Archive | April, 2012

Recent HIPAA Audit Updates

Section 13411 of the HITECH Act requires the Secretary of Health and Human Services (HHS) to “provide for periodic audits to ensure that covered entities and business associates that are subject to the requirements of this subtitle and subparts C and E of part 164 of title 45, Code of Federal Regulations, as such provisions are in effect as of the date of enactment of this Act, comply with such requirements.” That means compliance with the HIPAA Privacy and Security Final Rules.

Continue Reading

How to Prepare for the HIPAA Audits

HIPAA enforcement is on the upswing and the consequences are serious. A recent hire by the Office of Civil Rights (OCR), however, means enforcement may soon ramp up even more. OCR has hired Virginia-based audit firm KPMG to implement its HITECH-required HIPAA compliance auditing plan. Are you ready? Learn how to prepare…

Continue Reading

HIPAA Security Reminder – Protection Against Identity Theft

Medical Identity Theft and Identity Theft are criminal acts that occurs when a person uses someone else’s personal information, such as name, social security number and/or insurance card number, without that individual’s knowledge to obtain or make false claims for (medical) services or goods. Learn more about what you and your company should be doing…to protect yourself and your stakeholders…

Continue Reading

How To Conduct a Meaningful Use Risk Analysis

The deadline for HIPAA Security Rule compliance for Covered Entities (CEs) was April 2005! For Business Associates (BAs), the date was February 2010. Additionally, the federal government unveiled its criteria for the Meaningful Use of electronic health records (EHRs) on July 13. The criteria must be met in order for a hospital or eligible provider (EP) to qualify for reimbursement of the cost of EHR software under the American Recovery and Reinvestment Act of 2009 (ARRA). Are you ready? Learn how to qualify…. THE CHALLENGE: The meaningful use criteria have been established and include a specific privacy / security requirement to “Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities.” For both hospitals and EPs, the certification criteria is to “Conduct or review a security risk analysis and implement security updates as necessary.”

Continue Reading