By Matt Fisher – The Office of the Inspector General HHS recently released the review results from its assessment of the Office for Civil Rights oversight of the HIPAA Compliance Rule. Not too surprisingly, the OIG found weaknesses in the way in which OCR oversees compliance with the HIPAA Privacy Rule.
Read More
By Steve Spearman – Access controls are mechanisms that appropriately limit access to resources. Having and maintaining access controls are a critical and required aspect of HIPAA compliance, They also help authenticate and ensure the integrity of your EHR,
By Nicole Lewis, iHealthBeat – A study from Dell, in collaboration with research firm TNS, found that 96% of mid-size health care organizations surveyed are using or are considering moving health care information to cloud computing.
By Matt Fisher – After waiting with bated breath for almost a year, the day when full scale HIPPA audits will start is almost here. During a keynote address the the HIPAA Security Conference co-hosted by the HHS Office for Civil Rights and the National Institute of Standards and Technology (“NIST”), OCR Director Jocelyn Samuels revealed that the day when audits will start is getting closer.
The switch to ICD-10 is mandatory for organizations covered by the HHIPAA, known as “HIPAA-covered entities.” Organizations not covered by the HIPAA, or “non-covered entities,” are not required to transition to ICD-10, but are strongly encouraged to do so. Non-covered entities include property and casualty insurance carriers, including auto insurers and workers’ compensation plans.
By Mike Semel – Don’t believe “We’re from the government and we are here to help you.” After a data breach in 2006 the FTC settled with ChoicePoint for $ 10 million and a 20-year monitored compliance program. Twenty-Years! In 2012 a company that had a HIPAA data breach was forced out of the state for two years by the Minnesota Attorney General.
By Steve Spearman. Earlier this summer, the Journal of the American Medical Informatics Association (JAMIA) published a paper titled Impact of the HITECH act on physicians’ adoption of electronic health records, that analyzed how well HITECH has incentivized doctors to make the leap into EHR.
By Steve Spearman – Performing a risk analysis is the cornerstone of HIPAA compliance, so it’s important to understand the regulations that require risk analysis, as well as how to conform to these rules. This week’s Q&A with Steve Spearman, focuses on understanding the essentials of risk analysis.
By Matt Fisher – It often seems as though a day does not go by without the report of a new breach of healthcare data. Examples of breaches include loss of unencrypted devices (whether laptops, flash drives or other devices), usage of non-secure services, inattention to paper records, employee snooping, and more.