Three minute video of the HSG Subscription Plan. Accept no Substitute!
« February 2013 | Main | April 2013 »
March 21, 2013
March 18, 2013
March 12, 2013
Security Rule for BAs Available & Omnibus Rule Ready
Digital Download
Omnibus Rule Ready™
Now availble on the HSG Store here.
The most important step for building a “good Security Rule compliance story” is for the business associate to get started. The approach recommended herein is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. Getting started in the wrong direction initially could be far more costly in the long run, since much of the compliance budget may simply be wasted. The framework discussed throughout this document provides a good road map to follow.
March 09, 2013
HIPAA Privacy Rule Checklist now Omnibus Rule Ready!
Digital Download
Now available on the HSG Store here.
Omnibus Rule Ready™
Our HIPAA Privacy Rule Checklist under HITECH ("Checklist") is intended to deliver guidance, including suggested policies, processes, and tracking mechanisms that will allow you to make sense out of this new terrain. It is intended as a knowledge transfer vehicle that allows you to derive the HIPAA Privacy Rule compliance solution that works best within your organization. Our Checklist will “walk you through” the relevant statutory/regulatory sections of the HIPAA Privacy Rule, highlighting the policies, processes and tracking mechanisms required at a granular level.
Our Checklist is comprised of Checklist Items that have the following components:
1) a policy statement that reflects an organization's intentions: the what;
2) a definition of a process by which the policy is implemented: the how; and
3) suggested tracking mechanism(s) for capturing process results: the measurement.
What is a Policy?
The word “policy” can be used in so many ways that it bears some exploration, especially for our purposes (i.e. as it pertains to HIPAA regulatory compliance). We often talk of “developing a policy,” or of “implementing a policy” or of “carrying out a policy.” For example, 45 CFR §164.530 (i) states as follows:
Standard: Policies and procedures. A covered entity must implement policies and procedures with respect to protected health information that are designed to comply with the standards, implementation specifications, or other requirements of this subpart and subpart D of this part.
Notice that a distinction is made between policies versus procedures. In general, we can think of a “policy” as a purposeful set of decisions or actions usually in response to a problem that has arisen. From a compliance perspective, a policy is a set of statements, including decisions and actions, regarding what an organization intends to do with respect to meeting its regulatory requirements (e.g. see our Breach Notification Policy). A policy indicates what an organization intends to do and is often also used as a communications vehicle of said intent.
Our Checklist contains a HITECH compliant Privacy Policy that can be used out-of-the-box or customized to meet your organization's specific requirements. However, our Checklist contains much more than mere policy statements. A policy is a necessary, but insufficient, component of a compliance initiative.
What is a Process?
A process is a repeatable series of steps that must be accomplished over time. From a HIPAA regulatory compliance perspective, processes are how policies get implemented. Policies without processes are nothing more than empty promises and will not prevent serious compliance liability. HHS is going to want to see evidence not only of policies but of processes as well. Every Checklist Item contains process suggestions that will enable you to quickly "stand-up" your Privacy Rule Compliance initiative.
What is a Tracking Mechanism?
A tracking mechanism is a way to keep track of process results. For example, QuickBooks is a tracking mechanism for accounting data and processes. You must be able to track the results of your compliance processes if you hope to provide visible demonstrable evidence that you are meeting your regulatory requirements.
Other components included in our Checklist?
|
Component |
Description |
|
|
Model HIPAA Privacy Policy |
Comprised of the policy statements included in the individual Checklist Items with some global clauses added. |
|
|
Model Notice of Privacy Practices
|
This document contains a Model Notice of Privacy Practices (“NOPP”) that is referenced from the Checklist. |
|
|
Model Restriction Request Form
|
This document contains a Model Restriction Request Form to be used by patients when they submit PHI restriction requests. |
|
|
Model Patient Request Log
|
This document contains a Model Patient Request Log to be used by workforce members for logging patient requests for: 1) restrictions; 2) authorization; 3) PHI Access; etc. |
|
|
H2 Compliance Scorecard
|
H2 Compliance Scorecard for the Checklist. The Scorecard can be used as an internal tracking system to log an organization’s Privacy Rule compliance improvement initiative over time. |
|
Customize It!
Our HIPAA Privacy Rule Checklist under HITECH was developed in a manner that lends itself readily to customization in order to meet the unique requirements of Your Organization.
March 07, 2013
Announcing an Omnibus Rule Ready Business Associate Contract
Digital Download
Omnibus Rule Ready™
Now available on the HSG Store here.
View The Content of our Business Associate Contract and realize the full value it contains
Why should you buy our Business Associate Agreement Model Contract?
HITECH, HIPAA, & Omnibus Rule Compliant – The provisions in our model Business Associate Agreement meet the requirements of the HIPAA, including the Omnibus Rule, and the HITECH Act.
QUICK and EASY – For most small practices/businesses this agreement is a “right out of the box” solution. You can literally just fill in the blanks on the Business Associate Agreement Template, print it out and you’re ready to go.
REUSE IT – Your business entity/practice can reuse the Business Associate Agreement Template for each and every Business Associate/Covered Entity relationship requiring a Business Associate Agreement.
CUSTOMIZABLE – Even though the Business Associate Agreement Template was developed to be an “out of the box” solution for small practices and businesses, the supporting annotated documents and user’s guide walk you through the contract, identifying potential issues and making suggestions for suitable modifications to the agreement.
