HIPAA HITETCH Compliance Blog Archive
Here is Health and Human Service quote about HIPAA certification; " It is important to note that HHS does not endorse or otherwise recognize private organizations’ “certifications” regarding the Security Rule, and such certifications do not absolve covered entities of their legal obligations under the Security Rule. Moreover, performance of a “certification” by an external organization does not preclude HHS from subsequently finding a security violation."
There are many approaches to getting HIPAA compliant but an on-line method provides the most efficient and cost effective method of getting HIPAA compliant, staying HIPAA compliant, and proving HIPAA compliance.
Getting HIPAA compliant requires some work but for most business associates it does not have to be unmanageable task. The important thing is to have a plan and document your work.
A HIPAA breach involving the posting of information about 15,000 Boston Medical Center patients on a transcription firm's unsecured website serves as a reminder of the importance of monitoring the security practices of all business associates.
HIPAA is the Health Insurance Portability and Accountability Act and Hippa is the feminine of Hippo. Forgive the bad joke, but getting this wrong causes a red flag warning to everyone in the healthcare privacy and security industry. If it is just a typo then you might get forgiveness after everyone gets a good chuckle. If it indicates your lack of knowledge it can be a bigger problem.
In the next round of HIPAA audits the first stage will be a "desk audit" which will require the business associate to send copies of their latest risk assessment and copies of updated policies and procedures. The HIPAA Omnibus Rule took effect in September of 2013 and requires significant changes in policies and procedures. Policies and procedures written prior to the HIPAA Omnibus Rule are out of date.
A HIPAA compliance checklist gives you a snapshot view of your compliance while our Compliance Meter (tm) displays your on-going HIPAA compliance, why is that important? HHS says that HIPAA compliance is a process not an event, in fact it is an on-going process because things change in your company and that affects your HIPAA compliance. The Compliance Meter (tm) shows you and your business partners your level of compliance on and on-going basis.
Our free HIPAA compliance checklist can be a handy quick reference to your current level of HIPAA compliance. With all the changes brought about by the HIPAA Omnibust Rule your policies and procedures may be out of date. So download it today at www.compliancehelper.com/compliance-checklist .
The $4 million settlement of a class action lawsuit filed under California law, not HIPAA, was announced by Los Angeles County Superior Court Judge Elihu Berle. The breach was caused when Stanford handed over encrypted data to Multi-Specialty Collection Services which ended up posted on a student website where it was available to the public for over a year.
A class action lawsuit has been filed against Los Angeles County and a vendor that handles patient billing and payment collections for the county's departments of health services and public health in the wake of a breach last month affecting 168,500 individuals. The breach was the result of a Feb. 5 theft of eight unencrypted desktop computers from the Torrance, Calif. office of Sutherland Healthcare Services, the billing and collections business. Class Action Suit Filed in L.A. Breach, Seeking Damages in Wake of Computer Theft Incident, By Marianne Kolbasuk McGee, March 19, 2014. Follow Marianne @HealthInfoSec
Law firm recommends that covered entitiesand business associates "investigate subcontractors' data protection practices, including by way of reviewing third party audit reports and written data security policies where available". Interestingly this is not a HIPAA issue, yet but the FTC despite the fact that it is a healthcare transcripton company that caused the breach.
The HIPAA Omnibus Rule has created a new dialogue about HIPAA business associate agreements. Business associates need to be very careful about signing business associate agreements as covered entities and business associates are trying to shift liability to their business associates or sub-contractors.
HHS will be starting HIPAA business associate audits in 2014, but the most likely source of an audit is a covered entity or business associate seeking "satisfactory assurances that you are HIPAA compliant.
The FTC’s complaint alleges that GMR held itself out as a “HIPAA Compliant Medical Transcription Service” and overpromised customers “You can be assured that the materials going through our system are highly secure and are never divulged to anyone.” Beware the self described "HIPAA Compliant" company. You need proof of on-going HIPAA compliance from a trusted third party such as Complianc Helper and their Compliance Meter(tm).
Health insurance carriers must drive HIPAA compliance. General agents and producers are waiting for a signal that they must be able to prove compliance to their carriers. This means doing more than amending business associate agreements.
The HIPAA Omnibus Rule has changed the requirements for insurance producers and Compliance Helper has responded with a special program to help them get compliant, stay compliant, and prove compliance with our Compliance Meter(tm).
In a recent ruling the FTC maintained its right to enforce their rules on covered entities in additon to the HIPAA rules, adding to the responsibility of covered entities to protect PHI. LabMD’s Motion to Dismiss Complaint with Prejudice and to Stay Administrative Proceedings was denied and LabMD announced that they were closing down.
Accretive Health gets 20 years of outside monitoring of privacy and security efforts for HIPAA breach. " Additionally, Accretive Health agreed to initial and biennial third-party auditing of their security measures and to maintain those records and make them available to the FTC upon request. The settlement will be in effect for 20 years." Winston & Strawn LLP, Steven Grimes
September 23, 2013 was the deadline for all health insurance producers to be HIPAA compliant. A new tool from Compliance Helper helps them get compliant, stay compliant, and prove compliance for only $99 setup and $35 per month.
"Based on reinvigoration of the HIPAA Audit Program and signals from OCR, it appears that 2014 will be the year of heightened OCR enforcement." OCR lacks insight into HIPAA security rule compliance, Epstein Becker Green, Alaap B. Shah