HIPAA HITETCH Compliance Blog Archive

How does my company get HIPAA Certification?

Here is Health and Human Service quote about HIPAA certification; " It is important to note that HHS does not endorse or otherwise recognize private organizations’ “certifications” regarding the Security Rule, and such certifications do not absolve covered entities of their legal obligations under the Security Rule. Moreover, performance of a “certification” by an external organization does not preclude HHS from subsequently finding a security violation."

Continue reading…

Getting HIPAA Compliant Online

 There are many approaches to getting HIPAA compliant but an on-line method provides the most efficient and cost effective method of getting HIPAA compliant, staying HIPAA compliant, and proving HIPAA compliance.

Continue reading…

How to Get HIPAA Compliant

 Getting HIPAA compliant requires some work but for most business associates it does not have to be unmanageable task.  The important thing is to have a plan and document your work.

Continue reading…

Business Associate Fired for HIPAA Breach

 A HIPAA breach involving the posting of information about 15,000 Boston Medical Center patients on a transcription firm's unsecured website serves as a reminder of the importance of monitoring the security practices of all business associates.

Continue reading…

HIPAA vs Hippa, A Primer

 HIPAA is the Health  Insurance Portability and Accountability Act and Hippa is the feminine of Hippo.  Forgive the bad joke, but getting this wrong causes a red flag warning to everyone in the healthcare privacy and security industry.  If it is just a typo then you might get forgiveness after everyone gets a good chuckle.  If it indicates your lack of knowledge it can be a bigger problem.

Continue reading…

HIPAA 'Desk Audits" and Documentation

 In the next round of HIPAA audits the first stage will be a "desk audit" which will require the business associate to send copies of their latest risk assessment and copies of updated policies and procedures.  The HIPAA Omnibus Rule took effect in September of 2013 and requires significant changes in policies and procedures.  Policies and procedures written prior to the HIPAA Omnibus Rule are out of date.

Continue reading…

HIPAA Compliance Checklist Vs Compliance Meter (tm)

 A HIPAA compliance checklist gives you a snapshot view of your compliance while our Compliance Meter (tm) displays your on-going HIPAA compliance, why is that important?  HHS says that HIPAA compliance is a process not an event, in fact it is an on-going process because things change in your company and that affects your HIPAA compliance.  The Compliance Meter (tm) shows you and your business partners your level of compliance on and on-going basis.

Continue reading…

Free HIPAA Compliance Checklist

Our free HIPAA compliance checklist can be a handy quick reference to your current level of HIPAA compliance.  With all the changes brought about by the HIPAA Omnibust Rule your policies and procedures may be out of date.  So download it today at www.compliancehelper.com/compliance-checklist .

Continue reading…

Business Associate Breach Costs Stanford Hospital $4 Million Dollars

 The $4 million settlement of a class action lawsuit filed under California law, not HIPAA, was announced by Los Angeles County Superior Court Judge Elihu Berle.  The breach was caused when Stanford handed over encrypted data to Multi-Specialty Collection Services which ended up posted on a student website where it was available to the public for over a year.

Continue reading…

HIPAA Business Associate Breach Triggers Class Action Lawsuit

 A class action lawsuit has been filed against Los Angeles County and a vendor that handles patient billing and payment collections for the county's departments of health services and public health in the wake of a breach last month affecting 168,500 individuals.  The breach was the result of a Feb. 5 theft of eight unencrypted desktop computers from the Torrance, Calif. office of Sutherland Healthcare Services, the billing and collections business.  Class Action Suit Filed in L.A. Breach, Seeking Damages in Wake of Computer Theft Incident, By Marianne Kolbasuk McGee, March 19, 2014. Follow Marianne @HealthInfoSec

Continue reading…

Monitor Business Associates Compliance

 Law firm recommends that covered entitiesand business associates "investigate subcontractors' data protection practices, including by way of reviewing third party audit reports and written data security policies where available".  Interestingly this is not a HIPAA issue, yet but the FTC despite the fact that it is a healthcare transcripton company that caused the breach.

Continue reading…

HIPAA Businees Associate Agreements and Omnibus Rule

 The HIPAA Omnibus Rule has created a new dialogue about HIPAA business associate agreements. Business associates need to be very careful about signing business associate agreements as covered entities and business associates are trying to shift liability to their business associates or sub-contractors.

Continue reading…

HIPAA Business Associate Audits

 HHS will be starting HIPAA business associate audits in 2014, but the most likely source of an audit is a covered entity or business associate seeking "satisfactory assurances that you are HIPAA compliant.

Continue reading…

Beware the "HIPAA Compliant" Claim

  The FTC’s complaint alleges that GMR held itself out as a “HIPAA Compliant Medical Transcription Service” and overpromised customers “You can be assured that the materials going through our system are highly secure and are never divulged to anyone.”  Beware the self described "HIPAA Compliant" company.  You need proof of on-going HIPAA compliance from a trusted third party such as Complianc Helper and their Compliance Meter(tm).

Continue reading…

HIPAA and Health Insurance Carriers

 Health insurance carriers must drive HIPAA compliance.  General agents and producers are waiting for a signal that they must be able to prove compliance to their carriers.  This means doing more than amending business associate agreements.

Continue reading…

HIPAA for Insurance Producers

 The HIPAA Omnibus Rule has changed the requirements for insurance producers and Compliance Helper has responded with a special program to help them get compliant, stay compliant, and prove compliance with our Compliance Meter(tm).

Continue reading…

FTC Has Authority in Addition to HIPAA HITECH

 In a recent ruling the FTC maintained its right to enforce their rules on covered entities in additon to the HIPAA rules, adding to the responsibility of covered entities to protect PHI.  LabMD’s Motion to Dismiss Complaint with Prejudice and to Stay Administrative Proceedings was denied and LabMD announced that they were closing down.

Continue reading…

HIPAA Breach: 20 Years of Hard Labor

 Accretive Health gets 20 years of outside monitoring of privacy and security efforts for HIPAA breach. " Additionally, Accretive Health agreed to initial and biennial third-party auditing of their security measures and to maintain those records and make them available to the FTC upon request. The settlement will be in effect for 20 years."  Winston & Strawn LLP, Steven Grimes

Continue reading…

HIPAA Compliance for Health Insurance Producers

 September 23, 2013 was the deadline for all health insurance producers to be HIPAA compliant.  A new tool from Compliance Helper helps them get compliant, stay compliant, and prove compliance for only $99 setup and $35 per month.

Continue reading…

HIPAA Audits Increase in 2014, Include Business Associates

 "Based on reinvigoration of the HIPAA Audit Program and signals from OCR, it appears that 2014 will be the year of heightened OCR enforcement."  OCR lacks insight into HIPAA security rule compliance, Epstein Becker Green, Alaap B. Shah 

Continue reading…