Compliance Updates

Innovation in Healthcare – The Impact on Information Privacy and Security

It is hard to believe that the HIPAA Security Rule was written when most medical records were only in hard copy format. Today, HIPAA CEs and BAs must make sure they understand their current vulnerabilities that could impact how they protect PHI. We read about PHI breaches on a regular basis, and some have been huge. This kind of news has certainly caught the attention of healthcare leaders. The key is to continually have a program in place to assess changes that result from innovation and try to stay one step ahead of related potential vulnerabilities.

Read more...

Audits and Evidence of Compliance- Will Your Organization Be Audited?

Could your organization be selected for an audit? The answer is obviously yes. So how do you prepare? We recommend that your organization conduct a document review and organize all your HIPAA privacy, security, and breach notification policies, procedures, plans and evidence of due diligence in one place for easy access to provide to OCR. Remember that OCR only provides a two-week notice. If your organizations documentation is not organized, two weeks may not be enough time to get ready for the audit.

Read more...

Webinar with Leading Industry Experts on Best Practices for Omnibus Rule Compliance and Vendor Management

The Omnibus Rule outlines significant changes to the relationships between covered entities and business associates, leading to a variety of compliance and vendor management challenges. This webinar provides attendees with an understanding of what has changed for business associates with the Omnibus Rule, and discusses how it changes the relationship between provider and vendor.

Read more...

All Aboard the Omnibus – A Look at HIPAA’s First Update in 10 Years

On January 25, 2013, the Office for Civil Rights (OCR) published their long awaited updates to the HIPAA Privacy and Security Rules. The formal name of the rules is “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule,” known to those that must implement its provisions and deal with its enforcement as the Omnibus Rule.

Read more...

OCR HIPAA Audits – We Now Know the Protocols

We should all know by now that the Office for Civil Rights (OCR) has been mandated to audit all HIPAA Covered Entities (CEs) and Business Associates (BAs), and we now know the main ingredients of the audits, the protocols, which are subject to change over time based on audit results. All CEs and BAs should begin a process now to prepare for an OCR audit based on the most current protocols. Why? Because once the OCR notifies you that your organization will be audited, you only have a couple of weeks to prepare.

Read more...

The HITECH Omnibus final rule -“Fall” for IT

The HITECH Omnibus final rule -“Fall” for IT (Journal of Healthcare Information Management – (JHIM) –Fall 2012 – Used by permission from HIMSS). See you in September – That was a great song, first done by the Tempos in 1959 and then by the Happenings in 1966. So let’s use it as the theme for the current estimated timing for the publication of the HITECH Omnibus final rule. Of course, it could also be “Home for the Holidays”.

Read more...

Mobile Devices Are Here to Stay, But Challenges Remain

Mobile Devices Are Here to Stay, But Challenges Remain (Journal of Healthcare Information Management – (JHIM) – Summer 2012 – Used by permission from HIMSS). “The use of portable devices, especially the iPhone and iPad are turning physicians into iDocs. These consumer tools are moving into the healthcare environment at a break neck speed! We have seen increased usability. That is good. But, we also have seen increased security risks. That is bad”.

Read more...