We should all know by now that the Office for Civil Rights (OCR) has been mandated to audit all HIPAA Covered Entities (CEs) and Business Associates (BAs), and we now know the main ingredients of the audits, the protocols, which are subject to change over time based on audit results. All CEs and BAs should begin a process now to prepare for an OCR audit based on the most current protocols. Why? Because once the OCR notifies you that your organization will be audited, you only have a couple of weeks to prepare.
Read more...
The HITECH Omnibus final rule -“Fall” for IT
(Journal of Healthcare Information Management – (JHIM) –Fall 2012 – Used by permission from HIMSS). See you in September – That was a great song, first done by the Tempos in 1959 and then by the Happenings in 1966. So let’s use it as the theme for the current estimated timing for the publication of the HITECH Omnibus final rule. Of course, it could also be “Home for the Holidays”.
Read more...
Mobile Devices Are Here to Stay, But Challenges Remain
(Journal of Healthcare Information Management – (JHIM) – Summer 2012 – Used by permission from HIMSS). “The use of portable devices, especially the iPhone and iPad are turning physicians into iDocs. These consumer tools are moving into the healthcare environment at a break neck speed! We have seen increased usability. That is good. But, we also have seen increased security risks. That is bad”.
Read more...
How to Prepare for a HIPAA – HITECH Audit
(Journal of Healthcare Information Management – (JHIM) – Spring 2012 – Used by permission from HIMSS). Covered entities (CEs) and business associates (BAs) can now clearly see the “HIPAA police” up ahead on the “side of the road”.
Read more...
Information security risk management is a numbers game. The bigger the numbers, the harder it is to manage the risk of unauthorized access to PHI.
Read more...
(Journal of Healthcare Information Management – (JHIM) – Fall 2011 – Used by permission from HIMSS) A question that we have been asked by a number of our clients over the past six (6) months is: “What do we really need to do for Meaningful Use (MU) Stage 1 in regards to information security risk analysis?”
Read more...