Blog Archives

The fines are coming! The fines are coming!

To borrow from Longfellow’s poem: Listen my children and you shall hear Of the midnight ride of Paul Revere, In this case, it isn’t a midnight ride but a late afternoon speech by Jerome B. Meites, a chief regional civil rights counsel at HHS, in Chicago.  Historians say Revere never uttered the famous phrase and neither […]

Read More

HIPAA Documentation AKA Telling Your Compliance Story

The way you tell any story is with pictures and words.  Documentation is a required element of HIPAA regulations that allows you to tell your compliance story.  I mentioned how important documentation is in the Plan of Attack for HIPAA 2.0 article.  What should your documentation include and how do you manage it? The Security […]

Read More

How do you know who is a HIPAA Business Associate?

One of the first processes we go through for HIPAA Compliance is to identify all Business Associates (BAs).  That has to be done for CEs and BAs alike.  The Final Rule has changed the status and viewpoints for many CEs and BAs. We have addressed a lot of questions on the topic lately.  Now seemed […]

Read More

Jimi Hendrix and HHS Resolutions

A famous Jimi Hendrix quote goes: I’ve been imitated so well I’ve heard people copy my mistakes. Aspiring guitarists work hard to imitate Hendrix to this day.  His music is well documented and played daily around the world.  If you want to make a name for yourself duplicate him, even his mistakes. What does that have […]

Read More

HIPAA Audits: Coming Soon to an Office Near You

The OCR is reviewing the results of the 2012 pilot audits.  They have published the Audit Program Protocol so you know what to expect when they come for you. In Director Rodriguez’s interview with HealthcareInfoSecurity, he made some important points to note concerning the audits. Audits will begin in late 2013 or certainly by 2014 […]

Read More

HIPAA Security Rule Step #1: Perform a Risk Analysis

In a recent discussion with a practice administrator, I discovered a pretty important misconception about what should really be included in a proper HIPAA Risk Analysis.  Not that the administrator was doing anything wrong but the understanding of what is a Risk Analysis was missing some very important parts. The HIPAA Security Rule requires CEs […]

Read More

Plan of Attack for HIPAA 2.0

Where do you get started with all these changes? It is important to understand that HIPAA 2.0 compliance means more than just having an annual training session and a book of policies on the shelf.  HIPAA 2.0 means regular training in all areas of your business and documentation of everything including regular reviews of your […]

Read More

Omnibus Final Rule Quick Overview

There is a lot of information to cover in the details of the Final Rule. This article only contains a list of bullet points.  All changes in the 2013 Omnibus Rule are not guaranteed to be included in this list. Each entity should make sure they review all aspects of the Rule with their business […]

Read More
Source: HHS Office for Civil Rights

Small Providers and Business Associates – The Numbers

This blog focuses on Small Providers and Business Associates because they need help getting the compliance requirements under control and documented properly.  The data included in the Final Rule along with recent presentations by the Office for Civil Rights providing a first analysis of the 2012 HIPAA Audits give the numbers that tell us the […]

Read More

What is HIPAA and Why do we need it?

The medical information a patient shares with any healthcare provider should be private information. HIPAA is the formal way to assure patients a provider takes the commitment to protect their medical information seriously. Healthcare providers make three commitments to their patients to give that assurance. Commit to respect the privacy of all healthcare information and […]

Read More