With a number covered entities not even knowing who their business associates are, it is no surprise that there are many of them dealing with the challenge of ensuring that their business associates are HIPAA compliant. Revising existing business associate agreements and getting more Business Associates to sign agreements, are topping the HIPAA Omnibus Rule…
With the OCR not indulging in follow-up questions this time around, healthcare enterprises are deprived of the opportunity of clarifying matters with the auditors. Your policies and procedures therefore need to speak for themselves, and sufficiently demonstrate your compliance levels. Yes, documentation is more important than ever in the Phase 2 of the HIPAA compliance…
Unlike the usual HIPAA audits conducted earlier, round two of the HIPAA audits is to be a limited number of focused “desk audits,” along with a comprehensive on-site audits, performed by none other than the staff of the Department of Health and Human Services’ Office for Civil Rights. The OCR intends to conduct HIPAA compliance…
The Department of Health and Human Services’ Office for Civil Rights has unveiled the new look of its Phase 2 audit program. Highly unlike the previous ones, the Phase 2 audit program will be seeing the OCR conducting audits, concentrating on high-risk areas, eliminating on-site visits, and potentially integrating the audits into OCR’s formal enforcement…
Successfully preparing for and surviving a meaningful use audit sis imperative! And if you thought otherwise, it’s time to think again! Not doing it right can cost you a pretty penny, besides losing your job, like in the case of Detroit Medical Center’s, Chief Medical Information Officer Leland Babitch, MD, whose employment was terminated after…
Skagit County, Washington has agreed to a monetary settlement of $215,000 for potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security and Breach Notification Rules. In addition to this, Skagit County is also to work closely with the Department of Health and Human Services to correct deficiencies in its…
Yet another breach incident puts health information of 168,500 individuals at risk. According to a public notice, Sutherland Healthcare Solutions, a third-party billing vendor reported theft of several unencrypted company computers on 5th of February. The computers were stolen from the Los Angeles County public health and health services departments. Following this report, breach notification…
The HIPAA compliance audit program seems to be all set to resume this year, as the Department of Health and Human Services’ Office for Civil Rights gears up with auditors to examine business associates and covered entities. In the 2014 HIMSS Conference held on February 24, Susan McAndrew, the OCR Deputy Director for Health Information…
While there has been continued emphasis on the need for conducting risk analysis and encrypting data, there are still many providers who are yet to take these calls for action seriously. Here’s another wake-up call to all such entities- Another federal investigation of a relatively small breach at a physician group practice in Massachusetts has…
Patient Health Information (PHI) is as important an asset as any other. Healthcare providers and business associates therefore have to ensure that they protect patient records as they would protect any other significant business asset. David Holtzman, a former senior official at an agency that enforces HIPAA, offered useful insights on safeguarding PHI as a…
