"Based on reinvigoration of the HIPAA Audit Program and signals from OCR, it appears that 2014 will be the year of heightened OCR enforcement." OCR lacks insight into HIPAA security rule compliance, Epstein Becker Green, Alaap B. Shah
Posted January 9, 2014 by Jack Anderson
First there was HIPAA, then HITECH, now Omnibus, what is a business associate supposed to do? Well since 60% of business associates surveyed had never heard of the Omnibus Rule get educated is critical.
Posted December 17, 2013 by Jack Anderson
The reasons an organization can't be "Certified HIPAA Compliant" are two fold; HHS has given no one authority to certify, and HIPAA compliance is an on-going, evolving process. A recent article from Scott & Scott LLP entitled "The challenges of compliance" encapsulates this nicely.
Posted November 20, 2013 by Jack Anderson
An employee of a covered entity was sentenced to 37 months in jail for violating HIPAA. regulations. In this case it was fraud since the employee was selling the patient records but in another famous case at UCLA it was caused by an employee "peeking" at famous patient's records.
Posted November 15, 2013 by Jack Anderson
OIG has stated that if a CE failed to perform even one measure of Meaningful Use they would have to return the stimulus funds and might be audited to determine if there was fraud. A Florida firm just had to pay back $31 million for falsely attesting to compliance.
Posted November 11, 2013 by Jack Anderson
AvMed paid a $3 million dollar class action settlement which is on top of any HIPAA penalties and costs. Penny wise pound foolish is an adage that applies to HIPAA compliance. Spend thousands to save millions.
Posted November 8, 2013 by Jack Anderson
What Next with HIPAA Omnibus? David Finn of Symantec on Top Compliance Challenges "It's going to be imperative that covered entities monitor and know what the business associates are doing, but they're not going to realistically be able to do that themselves."
Posted November 4, 2013 by Jack Anderson
Getting business associates HIPAA compliant in as little as 8 days requires technology, methodology and sound advice. Our partner, Rebecca Herold, CISSP, CIPP/US, CIPP/IT, CISM, CISA, FLMI, www.theprivacyprofessor.com was rated the number 3 privacy and security consultant in the world by Computerworld..
Posted October 28, 2013 by Jack Anderson
Disruptive innovation can provide low cost and efficient methods for HIPAA HITECH and Omnibus Rule compliance. The old model involved sending a consultant to the client with a policy and procedure manual under their arm but with SaaS or the cloud model we can send the consultant and the content over the Internet with interactive software.
Posted October 25, 2013 by Jack Anderson
HIPAA compliance software for business associates is different from HIPAA compliance software for covered entities. The difference is the need for on-going proof of compliance to satisfy their covered entities.
Posted October 21, 2013 by Jack Anderson