Archive | September, 2012

HIPAA Security Risk Analysis Tips – Meaningful Use Stage 2 Underscores Need for Risk Analysis

CMS has released the Meaningful Use Stage 2 Proposed Rule. This notice of proposed rulemaking (NPRM) details the requirements for meaningful use stage 2 and is set to be published in the Federal Register March 7, with a 60-day comment period. Guess what? Risk Analysis (per 45 CFR 164.308(a)(1)(ii)(A) is not going away. Here’s today’s big tip – Get with it; learn the requirements; get ‘er done!

Continue Reading

NTC Health care Privacy and Security Consortia

The safe storage, transport and access of patient information between healthcare organizations and their partners has never been such a hot topic, with several high profile breaches hitting the headlines in 2011. The implementation of mandated audits to monitor organizations’ compliance with HIPAA Privacy and Security and the notification requirements in the event of a breach has also caused interest and concern around this issue to rise to a critical level. The NTC Health care Privacy and Security Consortia on March 8th will bring together some of the nation’s leading experts to discuss these issues.

Continue Reading

Clearwater Compliance Co-Sponsors ANSI PHI Project

In just over a week the final whitepaper from the ANSI PHI Project will be launched, and available to download from their site. Clearwater Compliance, a leading HIPAA-HITECH consultancy founded by Bob Chaput, has been co-sponsoring the project as well as lending their expert input at discussions and panels.

Continue Reading

howto://fix the npf driver isn’t running

If you’ve ever launched Wireshark only to encounter an error “the npf driver isn’t running” then you probably have encountered a botched install. Have heart, we can fix this without having to reinstall. Here’s how. Click to close the error, and then close Wireshark. Open an administrative cmd prompt. Run this command sc start npf […]

Continue Reading

On security awareness training

This won’t be long because I don’t have enough time. There are lots of discussions on whether or not awareness programs are worth the time, effort, and cost. The short answer is no. Most of them aren’t. Not because there is not value in making users aware but because the programs are crap. They are […]

Continue Reading

How to Align CE-BA-Subcontractor HIPAA Goals

Covered Entities, Business Associates and their agents and subcontractors who create, received, maintain and transmit ePHI for a “chain of custody” or “chain of trust” when it comes to HIPAA HITECH regulations. Responsibilities for safeguarding ePHI exist for all of these organizations. Sometimes the most security organizations suffer the embarrassment (HHS Wall of Shame) and liability of data losses due to poor controls outside of their organizations.

Continue Reading

HIPAA Audit Tips – Lessons from CMS’ 2008 Compliance Reviews

In a single sentence (at Section 13411 of The HITECH Act), the Secretary of HHS is mandated to “provide for periodic audits …” of compliance with the HIPAA Privacy and Security Final Rules. The initial audits are underway. Notification letters have been sent to the first 20 Covered Entities. Many organizations have geared up their preparation. Others are looking for a way to simply get started. Here’s today’s big tip – Go to School on the CMS Compliance Reviews of 2008 …

Continue Reading