The HITECH Act mandated Audits are simply one new “arrow” in DHHS/OCR enforcement quiver. It’s not about even just about enforcement. It’s simply about keeping very personal and intimate health information private. And, to do so, organizations need to become and remain compliant with the HIPAA Privacy and Security and HITECH Breach Notification Rules. Here’s today’s big tip – It’s Not About The Audits! Learn why…
Archive | February, 2013
CMS Contractor Has Begun Meaningful Use Audits
In a post this past week, Ober | Kaler, Attorneys at Law posted Health Law Alert Newsletter entitled “FIGLOIOZZI AND COMPANY BEGIN MEANINGFUL USE AUDITS AS CMS DESIGNEE”. We recently wrote a post entitled “HIPAA Security Risk Analysis Tips – MU Attesters, Watch Your Flank“. As a Meaningful Use Attester, you’re approaching the intersection of the “Electronic Health Record Incentive Program; Final Rule” and the “HIPAA Security Final Rule”. Proceed with Caution! OCR is actively auditing for overall HIPAA compliance and Risk Analysis is a focus area.
In case the HHS / OCR Final Guidance on Risk Analysis published in July 2010 and the May 2012 ONC Guide to Privacy and Security of Health Information were not enough to clarify the importance of and how to actually conduct a bona fide HIPAA Security Risk Analysis, the recently published OCR HIPAA HITECH audit protocols provide further insight into what is expected. Here’s today’s big tip – Get Down On Risk Analysis Implementation Specification (at 45 CFR 164.398(a)(1)(ii)(A)) Audit Protocols…
Did you know that privacy-violation complaints to Health and Human Services have increased more than 40% since HITECH was enacted in 2009, and may reach 12,000 in 2012? The complaints are preventable with the proper controls in place. Find out how the Clearwater HIPAA Privacy and Breach Notification Assessment™ software shows you where the gaps are in your compliance program, such as impermissible uses and disclosures of protected health information (PHI), lack of safeguards for PHI and disclosing more than the necessary minimum of PHI. Learn exactly where you stand with the HIPAA Privacy Rule in this complimentary, informative Webinar. Don’t get caught on the HHS Wall of Shame! Register for this live demonstration today.
Open Letter to VITO (Very Important Top Official)
We get it! At VITO, Inc. you come to work every day with very important business issues on your mind including: growing top-line revenues, serving your customers/patients/members, ensuring your customer-market facing staff are effective and efficient, fixing or reducing costs, etc…. Once in a while, risk management. Here’s today’s big tip, VITO – Your Revenues, Assets and Reputation Are at Risk; Learn What to Do About It!
As my friend and fellow HIPAA Audit Prep BootCamp™ faculty member, Jim Pyles, Esq., poses: Did you really think the government was going to hand out $30B in Meaningful Use (MU) Incentives without checking on the meaningful use part? The HIPAA Security Risk Analysis requirement (at 45 CFR 164.308(a)(1)(ii)(A)) is MU Core Objective 14 and 15 for eligible hospitals and eligible providers. CMS announced its intention to audit up to 10% of the organizations attesting to MU and receiving incentive money. In a recent Guide to Privacy and Security of Healthcare Information, ONC connected the dots between failure to perform a risk analysis AND the False Claims Act. Oh yes, don’t forget about the HITECH-mandated audits focusing on Risk Analysis and the HHS/OCR Settlement Agreements highlighting failures to perform risk analyses.
You would think the requirement to complete a bona fide HIPAA Security Risk Analysis was a news flash and, the way some executives are behaving, a request for their first-born child. The HIPAA Security Risk Analysis requirement (at 45 CFR 164.308(a)(1)(ii)(A) has existed since April 14, 2003. This foundational requirement for any good information security program is being cited weekly, if not daily, in government guidance and publications and HHS Resolution Agreements/Corrective Action Plans. An explicit Risk Analysis audit procedure has been published as well. Here’s today’s big tip – Catch up on the latest citations to complete a real HIPAA Security Risk Analysis.
In a post last week (HIPAA Audit Tips – OCR Audit Protocol – First Thoughts), we provided some initial thoughts on the OCR audit protocols for the HIPAA Security and Privacy and HITECH Breach Notification Rules. We will continue to discuss these 77 Security and 88 Privacy/Breach protocols in this series, in our upcoming live webinars and in our HIPAA Audit Prep BootCamp™ series. Here’s today’s big tip – Check out the emphasis on 45 CFR 164.312(a)(1) Access Control Standard…
OCR has published the audit protocols for the HIPAA Security and Privacy and HITECH Breach Notification Rules. Our analysis is underway as we incorporate these OCR audit elements into our HIPAA Security Assessment SaaS solution and other assessment tools. Here’s today’s big tip – Learn the protocols and the emphasis on 45 CFR 164.308(a)(8) Evaluation Standard…
Clearwater Compliance has published the January 2013 eNewsletter, which includes several complimentary tools and resources to learn more about HIPAA and HITECH compliance. Read about recent HIPAA and HITECH stories in the news and check out all the resources that Clearwater Compliance offers to help you become and remain HIPAA and HITECH Compliant. This month’s issue focuses on facts and figures related to the HIPAA Privacy Rule. You can also read our archived HIPAA and HITECH eNewsletters. For the latest news and information about HIPAA and HITECH, subscribe to our eNewsletter today!