What is Reasonable and Appropriate for Your Specific Environment

These days we deal with resistance and denial towards HIPAA compliance.   There are many reasons given for incomplete or ineffective compliance programs.  We have heard everything from long rambling rants against the government, claims of not applicable to me and plenty of “we don’t have the _____” (fill in: time, money, resources) to explain […]

Read More

Simple HIPAA Checklist – Well Sort of

I am very behind on my blogs lately due to a lot of distractions at work and at home.  I can really relate when a client asks me why I can’t just make a simple HIPAA checklist.  That is what they really need and want because they are just too busy dealing with all the […]

Read More

A Cloud Based EMR Does Not A Compliant Entity Make

Recently, a question came up that involved entities that said they are perfectly fine with HIPAA compliance because they use a cloud based EMR (or EHR) who takes care of all their HIPAA compliance for them. A discussion ensued ending with the question:     This can’t really be true, can it? I suppose someone […]

Read More

Aristotle, Galileo and Newton’s Laws Apply to the Omnibus Final Rule Deadline

Aristotle first started to theorize about the laws of physics including the law of inertia.  Galileo restated Aristotle a bit and added his own twists to the concepts.  When we finally got Newton’s two cents added we got to this scientific statement:  A body will keep its speed and direction so long as no force […]

Read More

The Law Says We Should All Freak Out At The Same Time

In a recent session I conducted on the Omnibus Rule, I was answering questions from the audience. I tend to add humor to my sessions as much as possible. HIPAA isn’t a topic especially worthy of attentiveness on Saturday morning at 9am.  The question was about how do you handle a breach you need to […]

Read More

Got your EHR check? Better have your HIPAA Risk Analysis too.

In a discussion last week I realized I had not written a blog article on this topic. We talk with people about it all the time but somehow it flew under the radar of this blog. Until now, that is. If you have received your EHR Incentive Payments for Meaningful Use Stage 1 then you […]

Read More

Please, Just Do My HIPAA For Me!

So many people are struggling to get caught up on their compliance obligations because they just don’t have the time or resources to deal with it.  We hear this so often I felt it was time to write an article on how we respond to the request.  There are several points we discuss with the […]

Read More

Wellpoint Resolution Provides More Valuable Lessons

I have written before about learning from others mistakes. I know many folks in the small CE and BA world brush off the news of the $1,700,000 Wellpoint Settlement as something that happens only to the big guys. There is so much to learn here, I hope you will take a minute to see why […]

Read More

My Technology Company Says They Aren’t a BA. What do I do?

We have had a rash of these type questions lately.  Personally, I don’t understand why so many technology companies are fighting this concept.  It is really, really hard for anyone to meet the Security Rule requirements without an IT Department or IT Support Company.  In fact, many IT companies are coming to us to help […]

Read More

Do Your BA Due Diligence

Long gone are the days that you pull down a template Business Associate Agreement and everyone just signs it.  BAs may not understand the extent of their obligations under HIPAA.  You need to confirm your agreements plus check what they are really doing to comply. I really don’t recommend blindly using a template agreement to […]

Read More