Overwhelmed by HIPAA? Compliance is a Process, Not an Event

Like most major change initiatives, HIPAA compliance doesn’t happen in a day. It requires change by every person in the organization. Everyone who touches PHI (protected health information) must develop new work habits to keep PHI secure…Staff who answer phones, schedule appointments, and check patients in have to maintain patient confidentiality in very public work stations…IT staff must implement new technical safeguards and continually monitor systems…Managers must learn the new roles of P ...

Why your Meaningful Use SRA is not enough

Many covered entities had a high level Security Risk Analysis (SRA) performed to "check the box" for meeting the Meaningful Use requirement.  The HHS OCR has now performed enough audits, however, to know that a risk assessment isn't enough - Covered Entities need to take corrective action. With MACRA and HIPAA both requiring an SRA and HIPAA requiring a prioritized list of risks, corrective action plans, and a risk management process, it's time to have a proper risk assessment performed and take cor ...

Culture of Compliance Awarded to The Urology Team

Ada and Cindy leading the efforts to protect patient data and The Urology Team practice. Third Rock is pleased to recognize The Urology Team, a well-known and respected Austin-based medical practice, with the Culture of Compliance Award. This is the first time Third Rock has presented this award which recognizes healthcare providers who have embraced HIPAA privacy and security practices so thoroughly that they are engrained in their corporate culture and standard processes. The Urology Team engaged T ...