February 24, 2012

Obama Administration Introduces Consumer Privacy Bill of Rights?

The Obama administration on Thursday will unveil a consumer privacy "bill of rights" that aims to give web users more control over how their personal information is collected and used online.

via www.huffingtonpost.com

If you think that Washington is not paying attention to privacy and security issues then you are asleep at the wheel. Expect to see major consumer privacy legislation introduced this year. What does this mean with respect to HITECH/HIPAA compliance? Everything.

HSGLogoThe time is running short for those

diehards that continue to believe

that this privacy and security obsession

will pass. It won't!

The two industries historically the most regulated in the US with respect to privacy and security are the financial services industry and healthcare (lagging). If the issue of pivacy/security (online or otherwise) is start to loom large across industries, then you can bet that there will be little room for tolerance with respect to non-compliance in healthcare. The bottom line is that the world has changed and the healthcare industry has not place left to hide. Many of us have been beating this horse to death and at long last it looks like the industry is starting to pay attention. It really doesn't have a choice.

 

HSGLogo Looking for best of breed HIPAA Training?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?

 

 

Posted at 12:11 PM in HIPAA Compliance, HITECH Act, Privacy & Data Security |

February 21, 2012

HIPAA Compliance 2012: The Inevitability of Enhanced Enforcement?

There's a war going on in cyberspace. It's vast, complicated, and the foot soldiers are not exactly your usual suspects.

To understand just one of the ways in which this war is waged, consider the far-ranging impact of social media, and a story recently put forward by a government employee who works for a U.S. defense agency.

via security.blogs.cnn.com
Fascinating post (see link above) by Suzanne Kelly (CNN) regarding the reason that Washington is a buzz regarding cybersecurity. Also, to signal the growing importance of cybersecurity, today NIST announced the establishment of a National Cybersecurity Center of Excellence.
The bottom line is that given all of this attention that is being paid to Cybersecurity, there is simply no way that the healtcare compliance status quo will remain unchallenged in a significant way. The HITECH Act was a shot heard nationwide and now that HHS is poised to release its final rule(s) you can be sure that enhanced enforcement is coming soon to a theatre near you.

HSGLogo Looking for best of breed HIPAA Training?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?


Posted at 12:48 PM in HIPAA Compliance, HITECH Act, HITECH/HIPAA |

February 20, 2012

HIPAA Privacy Rule Checklist under HITECH Released

The HIPAA Survival Guide is pleased to announce the release of our HIPAA Privacy Rule Checklist under HITECH. This product is now available on the HSG Store.

Checked__GreenOur HIPAA Privacy Rule Checklist under HITECH ("Checklist") is intended to deliver guidance, including suggested policies, processes, and tracking mechanisms that will allow you to make sense out of this new terrain. It is intended as a knowledge transfer vehicle that allows you to derive the HIPAA Privacy Rule compliance solution that works best within your organization. Our Checklist will “walk you through” the relevant statutory/regulatory sections of the HIPAA Privacy Rule, highlighting the policies, processes and tracking mechanisms required at a granular level.

Our Checklist is comprised of Checklist Items that have the following components:

1) a policy statement that reflects an organization's intentions: FileDocument the what;

2) a definition of a process by which the policy is implemented: RefreshCircle the how; and

3) suggested tracking mechanism(s) for capturing process results: Tools1 the measurement.

HITECH / HIPAA NewsletterOur Checklist ships with a number of tools including our scorecard. The H2 Compliance Scorecardsm is a simple but powerful mechanism for reviewing your progress with respect to Checklist completion/improvement. It works as follows:

1. Every checklist item ("Item") is given a completion score using the following statuses: 

  • M="Missing" which means that the Item has not been implemented and has a corresponding ordinal value of zero (0).
  • P="Planned" which means that the Item, although not implemented, has been identified on a project plan to be implemented and has a corresponding ordinal value of one (1).
  • B="Basic" which means that the Item has been implemented but in its most basic form and has a corresponding ordinal value of two (2).
  • F="Functional" which means that the Item has been implemented and the basic implementation has been improved upon and has a corresponding ordinal value of three (3).
  •  E= "Excellent" which means that a functional implementation has been refined and/or remained stable over a period of six months or more and has a corresponding ordinal value of four (4).

