Archive | February, 2013

HIPAA Audit Tips – It’s Not About The Audits!

The HITECH Act mandated Audits are simply one new “arrow” in DHHS/OCR enforcement quiver. It’s not about even just about enforcement. It’s simply about keeping very personal and intimate health information private. And, to do so, organizations need to become and remain compliant with the HIPAA Privacy and Security and HITECH Breach Notification Rules. Here’s today’s big tip – It’s Not About The Audits! Learn why…

Continue Reading

HIPAA Security Risk Analysis Help – CMS Meaningful Use Audits Have Started

CMS Contractor Has Begun Meaningful Use Audits

In a post this past week, Ober | Kaler, Attorneys at Law posted Health Law Alert Newsletter entitled “FIGLOIOZZI AND COMPANY BEGIN MEANINGFUL USE AUDITS AS CMS DESIGNEE”. We recently wrote a post entitled “HIPAA Security Risk Analysis Tips – MU Attesters, Watch Your Flank“. As a Meaningful Use Attester, you’re approaching the intersection of the “Electronic Health Record Incentive Program; Final Rule” and the “HIPAA Security Final Rule”. Proceed with Caution! OCR is actively auditing for overall HIPAA compliance and Risk Analysis is a focus area.

Continue Reading

HIPAA Audit Tips – OCR Audit Protocol – Risk Analysis

In case the HHS / OCR Final Guidance on Risk Analysis published in July 2010 and the May 2012 ONC Guide to Privacy and Security of Health Information were not enough to clarify the importance of and how to actually conduct a bona fide HIPAA Security Risk Analysis, the recently published OCR HIPAA HITECH audit protocols provide further insight into what is expected. Here’s today’s big tip – Get Down On Risk Analysis Implementation Specification (at 45 CFR 164.398(a)(1)(ii)(A)) Audit Protocols…

Continue Reading

Guided Tour of the Clearwater HIPAA Privacy and Breach Notification Assessment™ Software

Did you know that privacy-violation complaints to Health and Human Services have increased more than 40% since HITECH was enacted in 2009, and may reach 12,000 in 2012? The complaints are preventable with the proper controls in place. Find out how the Clearwater HIPAA Privacy and Breach Notification Assessment™ software shows you where the gaps are in your compliance program, such as impermissible uses and disclosures of protected health information (PHI), lack of safeguards for PHI and disclosing more than the necessary minimum of PHI. Learn exactly where you stand with the HIPAA Privacy Rule in this complimentary, informative Webinar. Don’t get caught on the HHS Wall of Shame! Register for this live demonstration today.

Continue Reading

HIPAA Security Risk Analysis Tips – Open Letter to VITO

Open Letter to VITO (Very Important Top Official)

Dear VITO,

We get it! At VITO, Inc. you come to work every day with very important business issues on your mind including: growing top-line revenues, serving your customers/patients/members, ensuring your customer-market facing staff are effective and efficient, fixing or reducing costs, etc…. Once in a while, risk management. Here’s today’s big tip, VITO – Your Revenues, Assets and Reputation Are at Risk; Learn What to Do About It!

Continue Reading

HIPAA Security Risk Analysis Tips – NIST SP800-30 – MU Attesters, Watch Your Flank nist sp 800 30

As my friend and fellow HIPAA Audit Prep BootCamp™ faculty member, Jim Pyles, Esq., poses: Did you really think the government was going to hand out $30B in Meaningful Use (MU) Incentives without checking on the meaningful use part? The HIPAA Security Risk Analysis requirement (at 45 CFR 164.308(a)(1)(ii)(A)) is MU Core Objective 14 and 15 for eligible hospitals and eligible providers. CMS announced its intention to audit up to 10% of the organizations attesting to MU and receiving incentive money. In a recent Guide to Privacy and Security of Healthcare Information, ONC connected the dots between failure to perform a risk analysis AND the False Claims Act. Oh yes, don’t forget about the HITECH-mandated audits focusing on Risk Analysis and the HHS/OCR Settlement Agreements highlighting failures to perform risk analyses.

Continue Reading

HIPAA Security Risk Analysis Tips – Get ‘er Done!

You would think the requirement to complete a bona fide HIPAA Security Risk Analysis was a news flash and, the way some executives are behaving, a request for their first-born child. The HIPAA Security Risk Analysis requirement (at 45 CFR 164.308(a)(1)(ii)(A) has existed since April 14, 2003. This foundational requirement for any good information security program is being cited weekly, if not daily, in government guidance and publications and HHS Resolution Agreements/Corrective Action Plans. An explicit Risk Analysis audit procedure has been published as well. Here’s today’s big tip – Catch up on the latest citations to complete a real HIPAA Security Risk Analysis.

Continue Reading

HIPAA Audit Tips – OCR HIPAA Audit program – Access Control

In a post last week (HIPAA Audit Tips – OCR Audit Protocol – First Thoughts), we provided some initial thoughts on the OCR audit protocols for the HIPAA Security and Privacy and HITECH Breach Notification Rules. We will continue to discuss these 77 Security and 88 Privacy/Breach protocols in this series, in our upcoming live webinars and in our HIPAA Audit Prep BootCamp™ series. Here’s today’s big tip – Check out the emphasis on 45 CFR 164.312(a)(1) Access Control Standard…

Continue Reading

HIPAA Audit Tips – OCR Audit Protocol – First Thoughts

OCR has published the audit protocols for the HIPAA Security and Privacy and HITECH Breach Notification Rules. Our analysis is underway as we incorporate these OCR audit elements into our HIPAA Security Assessment SaaS solution and other assessment tools. Here’s today’s big tip – Learn the protocols and the emphasis on 45 CFR 164.308(a)(8) Evaluation Standard…

Continue Reading

HIPAA and HITECH January 2013 eNewsletter Published

Clearwater Compliance has published the January 2013 eNewsletter, which includes several complimentary tools and resources to learn more about HIPAA and HITECH compliance. Read about recent HIPAA and HITECH stories in the news and check out all the resources that Clearwater Compliance offers to help you become and remain HIPAA and HITECH Compliant. This month’s issue focuses on facts and figures related to the HIPAA Privacy Rule. You can also read our archived HIPAA and HITECH eNewsletters. For the latest news and information about HIPAA and HITECH, subscribe to our eNewsletter today!

Continue Reading