Archive | April, 2013

HIPAA Information Access Management

This article describes the HIPAA information access management requirements for accessing electronic protected health information. The relevant subsection of the HIPAA law is §164.308(a)(4). Section §164.308 of the Health Insurance Portability and Accountability Act describes the administrative safeguards that a covered entity must employ. This article will explore section §164.308(a)(4), which deals with ensuring that […]

Continue Reading

Why we need better business storytelling

Stories are the creative conversion of life itself into a more powerful, clearer, more meaningful experience. They are the currency of human contact. — Robert McKee Popular throughout history as the primary means of communication, storytelling is getting a lot of attention lately. Seems that everyone is calling for more stories for the business world. […]

Continue Reading

HIPAA – Texas Style – House Bill 300 is Here!

The Texas law House Bill 300 (HB 300) took effect on on September 1, 2012. New health information disclosure rules and penalties apply to HIPAA Covered Entities and Business Associates as well as “any person … who comes into possession of protected health information.” Its expansion of the HIPAA definition of Covered Entities is extraordinary! Other changes include amendements to the “Texas health and safety code” related to compliance with HIPAA and “Texas business and commerce code” related to breaches of PHI. Register for this Webinar to learn how to take a comprehensive approach that considers all regulatory requirements, results in a cohesive remediation plan and demonstrates good faith effort towards compliance with both the Federal and State Privacy, Security and Breach Notification Regulations.

Continue Reading

HIPAA Security Risk Analysis Tips – HHS Mobile Device Guidance

On 12/12/12, in an HHS News Release entitled “New tools to help providers protect patient data in mobile devices”, the U.S. Department of Health and Human Services (HHS) announced a new education initiative and “set of online tools” related to mobile devices such as laptops, tablets, and smartphones. Here’s today’s big tip – There’s Good News and Bad News in this News Release!

Continue Reading

Why the illusion of communication creates confusion

“The single greatest problem in communication is the illusion that it has taken place.” – George Bernard Shaw When I share this quote in keynotes and training, almost the entire audience nods their head and smiles. They signal agreement. Why the illusion? Every day, people say things. The person sharing their brilliance remains confident in their ability […]

Continue Reading

How To Conduct a Bona Fide HIPAA Security Risk Analysis

The deadline for HIPAA Security Rule compliance for Covered Entities (CEs) was April 2005! For Business Associates (BAs), the date was February 2010. Additionally, the federal government unveiled its criteria for the Meaningful Use of electronic health records (EHRs) on July 13. The criteria must be met in order for a hospital or eligible provider (EP) to qualify for reimbursement of the cost of EHR software under the American Recovery and Reinvestment Act of 2009 (ARRA).

Continue Reading

Understanding awareness, training, and development

The key to learning and teaching new skills lies in a three-step advancement: awareness, training, and development. These steps guide learning new skills, including effective communication, how to build better passwords, and even activities like archery and yoga. Understanding this advancement allows us to build better communication. To ease the process of change. It’s a […]

Continue Reading

HIPAA-HITECH 101

With increasing penalties, greater enforcement and a growing set of sources of business risks and sources of liabilities, healthcare organizations and companies that support healthcare organizations must gain a solid understanding of the HIPAA Privacy and Security and HITECH Breach Notification Rules. While it is fairly well known that these rules provide for the privacy and security of Protected Health Information, the details of the laws: who is covered, what is covered, what is required, etc., are not well understood by either healthcare providers, their business associates and subcontractors.

Continue Reading

Why people are not the problem in security

Do not put your faith in what statistics say until you have carefully considered what they do not say.  ~William W. Watt Over the last few years, a series of reports, studies, and endless articles suggest the biggest challenge in security is people. Whether external attackers taking advantage of individuals, insider mistakes or even insider […]

Continue Reading