Archive | October, 2012

HIPAA Audit Tips – KPMG OCR Random Audit Documentation Request List

Attendees at HCCA’s 16th Annual Compliance Institute, April 29 – May 2, 2012 were treated to a look behind the curtains at the so-called “OCR Random Audit Documentation Request List”. As a reminder, the mandated audits are brought to you by The HITECH Act at Section 13411. These audits represent yet again another arrow in the quiver of enforcement tools being used to boost compliance with the long-ignored HIPAA Privacy and Security Rules. Here’s today’s big tip – The “OCR Random Audit Documentation Request List” is helpful, but not a panacea… learn why…

Continue Reading

How To Assess Your HIPAA-HITECH Security Compliance Program

If you create, receive, maintain or transmit ePHI, you need to view this webinar. No matter where you are in your HIPAA-HITECH compliance journey and no matter where you are in the ePHI “chain of trust”, you will benefit from knowing exactly where you stand with respect to the HIPAA Security Regulations: Learn how to do either in our recent webinar… Download Presentation Materials and View recorded version now…

Continue Reading

HIPAA Security Risk Analysis Tips – How to Rate and Rank-Order Your Risks

The “algebra” (some would say “calculus”) of Risk Analysis requires the identification of risks. This identification begins with inventorying information assets of value, then considering threats to these assets and vulnerabilities of these assets after consideration of current controls and environmental factors. Threat identification and vulnerability assessment comprises its own branch of Risk Analysis “algebra” which we’ll not cover in detail here. To keep focused on rating and ranking your risks, we’ll assume an asset-threat-vulnerability “triple” has been created. This “triple” comprises a risk. Here’s today’s big tip – Rate Your Risks; then Rank-Order Your Risks by Examining the Likelihood of “bad things” happening and the Impact to Your Organization were These Bad Things to Happen!

Continue Reading

How To Revitalize Your HIPAA-HITECH Compliance Program

New proposed rules issued in July would establish requirements for CEs and BAs to have Business Associate-type contracts with their downstream suppliers (subcontractors) who handle electronic Protected Health Information. If you receive, store, process or transmit ePHI, you need to attend this webinar.

Continue Reading

Privacy is all the rage now– But the direction is not always clear….

On February 23rd, The President issued a Consumer Privacy Bill of Rights as “a blueprint for privacy in the information age.” He ended the introductory letter with the following: “One thing should be clear, even though we live in a world in which we share personal information more freely than in the past, we must reject the conclusion that privacy is an outmoded value. It has been at the heart of our democracy from its inception, and we need it now more than ever.”

Continue Reading

HHS OCR HIPAA Videos on YouTube

While attending the 20th HIPAA Summit, we learned that HHS OCR is producing a series of videos to help inform and educate both the custodians of Protected Health Information (PHI) or electronic PHI (ePHI) and patients about the HIPAA Privacy and Security Rules. Great content to include in your education programs…

Continue Reading

OMB Receives HIPAA HITECH Omnibus Final Rulemaking from HHS

On Saturday 3/24, the Office of Information and Regulatory Affairs (OIRA) at the Office of Management and Budget (OMB) received the much-delayed Department of Health and Human Services (HHS) Office for Civil Rights (OCR) Final Rules that had been bundled together in what was called ”Omnibus Final Rulemaking”. According to the OIRA web site, it was received on Saturday, March 24.

Continue Reading