HIPAA Compliant" company. You need proof of on-going HIPAA compliance from a trusted third party such as Complianc Helper and their Compliance Meter(tm).
Health insurance carriers must drive HIPAA compliance. General agents and producers are waiting for a signal that they must be able to prove compliance to their carriers. This means doing more than amending business associate agreements.