Blog Archives

Frankenhand!

Just after the first of the year, I had surgery on my right hand. I have spent the weeks since then adapting to not having full use of that hand for several months as it heals. That is definitely a challenge for someone who is fiercely right-handed. Most of my friends saw the incision that runs from palm […]

Read More

A Cloud Based EMR Does Not A Compliant Entity Make

Recently, a question came up that involved entities that said they are perfectly fine with HIPAA compliance because they use a cloud based EMR (or EHR) who takes care of all their HIPAA compliance for them. A discussion ensued ending with the question:     This can’t really be true, can it? I suppose someone […]

Read More

Aristotle, Galileo and Newton’s Laws Apply to the Omnibus Final Rule Deadline

Aristotle first started to theorize about the laws of physics including the law of inertia.  Galileo restated Aristotle a bit and added his own twists to the concepts.  When we finally got Newton’s two cents added we got to this scientific statement:  A body will keep its speed and direction so long as no force […]

Read More

My Technology Company Says They Aren’t a BA. What do I do?

We have had a rash of these type questions lately.  Personally, I don’t understand why so many technology companies are fighting this concept.  It is really, really hard for anyone to meet the Security Rule requirements without an IT Department or IT Support Company.  In fact, many IT companies are coming to us to help […]

Read More

Seriously, HIPAA Enforcement Really is Changing

HIPAA was a big scary thing in 2003 and it turned out to be nothing but a waste of my time and money.  Don’t try to scare me with that again. I hear it often enough to feel pretty sure it is a belief many hold and only some voice.  Whether people say it outwardly […]

Read More

Why should you worry about patient’s privacy?

In a recent conversation at a MGMA conference an administrator said he hadn’t decided about HIPAA yet.  “He might just risk it. ” While I wasn’t seriously shocked by the comment, I felt serious concern for their patients. Sure, everyone has to decide what they are going to do concerning their obligation to comply.  There […]

Read More

How do you know who is a HIPAA Business Associate?

One of the first processes we go through for HIPAA Compliance is to identify all Business Associates (BAs).  That has to be done for CEs and BAs alike.  The Final Rule has changed the status and viewpoints for many CEs and BAs. We have addressed a lot of questions on the topic lately.  Now seemed […]

Read More

HIPAA Audits: Coming Soon to an Office Near You

The OCR is reviewing the results of the 2012 pilot audits.  They have published the Audit Program Protocol so you know what to expect when they come for you. In Director Rodriguez’s interview with HealthcareInfoSecurity, he made some important points to note concerning the audits. Audits will begin in late 2013 or certainly by 2014 […]

Read More

HIPAA Security Rule Step #1: Perform a Risk Analysis

In a recent discussion with a practice administrator, I discovered a pretty important misconception about what should really be included in a proper HIPAA Risk Analysis.  Not that the administrator was doing anything wrong but the understanding of what is a Risk Analysis was missing some very important parts. The HIPAA Security Rule requires CEs […]

Read More

Omnibus Final Rule Quick Overview

There is a lot of information to cover in the details of the Final Rule. This article only contains a list of bullet points.  All changes in the 2013 Omnibus Rule are not guaranteed to be included in this list. Each entity should make sure they review all aspects of the Rule with their business […]

Read More