Do Your BA Due Diligence

Long gone are the days that you pull down a template Business Associate Agreement and everyone just signs it.  BAs may not understand the extent of their obligations under HIPAA.  You need to confirm your agreements plus check what they are really doing to comply. I...

Encryption is the Key to HIPAA’s Security Rule Heart

So you’ve heard the presentations, classes and consultants tell you that you should encrypt everything.  Encryption is also a security rule standard that is listed as addressable, not required.  Let’s talk about what all that means. You must address encryption as part...

Why should you worry about patient’s privacy?

In a recent conversation at a MGMA conference an administrator said he hadn’t decided about HIPAA yet.  “He might just risk it. ” While I wasn’t seriously shocked by the comment, I felt serious concern for their patients. Sure, everyone has to decide what they are...

Plan of Attack for HIPAA 2.0

Where do you get started with all these changes? It is important to understand that HIPAA 2.0 compliance means more than just having an annual training session and a book of policies on the shelf.  HIPAA 2.0 means regular training in all areas of your business and...