The OCR is reviewing the results of the 2012 pilot audits. They have published the Audit Program Protocol so you know what to expect when they come for you. In Director Rodriguez’s interview with HealthcareInfoSecurity, he made some important points to note concerning the audits. Audits will begin in late 2013 or certainly by 2014 […]
Read More
In a recent discussion with a practice administrator, I discovered a pretty important misconception about what should really be included in a proper HIPAA Risk Analysis. Not that the administrator was doing anything wrong but the understanding of what is a Risk Analysis was missing some very important parts. The HIPAA Security Rule requires CEs […]
Read More
Changes to the Privacy Rule under the Omnibus Ruling require ALL CEs update and distribute their Notice of Privacy Practices (NPP). There is no option, it is stated specifically. A review of the changes makes it obvious why updates must be done, though. The original HIPAA Privacy Rule was written in 1996. Science and technology […]
Read More
The definition of a Business Associates (BAs) changed under HIPAA 2.0 to broaden the scope of who is considered a BA as well as exactly what a BA is obligated to do for compliance. While the changes seem obvious and not too complicated to implement according to those writing the Omnibus Final Rule, the rest […]
Read More
Where do you get started with all these changes? It is important to understand that HIPAA 2.0 compliance means more than just having an annual training session and a book of policies on the shelf. HIPAA 2.0 means regular training in all areas of your business and documentation of everything including regular reviews of your […]
Read More
There is a lot of information to cover in the details of the Final Rule. This article only contains a list of bullet points. All changes in the 2013 Omnibus Rule are not guaranteed to be included in this list. Each entity should make sure they review all aspects of the Rule with their business […]
Read More
This blog focuses on Small Providers and Business Associates because they need help getting the compliance requirements under control and documented properly. The data included in the Final Rule along with recent presentations by the Office for Civil Rights providing a first analysis of the 2012 HIPAA Audits give the numbers that tell us the […]
Read More
The medical information a patient shares with any healthcare provider should be private information. HIPAA is the formal way to assure patients a provider takes the commitment to protect their medical information seriously. Healthcare providers make three commitments to their patients to give that assurance. Commit to respect the privacy of all healthcare information and […]
Read More
Protected by WebARX