Blog Archives

A Cloud Based EMR Does Not A Compliant Entity Make

Recently, a question came up that involved entities that said they are perfectly fine with HIPAA compliance because they use a cloud based EMR (or EHR) who takes care of all their HIPAA compliance for them. A discussion ensued ending with the question:     This can’t really be true, can it? I suppose someone […]

Read More

Aristotle, Galileo and Newton’s Laws Apply to the Omnibus Final Rule Deadline

Aristotle first started to theorize about the laws of physics including the law of inertia.  Galileo restated Aristotle a bit and added his own twists to the concepts.  When we finally got Newton’s two cents added we got to this scientific statement:  A body will keep its speed and direction so long as no force […]

Read More

Please, Just Do My HIPAA For Me!

So many people are struggling to get caught up on their compliance obligations because they just don’t have the time or resources to deal with it.  We hear this so often I felt it was time to write an article on how we respond to the request.  There are several points we discuss with the […]

Read More

Wellpoint Resolution Provides More Valuable Lessons

I have written before about learning from others mistakes. I know many folks in the small CE and BA world brush off the news of the $1,700,000 Wellpoint Settlement as something that happens only to the big guys. There is so much to learn here, I hope you will take a minute to see why […]

Read More

My Technology Company Says They Aren’t a BA. What do I do?

We have had a rash of these type questions lately.  Personally, I don’t understand why so many technology companies are fighting this concept.  It is really, really hard for anyone to meet the Security Rule requirements without an IT Department or IT Support Company.  In fact, many IT companies are coming to us to help […]

Read More

Do Your BA Due Diligence

Long gone are the days that you pull down a template Business Associate Agreement and everyone just signs it.  BAs may not understand the extent of their obligations under HIPAA.  You need to confirm your agreements plus check what they are really doing to comply. I really don’t recommend blindly using a template agreement to […]

Read More

Encryption is the Key to HIPAA’s Security Rule Heart

So you’ve heard the presentations, classes and consultants tell you that you should encrypt everything.  Encryption is also a security rule standard that is listed as addressable, not required.  Let’s talk about what all that means. You must address encryption as part of your HIPAA security plan and documentation.  You don’t have to have encryption up and running […]

Read More

Why should you worry about patient’s privacy?

In a recent conversation at a MGMA conference an administrator said he hadn’t decided about HIPAA yet.  “He might just risk it. ” While I wasn’t seriously shocked by the comment, I felt serious concern for their patients. Sure, everyone has to decide what they are going to do concerning their obligation to comply.  There […]

Read More

Business Associates: Step up Now to Protect your Covered Entities

The definition of a Business Associates (BAs) changed under HIPAA 2.0 to broaden the scope of who is considered a BA as well as exactly what a BA is obligated to do for compliance.  While the changes seem obvious and not too complicated to implement according to those writing the Omnibus Final Rule, the rest […]

Read More

Plan of Attack for HIPAA 2.0

Where do you get started with all these changes? It is important to understand that HIPAA 2.0 compliance means more than just having an annual training session and a book of policies on the shelf.  HIPAA 2.0 means regular training in all areas of your business and documentation of everything including regular reviews of your […]

Read More