HIPAA: Reducing Your Liabilities

As we perform more Security Risk Analyses, (we actually do privacy and security risk assessments), we continue to hear doctors, executives, and office managers consider HIPAA an onerous burden.  They tend to see it as painful compliance overhead and a total waste of time.  But, that is a very dangerous view of HIPAA compliance. HIPAA compliance is actually attempting to provide a guide for the healthcare industry to operate their business so they REDUCE LIABILITIES.  It reduces the likelihood of h ...

Focus on Technology: Change Your Router Passwords!

One of the most common services in healthcare is the connection to the internet. With all the focus on security and cyber breaches, one of the most vulnerable pieces on your connection to the internet is what is called the router / gateway. The router / gateway connects your computers and devices to the public internet and in many cases provides the initial security or barrier through the use of a built-in firewall. The problem is, that while this is the door, the gateway to the internet, it is a two way ...

HIPAA’s “Last Mile” Challenge

The phrase “last mile” is commonly used across many industries to denote the final leg of a project or process - reaching the goal! More often than not, it’s referring to the most difficult part of the journey.  In logistics, it is delivering your iPhone made in China to your doorstep in rural Texas.  In the communications industry, it is installing the last few hundred yards of new optical fiber cabling for high speed internet to your home or office that is extremely costly and disruptive.  And li ...

Knock, Knock – We’re here to perform an onsite HIPAA audit.

  Welcome to 2017.  If you haven't heard, the Health and Human Services Office of Civil Rights (OCR) will perform several hundred on-site HIPAA audits this year. The possibility of being selected is highly unlikely, but if you are one of the "lucky" covered entities that is audited you had better be ready - with all your ducks in a row. Current HIPAA training is only one duck, you need at least four more.  So, prepare to go duck hunting and get them in order sooner rather than later. Ther ...

Experian predicts more pain and suffering for healthcare industry

Experian released their fourth annual 2017 DATA BREACH INDUSTRY FORECAST. It covers several industry specific predictions, including Healthcare.  If you haven't heard, healthcare is under attack and it's going to be full on war in 2017.  The cyber attackers are expected to re-invest funds to create more sophisticated software and better targeting of data to steal. A few points made in the report: Protected Healthcare Information (PHI) or patient records are one of the most valuable sources of data ...

HIPAA: Patient Access to Their Information

With all of the cyber-security breaches and fines levied on organizations for lost PHI, it's easy to forget that HIPAA also defines what information must be provided to the patient and transferred to other providers for care and when they change providers. HIPAA has three basic components: Portability - allow for the transfer of patient information to other providers that may provide care to the patient or to the patient themselves. Allow the patient to access their patient information defi ...

From Meaningful Use to MACRA – Security Risk Analysis is still first requirement

  The Department of Health and Human Services (HHS) issued its final rule implementing the Quality Payment Program (QPP) that is part of the Medicare Access and CHIP Reauthorization Act (MACRA).  The QPP will reform Medicare payments for more than 600,000 clinicians across the country, and is a major step in improving care across the entire health care delivery system.  As a provider you can choose how you want to participate in the QPP based on your practice size, specialty, location, or pat ...

Value Proposition of a Next-Generation Compliance Platform (2 of 2)

This is the second in a two part series concerning the value of compliance.  Our mission is, Worry-Free Compliance, to help you obtain a culture of compliance through normal business operations.  Our vision is to reduce the complexity, cost and burden of HIPAA compliance using a next-generation compliance management platform. What does a next-generation management platform provide?  Here's a list: Complete Manages the entire compliance process Maintains custom policies and procedure ...

Value Proposition of HIPAA Compliance (1 of 2)

If you've been reading our blog very long you know we've discussed Is HIPAA worth it?, What's the ROI?, etc, etc.  This article is really another way to think about why you need to start working on your HIPAA compliance today. What is the Value Proposition of HIPAA Compliance? Identifies weaknesses that make your business vulnerable and liable Improves protection of your patients’ valuable PHI Protects your business from disruptive events – natural and man-made Fortifies your cyber ...

PHI – Who Really Owns It?

Let's just start off this blog by saying, we're not going to solve the legal question here or today.  However, it is a very important topic to understand.  Here's my feeble attempt to help covered entities (CEs) and business associates (BAs) think about PHI in a new way. PHI at its core is the patient's data. It is to be used to provide healthcare services to the patient and keep them healthy and prevent medical injury or death. The Healthcare industry is supposed to make it readily avail ...

1 2 3 4 5 6 7 8 9 13