Combining sophisticated Internet tools with experienced consultants can deliver a HIPAA risk assessment based on the NIST protocol quickly and at a reasonable cost. "Automated HIPAA Risk Assessment " Thu, Jun 9, 2016 12:00 PM - 1:00 PM PDT 1. Click the link to join the webinar at the specified time and date: https://global.gotowebinar.com/eojoin/8852590702394920194/4062226347872620034
Posted May 25, 2016 by Jack Anderson
An orthopedic clinic failed to get a BA agreement before sharing PHI with a business associate and got a $750,000 fine. Jocelyn Samuels, director of OCR, said in the statement. "It is critical for entities to know to whom they are handing PHI and to obtain assurances that the information will be protected."
Posted April 25, 2016 by Jack Anderson
A recent article in Health IT Security made the point that crminal control of PHI is a HIPAA breach and that in ramsomware that occurs. Here is the full article: http://healthitsecurity.com/news/why-healthcare-ransomware-attacks-are-hipaa-data-breaches
Posted April 20, 2016 by Jack Anderson
If you were lucky enough to not receive one, here is the questionnaire that is going out to all potential audit winners. http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/questionnaire/index.html
Posted April 6, 2016 by Jack Anderson
Just getting your business associates to sign a BA agreement is not enough. You need "satisfactory assurances" such as documented HIPAA security awareness training, to protect you.
Posted April 5, 2016 by Jack Anderson
Demonstrating progress is the key to HIPAA compliance. Periodic HIPAA risk assessments that meet the NIST protocol are the proof.
Posted March 10, 2016 by Jack Anderson
Figliozzi has just started desk audits in the Midwest for covered entities who received meaningful use funds. 25% of providers audited for MU compliance in the past have failed. A frequent cause is lack of an updated risk assessment meeting HHS standards.
Posted March 8, 2016 by Jack Anderson
OCR Director, Jocelyn Samuels, reinforced the need for an enterprise-wide assessment when she stated, “[a]ll too often we see covered entities with a limited risk analysis that focuses on a specific system such as the electronic medical record or that fails to provide appropriate oversight and accountability for all parts of the enterprise.”
Posted March 7, 2016 by Jack Anderson
To get HIPAA compliant in three days and prove it, you need; a risk assessment, updated policies, and documented staff training, which can be done with the investment of a few hundred dollars and a few hours over three days.
Posted March 3, 2016 by Jack Anderson
If a covered entity is audited, their business associates will be included in the audit, and if the business associate fails, so does the covered entity.
Posted February 17, 2016 by Jack Anderson