There is a lot to know about HIPAA but let’s take a look at 6 things that you must know. HIPAA is not optional A lot of practices feel they are exempt from the HIPAA regulations. This may stem from the fact that “small practices” were granted a 1 year extension to comply with the...
Over at Healthcareinfosecurity.com there is an insightful article on the first HIPAA audits. Some highlights of the article include: In the pilot phase, OCR is auditing eight health plans, two claims clearinghouses plus 10 provider organizations, including three hospitals, three physicians’ offices, and a laboratory, a dental office, a nursing/custodial facility and a pharmacy. ...
The Department of Health and Human Service (HHS) has announced that they will perform 150 HIPAA audits by the end of 2012. The chance of you getting audited is very small but what if you open up your mail one day and found a notice that your medical practice has been select to be audited?...
Susan McAndrew, deputy director of The HHS Office of Civil Rights (OCR) gives a very insightful interview to Howard Anderson, Executive Editor, HealthcareInfoSecurity.com. There are a lot of good points and I suggest reading the whole interview. I will point out a few of the highlights. When asked about who will be audited, McAndrew was...
Working with clients over the years, we have come to the conclusion that most people hate HIPAA. There we said it! Fortunately we don’t take it personally because we actually understand why people hate HIPAA. Here are a few valid reasons. HIPAA is confusing HIPAA is boring HIPAA is expensive HIPAA gets in the way...
I had a conversation with a group of physicians a couple weeks ago that shed some interesting light on where patient information resides and how to protect it. Each of the 5 physicians had a smartphone of various manufacturers. Two had iPhones, two had Android phones and one had a Blackberry phone. I asked the...
There is a great post over at Infosec Island regarding a letter that was received from the Office of Civil Rights (OCR) after a data breach that occurred at a small medical practice. The breach was the result of a burglary. No details were given on what was stolen or what kind of patient information...
One of the questions that I get asked a lot is; What does it take to be compliant with the HIPAA Security Rule? And when I start to answer the question, inevitably the person’s eyes glaze over. So to prevent your eyes from glazing over I will give the simple answer: A lot. OK, that...
OCR is serious about enforcement! That is a message that 3 officials from the U.S. Department of Health and Human Services’ Office for Civil Rights made clear as they presented at the 19th National HIPAA Summit. The 3 officials who presented (links below take you to their presentations [PDF] ) were: Susan McAndrew – Deputy Director for...
The following blog was written a year ago but the content is still relevant today. What if organizations looked at HIPAA security as a competitive advantage and not just something that is mandatory and required by the government? In two recent surveys a clear message is being sent. The message is that patients want doctors...
Recent Comments