Kardon Blog
Security & Privacy News
Keeping you informed and enlightened.
What is Reasonable and Appropriate for Your Specific Environment
These days we deal with resistance and denial towards HIPAA compliance. There are many reasons given for incomplete or ineffective compliance programs. We have heard everything from long rambling rants against the government, claims of not applicable to me and...
Simple HIPAA Checklist – Well Sort of
A Cloud Based EMR Does Not A Compliant Entity Make
Recently, a question came up that involved entities that said they are perfectly fine with HIPAA compliance because they use a cloud based EMR (or EHR) who takes care of all their HIPAA compliance for them. A discussion ensued ending with the question: This can’t...
Aristotle, Galileo and Newton’s Laws Apply to the Omnibus Final Rule Deadline
Aristotle first started to theorize about the laws of physics including the law of inertia. Galileo restated Aristotle a bit and added his own twists to the concepts. When we finally got Newton’s two cents added we got to this scientific statement: A body will keep...
The Law Says We Should All Freak Out At The Same Time
In a recent session I conducted on the Omnibus Rule, I was answering questions from the audience. I tend to add humor to my sessions as much as possible. HIPAA isn’t a topic especially worthy of attentiveness on Saturday morning at 9am. The question was about how do...
Got your EHR check? Better have your HIPAA Risk Analysis too.
In a discussion last week I realized I had not written a blog article on this topic. We talk with people about it all the time but somehow it flew under the radar of this blog. Until now, that is. If you have received your EHR Incentive Payments for Meaningful Use...
Please, Just Do My HIPAA For Me!
Wellpoint Resolution Provides More Valuable Lessons
I have written before about learning from others mistakes. I know many folks in the small CE and BA world brush off the news of the $1,700,000 Wellpoint Settlement as something that happens only to the big guys. There is so much to learn here, I hope you will take a...
My Technology Company Says They Aren’t a BA. What do I do?
We have had a rash of these type questions lately. Personally, I don’t understand why so many technology companies are fighting this concept. It is really, really hard for anyone to meet the Security Rule requirements without an IT Department or IT Support Company....
Do Your BA Due Diligence
Long gone are the days that you pull down a template Business Associate Agreement and everyone just signs it. BAs may not understand the extent of their obligations under HIPAA. You need to confirm your agreements plus check what they are really doing to comply. I...
Seriously, HIPAA Enforcement Really is Changing
HIPAA was a big scary thing in 2003 and it turned out to be nothing but a waste of my time and money. Don’t try to scare me with that again. I hear it often enough to feel pretty sure it is a belief many hold and only some voice. Whether people say it outwardly or...
How long will it take to get HIPAA compliant?
I get asked this question almost every day. So, I decided to devise a scoring system to help you estimate how long it will take to get compliant. Answer these questions and tally up your score. Keep in mind you can never consider yourself 100% compliant. The only...
No Better Time to Get Started
Privacy and security programs require persistent care and monitoring. There will never be a better time to get started.