Celebrating Nurses – Cornerstones of the “Human Firewall”

In their roles as both care giver and care coordinator, nurses generate, transmit, transcribe, and interact with enormous amounts of information using a dizzying array of devices. Not surprisingly, nurses play a critical role in keeping patients’ protected health information (PHI) safe. Nurses, you are amazing!!  In the course of a single hospital shift, a hospital nurse may interact with a single patient’s record 10-20 times – or more – depending on the intensity of the care and length o ...

HIMSS17 – OCR’s Expectations for HIPAA Compliance

Lessons Learned at HIMSS17 The Office for Civil Rights (OCR) made it clear at HIMSS17 - it’s time for the healthcare industry to take action NOW.  Here are the top messages we heard across multiple presentations by HHS (OCR, CMS), FDA, FTC, law firms, and cyber security firms. The following were made very clear to attendees.  Please note, these are not all from HHS, some were heard multiple times from various sources.  The point is, learn and take action. Ignorance of the HIPAA law is no e ...

HIPAA: Reducing Your Liabilities

As we perform more Security Risk Analyses, (we actually do privacy and security risk assessments), we continue to hear doctors, executives, and office managers consider HIPAA an onerous burden.  They tend to see it as painful compliance overhead and a total waste of time.  But, that is a very dangerous view of HIPAA compliance. HIPAA compliance is actually attempting to provide a guide for the healthcare industry to operate their business so they REDUCE LIABILITIES.  It reduces the likelihood of h ...

Knock, Knock – We’re here to perform an onsite HIPAA audit.

  Welcome to 2017.  If you haven't heard, the Health and Human Services Office of Civil Rights (OCR) will perform several hundred on-site HIPAA audits this year. The possibility of being selected is highly unlikely, but if you are one of the "lucky" covered entities that is audited you had better be ready - with all your ducks in a row. Current HIPAA training is only one duck, you need at least four more.  So, prepare to go duck hunting and get them in order sooner rather than later. Ther ...

HIPAA: Patient Access to Their Information

With all of the cyber-security breaches and fines levied on organizations for lost PHI, it's easy to forget that HIPAA also defines what information must be provided to the patient and transferred to other providers for care and when they change providers. HIPAA has three basic components: Portability - allow for the transfer of patient information to other providers that may provide care to the patient or to the patient themselves. Allow the patient to access their patient information defi ...

Value Proposition of HIPAA Compliance (1 of 2)

If you've been reading our blog very long you know we've discussed Is HIPAA worth it?, What's the ROI?, etc, etc.  This article is really another way to think about why you need to start working on your HIPAA compliance today. What is the Value Proposition of HIPAA Compliance? Identifies weaknesses that make your business vulnerable and liable Improves protection of your patients’ valuable PHI Protects your business from disruptive events – natural and man-made Fortifies your cyber ...

PHI – Who Really Owns It?

Let's just start off this blog by saying, we're not going to solve the legal question here or today.  However, it is a very important topic to understand.  Here's my feeble attempt to help covered entities (CEs) and business associates (BAs) think about PHI in a new way. PHI at its core is the patient's data. It is to be used to provide healthcare services to the patient and keep them healthy and prevent medical injury or death. The Healthcare industry is supposed to make it readily avail ...

Protect your patients, protect your practice, protect yourself.

The healthcare industry is beginning to realize that HIPAA is here to stay and they are probably going to be audited sooner or later.  What physicians and all healthcare providers need to understand is that if you don't protect your patients' PHI/ePHI the following can happen to your patients as a result of their identity being stolen and used. NOT Protecting Your Patients' (PHI/ePHI): You can cause them financial difficulties or even financial ruin. You can cause them undue stress, even a str ...

HIPAA Violation leads to jail time

An east Texas man, Joshua Hippler, was sentenced to 18 months in jail for violating HIPAA regulations. Basically, he was trying to sell PHI for personal gain.  He worked in a hospital and obtained PHI that he planned to sell.  The story here is not about Mr. Hippler, it's about you being held accountable for the protection of PHI.  It's important to understand that you can now serve jail time for NOT being HIPAA compliant. Yes, it's true, Hippler had criminal intent, but if you take HIPAA lightly and ...

Third Rock Announces – Custom HIPAA Policies and Procedures

FOR IMMEDIATE RELEASE   Austin, TX, Aug 25, 2016 – Third Rock, provider of HIPAA Worry-Free Compliance™, announced custom, online HIPAA Policies and Procedures as an additional capability of  their compliance management platform, CompassDB™.  This new capability is designed to address common issues associated with policies and procedures found in most healthcare practices; outdated paper documents collecting dust on a bookshelf. The overarching focus of CompassDB™ is to reduce the cost ...

1 2 3 4