Blog Archives

Frankenhand!

Just after the first of the year, I had surgery on my right hand. I have spent the weeks since then adapting to not having full use of that hand for several months as it heals. That is definitely a challenge for someone who is fiercely right-handed. Most of my friends saw the incision that runs from palm […]

Read More

Sue for HIPAA Negligence? No way. Way!

Takeaways: HIPAA keeps getting more important to the business for CEs and BAs but who is going to have to learn the hard way for your office to take note? The Connecticut case of Emily Byrne vs. Avery Center for Obstetrics and Gynecology involves a patient who sued a healthcare clinic that released her medical records […]

Read More

Breach Is Gonna Get You!

Gamblers spend years and fortunes trying to “beat the odds” often to no avail.  They know they are taking a major risk but they are looking for the big payoff.   If you are a numbers person, you boil things down to statistics or dollars and cents.  Those numbers help you make decisions based on […]

Read More

Please, Just Do My HIPAA For Me!

So many people are struggling to get caught up on their compliance obligations because they just don’t have the time or resources to deal with it.  We hear this so often I felt it was time to write an article on how we respond to the request.  There are several points we discuss with the […]

Read More

My Technology Company Says They Aren’t a BA. What do I do?

We have had a rash of these type questions lately.  Personally, I don’t understand why so many technology companies are fighting this concept.  It is really, really hard for anyone to meet the Security Rule requirements without an IT Department or IT Support Company.  In fact, many IT companies are coming to us to help […]

Read More

How do you know who is a HIPAA Business Associate?

One of the first processes we go through for HIPAA Compliance is to identify all Business Associates (BAs).  That has to be done for CEs and BAs alike.  The Final Rule has changed the status and viewpoints for many CEs and BAs. We have addressed a lot of questions on the topic lately.  Now seemed […]

Read More

HIPAA Audits: Coming Soon to an Office Near You

The OCR is reviewing the results of the 2012 pilot audits.  They have published the Audit Program Protocol so you know what to expect when they come for you. In Director Rodriguez’s interview with HealthcareInfoSecurity, he made some important points to note concerning the audits. Audits will begin in late 2013 or certainly by 2014 […]

Read More

Privacy Rule under HIPAA 2.0: Is it easier to just start over?

Changes to the Privacy Rule under the Omnibus Ruling require ALL CEs update and distribute their Notice of Privacy Practices (NPP).  There is no option, it is stated specifically.  A review of the changes makes it obvious why updates must be done, though. The original HIPAA Privacy Rule was written in 1996.  Science and technology […]

Read More

Plan of Attack for HIPAA 2.0

Where do you get started with all these changes? It is important to understand that HIPAA 2.0 compliance means more than just having an annual training session and a book of policies on the shelf.  HIPAA 2.0 means regular training in all areas of your business and documentation of everything including regular reviews of your […]

Read More

Omnibus Final Rule Quick Overview

There is a lot of information to cover in the details of the Final Rule. This article only contains a list of bullet points.  All changes in the 2013 Omnibus Rule are not guaranteed to be included in this list. Each entity should make sure they review all aspects of the Rule with their business […]

Read More