HIPAA Compliance is a Business Decision

A couple of weeks ago, I was talking with a technology vendor who is starting to move into the healthcare space. Their technology isn’t used in the creation or manipulation of patients’ protected health information (PHI), but they do store information on behalf of healthcare organizations that could potentially include PHI. They wanted to know, “Are we required to comply with HIPAA?” Technically – yes. On the other hand, there are hundreds of healthcare organizations and healthcare vendors who act ...

HIMSS17 – OCR’s Expectations for HIPAA Compliance

Lessons Learned at HIMSS17 The Office for Civil Rights (OCR) made it clear at HIMSS17 - it’s time for the healthcare industry to take action NOW.  Here are the top messages we heard across multiple presentations by HHS (OCR, CMS), FDA, FTC, law firms, and cyber security firms. The following were made very clear to attendees.  Please note, these are not all from HHS, some were heard multiple times from various sources.  The point is, learn and take action.Ignorance of the HIPAA law is no e ...

OCR HIPAA Audits: Don’t gamble your organization’s solvency

Risk of Random Selection for an OCR Audit: 1%-5%In July of this year, the OCR began Phase II of their HIPAA Compliance Audit process. They randomly-selected 167 Covered Entities for a “desk audit” and plan to conduct an additional 50-75 onsite audits over the course of the year. A similar process will be used to select and audit a sample of Business Associates beginning in September.Given the hundreds to thousands of Covered Entities and Business Associates in any particular category, the risk o ...

Is HIPAA Worth It?

HIPAA is yet another government mandate for American healthcare businesses to address.  We all know it's time consuming, requires a lot of effort to learn, stay current on and to implement.  Plus, it's costly.  But, is it worth it?  Does it truly help the covered entity or business associate in the long run.  You might be surprised by the answer.The simple answer is ABSOLUTELY.First, let's look at HIPAA goals. Basic Goals of HIPAAPortability: To allow patients to transfer their records ...

What’s your security score?

 There are a number of ways to become the subject of an OCR HIPAA audit.  The most unlikely way is to be selected for a random audit and if that happens, go buy a lottery ticket!Complaints filed by dissatisfied customers and/or disgruntled employees resulted in about 15,000 investigations last year.  Suffer a breach and OCR will be knocking on your door.  As the number and severity of breaches continue to increase, third party companies are becoming much more efficient at identifying com ...