HIPAA HITETCH Compliance Blog Archive

HIPAA Breach: 20 Years of Hard Labor

 Accretive Health gets 20 years of outside monitoring of privacy and security efforts for HIPAA breach. " Additionally, Accretive Health agreed to initial and biennial third-party auditing of their security measures and to maintain those records and make them available to the FTC upon request. The settlement will be in effect for 20 years."  Winston & Strawn LLP, Steven Grimes

Continue reading…

HIPAA Compliance for Health Insurance Producers

 September 23, 2013 was the deadline for all health insurance producers to be HIPAA compliant.  A new tool from Compliance Helper helps them get compliant, stay compliant, and prove compliance for only $99 setup and $35 per month.

Continue reading…

HIPAA Audits Increase in 2014, Include Business Associates

 "Based on reinvigoration of the HIPAA Audit Program and signals from OCR, it appears that 2014 will be the year of heightened OCR enforcement."  OCR lacks insight into HIPAA security rule compliance, Epstein Becker Green, Alaap B. Shah 

Continue reading…

HIPAA Omnibus Rule and Business Associates

 First there was HIPAA, then HITECH, now Omnibus, what is a business associate supposed to do?  Well since 60% of business associates surveyed had never heard of the Omnibus Rule get educated is critical.

Continue reading…

HIPAA Compliance is an On-going Process

 The reasons an organization can't be "Certified HIPAA Compliant" are two fold; HHS has given no one authority to certify, and HIPAA compliance is an on-going, evolving process.  A recent article from Scott & Scott LLP entitled "The challenges of compliance" encapsulates this nicely.

Continue reading…

Violate HIPAA:Go To Jail

 An employee of a covered entity was sentenced to 37 months in jail for violating HIPAA. regulations.  In this case it was fraud since the employee was selling the patient records but in another famous case at UCLA it was caused by an employee "peeking" at famous patient's records.

Continue reading…

Pay Back MU Money?

OIG has stated that if a CE failed to perform even one measure of Meaningful Use they would have to return the stimulus funds and might be audited to determine if there was fraud.  A Florida firm just had to pay back $31 million for falsely attesting to compliance.

Continue reading…

An ounce of HIPAA Prevention can save a pound of compliance costs

AvMed paid a $3 million dollar class action settlement which is on top of any HIPAA penalties and costs. Penny wise pound foolish is an adage that applies to HIPAA compliance.  Spend thousands to save millions. 

Continue reading…

What Next with HIPAA Omnibus? David Finn of Symantec on Top Compliance Challenges

What Next with HIPAA Omnibus? David Finn of Symantec on Top Compliance Challenges "It's going to be imperative that covered entities monitor and know what the business associates are doing, but they're not going to realistically be able to do that themselves."  

Continue reading…

HIPAA Business Associate Compliance in 8 Days

Getting business associates HIPAA compliant in as little as 8 days requires technology, methodology and sound advice.  Our partner, Rebecca Herold, CISSP, CIPP/US, CIPP/IT, CISM, CISA, FLMI, www.theprivacyprofessor.com was rated the number 3 privacy and security consultant in the world by Computerworld..

Continue reading…

HIPAA Compliance and Disruptive Innovation

 Disruptive innovation can provide low cost and efficient methods for HIPAA HITECH and Omnibus Rule compliance.  The old model involved sending a consultant to the client with a policy and procedure manual under their arm but with SaaS or the cloud model we can send the consultant and the content over the Internet with interactive software.

Continue reading…

HIPAA Compliance Software for Business Associates

 HIPAA compliance software for business associates is different from HIPAA compliance software for covered entities.  The difference is the need for on-going proof of compliance to satisfy their covered entities.

Continue reading…

HIPAA Omnibus: Educating Vendors A CISO Describes Challenges with Smaller Business Associates

 "So the education to help them understand their [new HIPAA] obligations, and to work with them to identity the bigger risk areas, and to create a corrective action plan or a remediation schedule - that's going to be an ongoing conversation for us. That is something that will never go away," Jeff Cobb, CISO at Capella Healthcare.  The Tennessee-based health system, which operates 14 acute care and specialty hospitals in six states, deals with many smaller business associates that lack a mature security program

Continue reading…

Are Your BAs HIPAA Compliant? "Think before you share, part III: is my data secure?" Foley & Lardner LLP Peter I. (Pete) Sanborn

 "The general principle is to ensure the breadth and depth of the vendor’s security obligations are aligned with the sensitivity of the data. Additionally, the agreement should specify the vendor’s obligations in the event of a breach (both in terms of reporting/investigating the breach and in terms of paying for the downstream costs/expenses associated with notifying the impacted individuals), and your rights during the agreement to audit the vendor’s compliance with the security requirements.'

Continue reading…

Time's up! Compliance deadline for HIPAA/HITECH final rules has arrived Blank Rome LLP Nicholas C. Harbist, Jennifer J. Daniels and Angela M. Guarino

Time's up! Compliance deadline for HIPAA/HITECH final rules has arrived, Blank Rome LLP, Nicholas C. Harbist, Jennifer J. Daniels and Angela M. Guarino

 "Relationship Review—Have you reviewed your relationship with vendors to ensure compliance with the Final Rules?'

Continue reading…

Am I a Business Associate under HIPAA HITECH?

Whether it is confusion or denial there are a lot of organizations that don't seem to understand that they are business associates and therefore are required to comply with HIPAA.  The HITECH Act was passed in 2009 and amended HIPAA to include business associates, yet in 2013 we still get calls from people wanting to know if they are a business associate.  Partually this is due to the fact that in 2010 HHS announced that they were delaying enforcement until the rules were published.

Continue reading…

HIPAA Audits of Business Associates; October 1, 2013?

October 1, 2013 will be the beginning date for HIPAA audits of business associates.  This is the beginning of the 2014 fiscal year for HHS and they will start setting up unannounced audits of business associates says Rachel Seeger, a spokesperson for the Department of Health and Human Services' Office for Civil Rights, which enforces HIPAA.

Continue reading…

Covered Entities Liable for Their Business Associates under HIPAA Omnibus Rule

 In the past a covered entity was not liable for breaches caused by their business associates if they had a BA agreement in place and did not know of a pattern of non-compliance.  That has changed under the Omnibus Rule if the business associate is deemed an agent of the covered entity.

Continue reading…

Compliance Checklist HIPAA HITECH Omnibus Rule

 Ignorance of the HIPAA HITECH Omnibus Rule is rampant and can cause a lot of pain. We have developed a 10 question checklist to let you evaluate whether you are compliant.

Continue reading…

Majority of Business Associates Unfamiliar with HIPAA Omnibus Rules

 In a recent survey, less than a month before the HIPAA HITECH Omnibus goes into effec,t a majority of business associates are unaware of the new requirements.  Covered entities need to ask some questions, find out who is non-compliant. and ask them to remediate these risks.  If they can't or won't they need to sever the business relationship.

Continue reading…