2. You add up the scores on each applicable Item (not all Items are applicable to every organization) and multiply by the total number of applicable Items to arrive at a raw score.

3. You can track the raw score over time to measure your organization's compliance progress/improvement.

 Stay tuned. We expect to be shipping additional Checklists in the coming months as we remain committed to reducing the compliance complexity of our customers.

Posted at 07:45 AM in HIPAA Checklist, HIPAA Compliance |

February 14, 2012

HIPAA Compliance: Social Media & Mobile Best Practices?

Recently, ONC’s Office of the Chief Privacy Officer (OCPO), in collaboration with the HHS Office for Civil Rights (OCR), launched a Privacy & Security Mobile Device project.

via geekdoctor.blogspot.com

As pointed out by Dr. Halamka, this project builds on the existing HHS HIPAA Security Rule - Remote Use Guidance. I am very familiar with much of the high quality content that HHS has developed to support covered entities and business associates with HIPAA compliance, but this particular resource had eluded me. Here's the money quote from the Remote Use Guidance document:

There have been a number of security incidents related to the use of laptops, other portable and/or mobile devices and external hardware that store, contain or are used to access Electronic Protected Health Information (EPHI) under the responsibility of a HIPAA covered entity. All covered entities are required to be in compliance with the HIPAA Security Rule1, which includes, among its requirements, reviewing and modifying, where necessary, security policies and procedures on a regular basis. This is particularly relevant for organizations that allow remote access to EPHI through portable devices or on external systems or hardware not owned or managed by the covered entity.

HSGLogoThe time is running short for those

diehards that continue to believe

that this privacy and security obsession

will pass. It won't!

 

The amusing thing (sort of), is that this document was put together in 2006, three years before the HITECH Act was a gleam in the Obama Administration's eye. In short, despite the cryptic/legal centric way in which the HIPAA Security Rule is presented, it really mandates, for the most part, the implementation of security basics 101. Granted, security basics 101 is certainly a non-trivial topic for non-technical staff, but it's not rocket science for a competent technologist.

The time is running short for those diehards that continue to believe that this "privacy and security" obsession is something that will pass. It won't. We live in an entirely different world now and privacy and security best practices are simply a cost of doing business. Something that both regulators and patients have come to expect. No where is this more important than in the social and mobile use cases, given the number of breaches that occur under these circumstances.

HSGLogo Looking for best of breed HIPAA Training?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?

 

Posted at 04:00 PM in HIPAA Compliance, HITECH/HIPAA |

February 11, 2012

HSG Radio: Recent Archived Episodes

Here's a number of our recently archived episodes. You can listen to our show every Friday at 3:00 EST. Click here for more information regarding upcoming shows.

Listen to internet radio with cleyva on Blog Talk Radio

HSGLogo Looking for best of breed HIPAA Training?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?

Posted at 09:57 AM in HIPAA Compliance, HIPAA Survival Guide Radio |

February 08, 2012

FREE WEBINAR: Preview of HHS Omnibus Rule

The HHS Omnibus Rule Webinar will continue our review of the proposed HHS Omnibus Rule ("OR") and discuss the marketplace impact that this comprehensive set of regulations is likely to have on the healthcare privacy and security regulatory landscape. Business associates are going to see an additional regulatory compliance burden as their subcontractors will now be treated as business associates. Covered entities can expect a number of changes including material changes to their Notice of Privacy Practices ("NOPP").

 

Date: February 9, 2012. 

Time: 2:00 to 3:30 EST. 

To register Click Here.  

 

HSGLogo Looking for best of breed HIPAA Training?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?

 

 

 

Posted at 11:54 AM in HIPAA Compliance, HIPAA Training, HITECH Act, HITECH/HIPAA |

February 07, 2012

HIPAA Compliance: MN AG Brings Suit Against a Business Associate

Minnesota attorney general brings the first formal enforcement action against a business associate, Accretive Health, Inc., for an alleged violation under HIPAA using her authority under the HITECH Act. 

via www.dwt.com

We have previously written that 2012 will be the year of HITECH Act enforcement and the year that State AGs will awaken and become more aggressive in their enforcement actions. The link above is a harbinger of things to come. Most business associates (BAs) do not realize that their compliance with the HITECH Act is "good law" today.

