Missing the HIPAA Target – Part 4

In my first blog of this series, I stated that the intent of HIPAA was not to make you an expert on regulations, but to guide you to be risk management proficient, which is the ability to recognize threats and risks to your practice and manage them to eliminate or minimize their impact.  The next installment was accountability; taking ownership and delivering verifiable results.  This was followed by the importance of training.  What is the next? Well, you need to know how to identify risks and th ...

HIPAA – Standard Operations for Business

HIPAA gets a bad rap - and deservedly so. However, most of that bad rap is because it is set up in a typical government fashion that is hard to understand and make sense of. When you look at the HIPAA laws and guidelines, it is not long before you become more perplexed than you were before. However, once you get past the government's idea of light reading, or by using our CompassDB tool which translates it into a humanly readable language, you realize that the HIPAA guidelines are not really all that cu ...

One small step for man, one giant leap for privacy!

“To err is human”… a pretty obvious statement. So if we all know we are going to make mistakes, why not add an extra level of security to mitigate the effects of the mistake? I am sure we have all been in the predicament of sending John C. an email, but when we clicked on our contacts list we accidentally sent it to John B. I have conversations constantly with clients and friends about encrypting their email to protect themselves and often get the same set of questions… “Isn’t that e ...

Missing the Target of HIPAA

Universally when working with new clients, they tell me, “I can’t learn all these HIPAA regulations and requirements.  I don’t have the time or the desire to be an expert on HIPAA!”  My response is, “That is absolutely correct!  You shouldn’t be an expert on HIPAA; that is my job.  What you and all your staff should be is risk management proficient.” Most times that draws the deer-in-the-headlights stare.  Not much comfort is taken from my response. Usually the conversation proceed ...

HIMSS17 – OCR’s Expectations for HIPAA Compliance

Lessons Learned at HIMSS17 The Office for Civil Rights (OCR) made it clear at HIMSS17 - it’s time for the healthcare industry to take action NOW.  Here are the top messages we heard across multiple presentations by HHS (OCR, CMS), FDA, FTC, law firms, and cyber security firms. The following were made very clear to attendees.  Please note, these are not all from HHS, some were heard multiple times from various sources.  The point is, learn and take action. Ignorance of the HIPAA law is no e ...

HIPAA: Reducing Your Liabilities

As we perform more Security Risk Analyses, (we actually do privacy and security risk assessments), we continue to hear doctors, executives, and office managers consider HIPAA an onerous burden.  They tend to see it as painful compliance overhead and a total waste of time.  But, that is a very dangerous view of HIPAA compliance. HIPAA compliance is actually attempting to provide a guide for the healthcare industry to operate their business so they REDUCE LIABILITIES.  It reduces the likelihood of h ...

Third Rock is seeking HIPAA partners and consultants

Third Rock is seeking HIPAA partners and consultants! If you are a HIPAA guru like us, working to help physicians, covered entities, and business associates complete their HIPAA requirements in a simple and worry-free manner, we would love to talk with you! Our CompassDB platform combines annual security risk analysis (SRA), remediation tracking and guidance, customized policies and procedures, BA Management, training logs and other HIPAA necessities in one easy-to-use portal for each of your customers. ...

Misconceptions Lead to False Sense of Security

In mid-August, The National Law Review reported the Office for Civil Rights (OCR) announced it would focus more on smaller breaches, those affecting less than 500 individuals.  I think this reflects the growing concern that Small to Medium Business (SMB) are more vulnerable.  They are also less capable of detecting, responding to and reporting breaches.  IBM estimates that 80% of cyber thefts suffered by SMBs go unreported.  This is due to lack of detection, embarrassment, and fear of social media backl ...

Third Rock Announces – Custom HIPAA Policies and Procedures

FOR IMMEDIATE RELEASE   Austin, TX, Aug 25, 2016 – Third Rock, provider of HIPAA Worry-Free Compliance™, announced custom, online HIPAA Policies and Procedures as an additional capability of  their compliance management platform, CompassDB™.  This new capability is designed to address common issues associated with policies and procedures found in most healthcare practices; outdated paper documents collecting dust on a bookshelf. The overarching focus of CompassDB™ is to reduce the cost ...

Is HIPAA Worth It?

HIPAA is yet another government mandate for American healthcare businesses to address.  We all know it's time consuming, requires a lot of effort to learn, stay current on and to implement.  Plus, it's costly.  But, is it worth it?  Does it truly help the covered entity or business associate in the long run.  You might be surprised by the answer. The simple answer is ABSOLUTELY. First, let's look at HIPAA goals. Basic Goals of HIPAA Portability: To allow patients to transfer their records ...

1 2 3