Seriously, HIPAA Enforcement Really is Changing

HIPAA was a big scary thing in 2003 and it turned out to be nothing but a waste of my time and money.  Don’t try to scare me with that again. I hear it often enough to feel pretty sure it is a belief many hold and only some voice.  Whether people say it outwardly […]

Read More

How long will it take to get HIPAA compliant?

I get asked this question almost every day.  So, I decided to devise a scoring system to help you estimate how long it will take to get compliant.  Answer these questions and tally up your score.  Keep in mind you can never consider yourself 100% compliant.  The only thing you shoot for is to be […]

Read More

Encryption is the Key to HIPAA’s Security Rule Heart

So you’ve heard the presentations, classes and consultants tell you that you should encrypt everything.  Encryption is also a security rule standard that is listed as addressable, not required.  Let’s talk about what all that means. You must address encryption as part of your HIPAA security plan and documentation.  You don’t have to have encryption up and running […]

Read More

HIPAA Documentation AKA Telling Your Compliance Story

The way you tell any story is with pictures and words.  Documentation is a required element of HIPAA regulations that allows you to tell your compliance story.  I mentioned how important documentation is in the Plan of Attack for HIPAA 2.0 article.  What should your documentation include and how do you manage it? The Security […]

Read More

Why should you worry about patient’s privacy?

In a recent conversation at a MGMA conference an administrator said he hadn’t decided about HIPAA yet.  “He might just risk it. ” While I wasn’t seriously shocked by the comment, I felt serious concern for their patients. Sure, everyone has to decide what they are going to do concerning their obligation to comply.  There […]

Read More

How do you create a culture of HIPAA compliance?

Almost every industry has guidelines that must be followed which makes the phrase “culture of compliance” a pretty common one.  HIPAA is best managed when it is built into a culture of compliance just like the others.  What does that mean and how do you create it in your business? A culture of compliance is […]

Read More

How do you know who is a HIPAA Business Associate?

One of the first processes we go through for HIPAA Compliance is to identify all Business Associates (BAs).  That has to be done for CEs and BAs alike.  The Final Rule has changed the status and viewpoints for many CEs and BAs. We have addressed a lot of questions on the topic lately.  Now seemed […]

Read More

Assuming Harm: The New 2013 Breach Rule Standard

A major shift under the 2013 Final Rule involves how a CE or BA determines how serious a breach is and what notifications are required based on that determination.  Of course, it helps to have some idea of what a HIPAA Breach is before you can think about the assessment of it. In the most […]

Read More

Jimi Hendrix and HHS Resolutions

A famous Jimi Hendrix quote goes: I’ve been imitated so well I’ve heard people copy my mistakes. Aspiring guitarists work hard to imitate Hendrix to this day.  His music is well documented and played daily around the world.  If you want to make a name for yourself duplicate him, even his mistakes. What does that have […]

Read More

HIPAA Audits: Coming Soon to an Office Near You

The OCR is reviewing the results of the 2012 pilot audits.  They have published the Audit Program Protocol so you know what to expect when they come for you. In Director Rodriguez’s interview with HealthcareInfoSecurity, he made some important points to note concerning the audits. Audits will begin in late 2013 or certainly by 2014 […]

Read More