Forget business associate audits,

breach notification is the 800 pound

gorilla of the HITECH Act, because of

the costs, fines, and lawsuits that a

breach is likely to trigger. What is the

probability that a breach will occur?

High would be an understatement!

 

HHS has added to the confusion by slow walking the Omnibus Rule and given a grace period (understatement) for BAs to comply. However, as indicated in the link above, there is nothing preventing a State AG or the US Department of Justice from bring an action today.

What is likely to trigger an action? Although currently there is a small probability of a BAs being audited, given the fact that HHS has announced that BAs would not be targets of the first round of audits conducted by KPMG through the end of 2012, there is a high probability that a data breach will occur. Breach Notification is the 800 pound gorilla of the HITECH Act, not only because of the costs and the fines, but because of the lawsuits a breach is likely to trigger.

HSGLogo Looking for best of breed HIPAA Training?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?

 

Posted at 09:23 AM in Business Associates, HIPAA Compliance, HITECH Act |

February 04, 2012

HITECH / HIPAA Newsletter February 2012

This article explores the proposed HHS Omnibus Rule. The HHS Omnibus Rule ("OR") mostly concerns sections of the HITECH Act that went into effect on February 18, 2010. There was an NPRM that was issued on July 14, 2010 that contained the changes proposed for the final rule. It is quite evident that HHS has not broken any "land speed records" in finalizing the OR, but all indications are that it will be forthcoming "soon." The full text of the OR can be found here

To continuing reading the article subscribe to our FREE newsletter or read it in the archives.

HSGLogo Looking for best of breed HIPAA Training?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?

Posted at 03:34 PM in HIPAA Compliance, HITECH Act, HITECH/HIPAA |

HSG Radio: Preview of HHS Omnibus Rule Part I.

Here's our 2/3/2012 episode.

You can follow our weekly show (and review a complete list of the archived episodes) here.

Listen to internet radio with cleyva on Blog Talk Radio

HSGLogo Looking for best of breed HIPAA Training?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?

 

Posted at 08:03 AM in HIPAA Compliance, HITECH Act |

February 02, 2012

US v. EU Privacy Rights?

On Jan. 25, 2012, the European Commission released the final version of its proposed revisions to the European Union’s data protection framework. The package of changes represents a comprehensive reform of the EU’s 1995 data protection rules.

via www.privsecblog.com

The US is never likely to have the same strong privacy rights as those favored in the EU, but the fact that the EU is moving to expand privacy rights is a pretty good indication of the trend line. The world has changed with respect to privacy and security and many industries, especially healthcare, have been slow to catch the wave. In the US, two industries guaranteed to remain heavily regulated from a privacy and security perspective is healthcare and financial services.

The US is never likely to have the 

same strong privacy rights as those

favored in the EU, but the fact that

the EU is moving to expand privacy

rights is a pretty good indication of

the trend line.

The financial services industry, taken as a whole, started taking privacy and security seriously years ago. Yes there were some laggards, and not all players always implemented the latest in best practices, but as a whole the industry took significant steps to get its house in order. The same cannot be said for healthcare. Sure, the big players are on board, but there are large segments of the industry that still refuse to recognize the changing of the guard.

HSGLogo Looking for best of breed HIPAA Training?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?

 

 

Posted at 11:40 AM in HIPAA Compliance, HITECH Act |

Next »
My Photo

About

NEWSLETTER


  • Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon
    Sign up for a FREE
    HITECH / HIPAA
    Compliance Newsletter

    Enter your email address

Hot off the Press

Categories

Greatest Hits

Blog Roll

CC

Tools

  • Google Analytics

Become a Fan

EHR Tools

EHR Collateral


Become a Fan

Essays and Such

  • HIPAA Survival Guide (PDF)
    Read the HSG in PDF format.
  • HIPAA Survival Guide (online)
    Practical advice for health care practitioners.

  • Search, KM & the Practice of Law

  • Silicon Stories eBook

  • Dirty Little Secret

  • Competitive Advantage

  • Process Patterns

  • Movie Making and Software Development

  • The Missing Factory

  • Architecture: Shack, House or Skyscraper?

  • The Talent Wars

  • Knowledge Management and Infotainment

  • What comes after what comes next?

Silicon Stories Online

February 2012

Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29      

Archives

More...