KNOW What You’re SIGNING - Sooner or later, someone from another practice or business is going to put their version of a Business Associate Agreement in front of you. Our annotated agreement and user’s guide helps you fully understand what you are committing your organization to when you sign on their dotted line. Moreover, you will be able to better identify any pitfalls or omissions the “other guys” may have in their agreement.
Download it NOW! - As soon as you complete your purchase you will receive an e-mail with instructions for downloading your copy of the Business Associate Agreement and supporting documentation.
Here’s what get when you purchase our Business Associate Agreement Model Contract:
Business Associate Agreement Template – You’ll receive a HIPAA/HITECH compliant Business Associate Agreement in both Microsoft Word (.doc) and Adobe (.pdf) formats. The MS Word version is fully editable and is ready for you to simply fill in the appropriate blanks. The extra .pdf version serves as a handy reference.
Annotated Version of the Business Associate Agreement – A fully annotated PDF version of the Agreement containing embedded commentary and references/citations to the HITECH Act and related regulations (.pdf file).
Business Associate Agreement User’s Guide – Contains a step by step analysis of each clause in the Business Associate Agreement Template, with commentary and links to additional information. It provides insight into relevant legal issues and will keep you informed with regard to the essential terms of the agreement.
The Relevant Sections from the HITECH Act – Copies of Sections 13401, 13402, 13404 and 13408 of the HITECH Act for your reference (.pdf files).
Supporting Links – The Business Associate Agreement and supporting documents link to the relevant statutory/regulatory authority that underpins each clause in the agreement.
March 06, 2013
March 05, 2013
NEWSLETTER
Hot off the Press
Categories
- Big Data (1)
- Business Associates (5)
- Copyright (1)
- Culture (27)
- Current Affairs (13)
- EHR and HITECH (14)
- Health & Medicine (19)
- Health 2.0 (10)
- Healthcare Fraud (3)
- Healthcare in Cloud (7)
- HHS Omnibus Rule (10)
- HIPAA Breach Notificaiton (30)
- HIPAA Checklist (23)
- HIPAA Compliance (103)
- HIPAA Compliance Software (16)
- HIPAA Survival Guide Radio (21)
- HIPAA Training (23)
- HITECH Act (89)
- HITECH/HIPAA (137)
- Law and Internet (45)
- Meaningful Use (9)
- New Media (1)
- Online Business Startup (19)
- Online Contracts (8)
- Privacy & Data Security (6)
- Red Flags (2)
Greatest Hits
- Enforcement of Privacy Laws: A Freight Train is Coming
- Snake Oil, KM & the Practice of Law
- Rainmakers, Raincollectors & KM
- Enterprise 2.0
- Wikis & Law Firms
- It's All Beta, All the Time!
- If the CIA likes it, why wouldn't a law firm?
- New Media, Geeks Still Rule
- Markets as Conversations-So What?
- It's Called Marketing Stupid
- The Next Billion Internet Users
- Email Still the Killer App?
- It is early in web years!
Blog Roll
- Blog | Healthcare Collaboration
- Blog | Healthcare Informatics
- Chris Saah
- Chronic Disease Management
- Crossover Healthcare
- Doc Searls
- Dog's Life Digital Magazine
- Effect Measure
- EMR Daily News — News of the day in the world of Electronic Medical Records
- EMR, EHR and HIPAA - Covering EMR, EHR, HIPAA and Healthcare IT
- Eric Goldman
- Felix Gerena
- Future of Health IT: Trends and Scenarios
- Grant McCracken
- Healing Hospitals
- Health Beat
- Health Blog - WSJ
- Health Care Law Blog
- Health Plan Innovation Blog
- Health Policy Blog
- HealthBlawg
- HealthBlawg
- Healthcare & Technology Blog
- Healthcare Technology News
- HIPAA Privacy Rule
- HIPAA Requirements
- HIPAA Security Rule
- HIPAA Survival Guide
- HIPAA Survival Guide | The HITECH ACT
- HIPAA Training
- ONCHIT
- HITSphere
- Insights on Health Policy | John Goodman | NCPA
- Internet Lawyer
- Jason Kottke
- Life as a Healthcare CIO
- Moby Dick Online
- Neil Versel's Healthcare IT Blog
- Nicholas Carr
- Project HealthDesign Blog
- Remaking Healthcare
- Remaking Healthcare
- Rick Georges
- Sal's Blog
- Seth Godin
- The EHR Guy's Blog
- The Health 2.0 Blog
- The Health Care Blog
- The Healthcare IT Guy
- The New Health Dialogue | New America Blogs
- Tom Peters
- Yasnoff on eHealth
CC
Tools
- Google Analytics
Essays and Such
- HIPAA Survival Guide (PDF)
Read the HSG in PDF format. - HIPAA Survival Guide (online)
Practical advice for health care practitioners. 
Search, KM & the Practice of Law
Silicon Stories eBook
Dirty Little Secret
Competitive Advantage
Process Patterns
Movie Making and Software Development
The Missing Factory
Architecture: Shack, House or Skyscraper?
The Talent Wars
Knowledge Management and Infotainment
What comes after what comes next?
Silicon Stories Online
- Book Cover
- Chapter 1: Dirty Little Secret
- Chapter 2: Competitive Advantage
- Chapter 3: Process Patterns
- Chapter 4: Movie Making & Software Development
- Chapter 5: The Missing Factory
- Chapter 6: Architecture
- Chapter 7: Talent Wars, E-Teams and E-Cultures
- Chapter 8: Knowledge Management & Infotainment
- Chapter 9: What Comes After What Come Next?
February 2019
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 |