HIPAA Disclosure Documentation

Prior to the establishment of HIPAA Policies and Procedures, no federal regulations existed that required any type of tracking system to account for the release of information.  Now, however, based on the HIPAAprivacy rule, as explained in the Omnibus final rule, covered entities must track protected health information that has been disclosed.  This was instituted to allow an individual to receive an accounting of disclosures for the six years preceding their request.  In order to comply with this regulation, covered entities must have a tracking system in place.

Read More

The HIPAA Omnibus Rule

HIPAA rules and regulations were significantly updated and more clearly defined through the passage of the HIPAA Omnibus Rule, also known as the HIPAA final rule.  The final rule bolsters the privacy and security rules for protected health information established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).

As of January 27, 2013, this overhauled version of the HIPAA compliance laws were put into place, giving the HITECH act more teeth in terms of imposing consequences for failure to comply with HIPAA.  The Omnibus Rule was intended to better protect patient privacy through additional regulations and by implementing audits with associated fines for being found negligent in complying with HIPAA regulations.

Read More

HIPAA, Security, and the Mobile Device

With the inclusion of Biometrics to the IPHONE 5, as seen in this article, http://secureidnews.com/news-item/analysis-biometrics-and-the-iphone/, there are many pros and cons that will affect how to be hipaa compliant.

Awesome that you can use your own identification to open you mobile device but it also comes with organizations and individuals who think this is not such a great thing.

For many years putting sensitive information on your mobile device was a no no, it can be stolen and access easily gained.  That is evident in the rules the Government puts forward like the Health Information Portability and Accountability Act, HIPAA.  A HIPAA Risk assessment requires you to encrypt and safeguard data at rest and in motion, and focus a lot on mobile devices.  So you would think this type of encryption and access would be welcome, well it is in and it isn’t.

Read More

What to Expect When the HIPAA Auditors Arrive?

You think it’s an average, ordinary day and sit back as you go through the mail.  You pull an envelope out of the pile, read the return address and suddenly sit up straight.  You already know the contents of what is inside and your heart rate increases as you carefully slit open the top.  Despite telling yourself you could be wrong as you remove the letter, you discover  you are not.  It is the dreaded OCR audit notification letter.  Cue the panic.

When this letter arrives, there’s no need to hear the theme from “Jaws” in you head.  If you ensure you have made a good faith effort to comply with the HIPAA / HITECH requirements based on the final Omnibus rule, and have documented this as policy mandates, you can breath easier, and when the audit occurs you will not feel as if you are in shark infested waters.

Read More

CMS Meaningful Use Audits are coming are you ready?

CMS has started audits on organizations that have attested to HITECH Meaningful Use and have received funds.  They plan is to audit 5 % percent of the people who have attested for HITECH Meaningful Use core measure 15 and received funding.  Although the initial audit is a “Desk Audit” done electronically where a third party company will be requesting electronic documentation on your attestation, your lack of documentation or performance could lead to them reporting you to HHS as a HIPAA Violator.  If you are found to be negligent you could face fraud enforcement charges if your documentation does not meet the guidelines.  Some sites have been already moved to this process while others have appealed. 

These audits involve the HIPAA Risk Assessment and EHR compliance.  So the question to yourself should be, have you completed a HIPAA Security Risk Assessment (Audit and Remediation) and do you have the ability to regurgitate that information to auditors in the event you are audited or accessed that would include the Gap and Remediation plans, and possibly your HIPAA policy and procedures.

If not prepare be prepared for lawyers, fines and possibly and fraud investigation.

Read More