Compliance News - page 19 | Compliance Helper

The HIPAA Seal vs The Compliance Meter(tm)

"Obtaining a seal is a “place in time” controls assessment. Material changes to the environment would trigger another audit, as a 3rd party cannot attest to effective controls if an entity changes them. To compensate, material changes need to coincide with audit review cycles, which may not align with business objectives." The Compliance Meter displays the current level of HIPAA compliance in four key areas; policies, procedures, and forms up to date, and HIPAA compliance tasks up to date.

Finish Reading…

Posted August 13, 2013 by Jack Anderson

HIPAA Haggling with Business Associates Hospital CISO Describes Resistance on Omnibus Requirements by Marianne Kolbasuk McGee

HIPAA Haggling with Business Associates, Hospital CISO Describes Resistance on Omnibus Requirements by Marianne Kolbasuk McGee, HealthcareinfoSecurity Business Associates still in denial about meeting the new HIPAA requirements embodied in the Omnibus Rule.

Finish Reading…

Posted August 2, 2013 by Jack Anderson

Are You a Business Associate? Decision Tree

The question of whether an entity is a business associate under HIPAA HITECH has become a hot topic in healthcare. Here is an excellent decision tree to decide, provided by WEDI: http://www.wedi.org/forms/uploadFiles/35FE7000000DC.filename.7.26\_BA-Decision-Tree\_V2.pdf

Finish Reading…

Posted July 31, 2013 by Jack Anderson

Tick, tock: less than 60 days to comply with HIPAA/HITECH updates Poyner Spruill LLP Tara N. Cho and Elizabeth H. Johnson

Tick, tock: less than 60 days to comply with HIPAA/HITECH updates, Poyner Spruill LLP,Tara N. Cho and Elizabeth H. Johnson

Finish Reading…

Posted July 30, 2013 by Jack Anderson

Are your HIPAA privacy policies up to date? Ogletree Deakins Stephanie Smithey

Are your HIPAA privacy policies up to date? Ogletree Deakins, Stephanie Smithey "If you provide medical, dental, vision, wellness, employee assistance benefits, or if you sponsor a health reimbursement arrangement or a health flexible spending account plan, your HIPAA privacy compliance is likely out of date and should be reviewed immediately in light of the Omnibus Regulations."

Finish Reading…

Posted July 25, 2013 by Jack Anderson

"Sixty days to HIPAA - HITECH: eight actions items to address now. 8, Establish Vendor Management Program"

"Sixty days to HIPAA - HITECH: eight actions items to address now, Nelson Mullins Riley & Scarborough LLP, Barry D. Alexander, Jason I. Epstein , Cynthia Bankhead Hutto, Eli A. Poliakoff, David F. Katz and Alexis Slagle Gilroy. Action Item Number 8, Establish Vendor Management Program..

Finish Reading…

Posted July 24, 2013 by Jack Anderson

Are Compliant BAAs the Same as Compliant BAs?

"Two months until the Omnibus Final Rule deadline: are your business associate agreements compliant?" McGuireWoods LLP, Kimberly J. Kannensohn, Nathan A. Kottkamp and Holly Carnell. My question would be are your business associates HIPAA HITECH compliant?

Finish Reading…

Posted July 22, 2013 by Jack Anderson

Business Associate (BA) HIPAA Breach gets Wellpoint $1.4 Million Fine

" Whether systems upgrades are conducted by covered entities or their business associates, HHS expects organizations to have in place reasonable and appropriate technical, administrative and physical safeguards to protect the confidentiality, integrity and availability of electronic protected health information – especially information that is accessible over the Internet." OS OCR PrivacyList, OCR (HHS/OS)

Finish Reading…

Posted July 12, 2013 by Jack Anderson

Covered Entities Responsible Vicariously for HIPAA Violations by Their Business Associates

"It is important for covered entities to ensure that their business associate agreements are updated, and that business associates are adhering to the new requirements as the Final Rule makes clear that covered entities may be held liable vicariously for violations by business associates acting as agents." Sherman & Howard LLC

Finish Reading…

Posted July 3, 2013 by Jack Anderson

Business Associate (BA) Causes 188,000 HIPAA Patient Data Breach

"Officials announced July 1 that the HIPAA breach, which resulted in clients receiving personal and private documents belonging to other clients, occurred after FSSA contractor RCR Technology Corporation made a computer programming error to a document management system the company supports for FSSA. This error caused documents being sent to clients to be duplicated and also inserted with documents sent to other client

Finish Reading…

Posted July 2, 2013 by Jack Anderson