HIPAA Security Rule Step #1: Perform a Risk Analysis

In a recent discussion with a practice administrator, I discovered a pretty important misconception about what should really be included in a proper HIPAA Risk Analysis.  Not that the administrator was doing anything wrong but the understanding of what is a Risk Analysis was missing some very important parts. The HIPAA Security Rule requires CEs […]

Read More

Privacy Rule under HIPAA 2.0: Is it easier to just start over?

Changes to the Privacy Rule under the Omnibus Ruling require ALL CEs update and distribute their Notice of Privacy Practices (NPP).  There is no option, it is stated specifically.  A review of the changes makes it obvious why updates must be done, though. The original HIPAA Privacy Rule was written in 1996.  Science and technology […]

Read More

Business Associates: Step up Now to Protect your Covered Entities

The definition of a Business Associates (BAs) changed under HIPAA 2.0 to broaden the scope of who is considered a BA as well as exactly what a BA is obligated to do for compliance.  While the changes seem obvious and not too complicated to implement according to those writing the Omnibus Final Rule, the rest […]

Read More

Plan of Attack for HIPAA 2.0

Where do you get started with all these changes? It is important to understand that HIPAA 2.0 compliance means more than just having an annual training session and a book of policies on the shelf.  HIPAA 2.0 means regular training in all areas of your business and documentation of everything including regular reviews of your […]

Read More

Omnibus Final Rule Quick Overview

There is a lot of information to cover in the details of the Final Rule. This article only contains a list of bullet points.  All changes in the 2013 Omnibus Rule are not guaranteed to be included in this list. Each entity should make sure they review all aspects of the Rule with their business […]

Read More
Source: HHS Office for Civil Rights

Small Providers and Business Associates – The Numbers

This blog focuses on Small Providers and Business Associates because they need help getting the compliance requirements under control and documented properly.  The data included in the Final Rule along with recent presentations by the Office for Civil Rights providing a first analysis of the 2012 HIPAA Audits give the numbers that tell us the […]

Read More

What is HIPAA and Why do we need it?

The medical information a patient shares with any healthcare provider should be private information. HIPAA is the formal way to assure patients a provider takes the commitment to protect their medical information seriously. Healthcare providers make three commitments to their patients to give that assurance. Commit to respect the privacy of all healthcare information and […]

Read More