Here is a quote from one of our IT partners: My client got physically upset at me when I brought up the topic of HIPAA. They didn’t want to discuss it and said it was just another government regulation and they just want to practice medicine. While I was shocked to hear someone actually say...
Centers for Medicare & Medicaid Services (CMS) has proposed extending the use of 2011 certified EHR technology (CEHRT) into 2014. Previously all eligible providers (EPs) were required to use 2014 CEHRT to attest for Meaningful Use in 2014. The table below explains what version and what Meaningful Use objectives EPs can use in 2014 ...
Here is a list of common HIPAA violations that we find while performing a HIPAA Risk Assessment: Using Dropbox to store PHI Everyone loves Dropbox! Dropbox is simple, easy to use and convenient. It makes backing up and sharing data very easy. Unfortunately Dropbox is NOT HIPAA compliant. So use Dropbox for personal use but...
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) levied $1,975,220 in fines on two entities for HIPAA violations. Both entities had breaches related to lost laptops that were not encrypted to protect the patient information. Concentra Health Services (Concentra) was handed down a $1,725,220 for a stolen laptop that...
There is an article over at HealthIT Security that discusses the new Department of Health and Human Services – HHS security risk assessment tool. The article interviews Alisa Chestler a shareholder in the Washington, D.C. office of Baker Donelson. Alisa shares many of the same thoughts I had when I reviewed the tool for the...
When it comes to complying with the HIPAA Security and Omnibus Rules, there is a lot of confusion as to what needs to be done. And if you look at the amount of work it can be overwhelming; security risk assessment, employee training, policies and procedures, business associates, breach notification, encryption, disaster recovery to name...
If anyone doubts that Meaningful Use (MU) audits are occurring, I would like a chance to change their mind. Yesterday 2 potential new clients contacted us with similar stories. Both had received letters from the Centers for Medicare & Medicaid Services (CMS) letting them know that they have been audited for Meaningful Use. One client...
Susan McAndrew, OCR deputy director for health information privacy, said in an interview with Information Security Media Group that the Office of Civil Rights (OCR) will resume its HIPAA compliance audit program. The audit program should resume in the coming months. Hopefully in coming months you’ll see actual activity that will start up on the...
We have been writing about the permanent HIPAA audit program that will be put in place in 2014. Details of the program are starting to be released. The full text can be access by going to: Agency Information Collection Activities; Proposed Collection; Public Comment Request Here are some of the highlights: Number of Organizations A...
Recent Comments