HIPAA was a big scary thing in 2003 and it turned out to be nothing but a waste of my time and money. Don’t try to scare me with that again. I hear it often enough to feel pretty sure it is a belief many hold and only some voice. Whether people say it outwardly or...
I get asked this question almost every day. So, I decided to devise a scoring system to help you estimate how long it will take to get compliant. Answer these questions and tally up your score. Keep in mind you can never consider yourself 100% compliant. The only...
So you’ve heard the presentations, classes and consultants tell you that you should encrypt everything. Encryption is also a security rule standard that is listed as addressable, not required. Let’s talk about what all that means. You must address encryption as part...
The way you tell any story is with pictures and words. Documentation is a required element of HIPAA regulations that allows you to tell your compliance story. I mentioned how important documentation is in the Plan of Attack for HIPAA 2.0 article. What should your...
In a recent conversation at a MGMA conference an administrator said he hadn’t decided about HIPAA yet. “He might just risk it. ” While I wasn’t seriously shocked by the comment, I felt serious concern for their patients. Sure, everyone has to decide what they are...
Almost every industry has guidelines that must be followed which makes the phrase “culture of compliance” a pretty common one. HIPAA is best managed when it is built into a culture of compliance just like the others. What does that mean and how do you create it in...
One of the first processes we go through for HIPAA Compliance is to identify all Business Associates (BAs). That has to be done for CEs and BAs alike. The Final Rule has changed the status and viewpoints for many CEs and BAs. We have addressed a lot of questions on...
A major shift under the 2013 Final Rule involves how a CE or BA determines how serious a breach is and what notifications are required based on that determination. Of course, it helps to have some idea of what a HIPAA Breach is before you can think about the...
A famous Jimi Hendrix quote goes: I’ve been imitated so well I’ve heard people copy my mistakes. Aspiring guitarists work hard to imitate Hendrix to this day. His music is well documented and played daily around the world. If you want to make a name for yourself...
The OCR is reviewing the results of the 2012 pilot audits. They have published the Audit Program Protocol so you know what to expect when they come for you. In Director Rodriguez’s interview with HealthcareInfoSecurity, he made some important points to note...