CMS has released the Meaningful Use Stage 2 Proposed Rule. This notice of proposed rulemaking (NPRM) details the requirements for meaningful use stage 2 and is set to be published in the Federal Register March 7, with a 60-day comment period. Guess what? Risk Analysis (per 45 CFR 164.308(a)(1)(ii)(A) is not going away. Here’s today’s big tip – Get with it; learn the requirements; get ‘er done!
Archive | September, 2012
If you receive, store, process or transmit ePHI, you should view this webinar on how to meet the HIPAA-HITECH data backup and recovery requirements.
The safe storage, transport and access of patient information between healthcare organizations and their partners has never been such a hot topic, with several high profile breaches hitting the headlines in 2011. The implementation of mandated audits to monitor organizations’ compliance with HIPAA Privacy and Security and the notification requirements in the event of a breach has also caused interest and concern around this issue to rise to a critical level. The NTC Health care Privacy and Security Consortia on March 8th will bring together some of the nation’s leading experts to discuss these issues.
Is encryption required by HIPAA, by HITECH? Will HHS/OCR audit my encryption program? If you receive, store, process or transmit ePHI, you should view this webinar on How to Meet HIPAA-HITECH Encryption Requirements to learn how to secure ePHI in order to avoid a Data Breach.
In just over a week the final whitepaper from the ANSI PHI Project will be launched, and available to download from their site. Clearwater Compliance, a leading HIPAA-HITECH consultancy founded by Bob Chaput, has been co-sponsoring the project as well as lending their expert input at discussions and panels.
If you’ve ever launched Wireshark only to encounter an error “the npf driver isn’t running” then you probably have encountered a botched install. Have heart, we can fix this without having to reinstall. Here’s how. Click to close the error, and then close Wireshark. Open an administrative cmd prompt. Run this command sc start npf […]
This won’t be long because I don’t have enough time. There are lots of discussions on whether or not awareness programs are worth the time, effort, and cost. The short answer is no. Most of them aren’t. Not because there is not value in making users aware but because the programs are crap. They are […]
After a laptop containing several thousand hospital records was lost, Accretive Health has
been taken to court by the Minnesota Attorney General. In addition to being charged with violations of HIPAA regulations, Accretive Health is facing charges of consumer fraud and deceptive practices.
Covered Entities, Business Associates and their agents and subcontractors who create, received, maintain and transmit ePHI for a “chain of custody” or “chain of trust” when it comes to HIPAA HITECH regulations. Responsibilities for safeguarding ePHI exist for all of these organizations. Sometimes the most security organizations suffer the embarrassment (HHS Wall of Shame) and liability of data losses due to poor controls outside of their organizations.
In a single sentence (at Section 13411 of The HITECH Act), the Secretary of HHS is mandated to “provide for periodic audits …” of compliance with the HIPAA Privacy and Security Final Rules. The initial audits are underway. Notification letters have been sent to the first 20 Covered Entities. Many organizations have geared up their preparation. Others are looking for a way to simply get started. Here’s today’s big tip – Go to School on the CMS Compliance Reviews of 2008 …