Attendees at HCCA’s 16th Annual Compliance Institute, April 29 – May 2, 2012 were treated to a look behind the curtains at the so-called “OCR Random Audit Documentation Request List”. As a reminder, the mandated audits are brought to you by The HITECH Act at Section 13411. These audits represent yet again another arrow in the quiver of enforcement tools being used to boost compliance with the long-ignored HIPAA Privacy and Security Rules. Here’s today’s big tip – The “OCR Random Audit Documentation Request List” is helpful, but not a panacea… learn why…
Archive | October, 2012
If you create, receive, maintain or transmit ePHI, you need to view this webinar. No matter where you are in your HIPAA-HITECH compliance journey and no matter where you are in the ePHI “chain of trust”, you will benefit from knowing exactly where you stand with respect to the HIPAA Security Regulations: Learn how to do either in our recent webinar… Download Presentation Materials and View recorded version now…
The “algebra” (some would say “calculus”) of Risk Analysis requires the identification of risks. This identification begins with inventorying information assets of value, then considering threats to these assets and vulnerabilities of these assets after consideration of current controls and environmental factors. Threat identification and vulnerability assessment comprises its own branch of Risk Analysis “algebra” which we’ll not cover in detail here. To keep focused on rating and ranking your risks, we’ll assume an asset-threat-vulnerability “triple” has been created. This “triple” comprises a risk. Here’s today’s big tip – Rate Your Risks; then Rank-Order Your Risks by Examining the Likelihood of “bad things” happening and the Impact to Your Organization were These Bad Things to Happen!
New proposed rules issued in July would establish requirements for CEs and BAs to have Business Associate-type contracts with their downstream suppliers (subcontractors) who handle electronic Protected Health Information. If you receive, store, process or transmit ePHI, you need to attend this webinar.
On February 23rd, The President issued a Consumer Privacy Bill of Rights as “a blueprint for privacy in the information age.” He ended the introductory letter with the following: “One thing should be clear, even though we live in a world in which we share personal information more freely than in the past, we must reject the conclusion that privacy is an outmoded value. It has been at the heart of our democracy from its inception, and we need it now more than ever.”
It always starts with getting the C-suite into the room to present them with an overview of what they can expect as deliverables from a Security Assessment and/or a Risk Analysis… then the question is asked “how much is this going to cost?” Here’s today’s big tip – Show ‘em the money – make it a Return on Security Investment (ROSI)!
While attending the 20th HIPAA Summit, we learned that HHS OCR is producing a series of videos to help inform and educate both the custodians of Protected Health Information (PHI) or electronic PHI (ePHI) and patients about the HIPAA Privacy and Security Rules. Great content to include in your education programs…
Risk analysis (a.k.a., risk assessment) is one of the most key components of an organizational risk management. In the healthcare setting, risk analyses identify, prioritize, and estimate risk to organizational operations (i.e., legal, financial, clinical, operational, and reputation), organizational assets, individuals and other organizations, resulting from the operation and use of information assets and media that create, receive, transmit or maintain electronic Protected Health Information (ePHI). Here’s today’s big tip – Learn how to make better security investment decisions!
View this 60-minute webinar and learn from industry experts how to assess specific security risks and build a strong business case for enhanced PHI security. The webinar covers PHIve (PHI Value Estimator) – a 5-step method to estimate the overall potential costs of a data breach specific to an organization and how to use this information to calculate an ROI on initiatives that strengthen your privacy and security programs and reduce the probability of a breach. The webinar will also cover risk assessment essentials.
On Saturday 3/24, the Office of Information and Regulatory Affairs (OIRA) at the Office of Management and Budget (OMB) received the much-delayed Department of Health and Human Services (HHS) Office for Civil Rights (OCR) Final Rules that had been bundled together in what was called ”Omnibus Final Rulemaking”. According to the OIRA web site, it was received on Saturday, March 24.