HIPAAKTR

Episode 36: Know The Rules! Why Security is Important in Healthcare?

  HIPAA has a Security Rule Too! Everyone working in healthcare knows about the privacy side of the Health Insurance Portability and Accountability Act (HIPAA) but there is also a security side too! The Privacy Rule sets the standards for, among other things, who may have access to electronic protected health information (ePHI). While the […]

HIPAAKTR

Episode 35: Know The Rules! 6 Steps to Implementing Your Security Management Process

Before I dive right in to the six-step approach to help YOU implement a security management process, one clarification must be emphasized: The scope of a risk analysis for the Electronic Health Record (EHR) Incentive Programs security requirements is much narrower than the scope of a risk analysis for the HIPAA Security Rule Security Management […]

HIPAA Security Officer

Episode 34: Know The Rules! Who is Your HIPAA Security Officer AND What Do They Do?

HIPAA Security Officer The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires that Covered Entities (CEs) and Business Associates (BAs) designate a specific individual who’s responsible for managing the security of the electronic protected health information (PHI); Administrative Safeguards 45 C.F.R. § 164.308(a)(2). This person will analyze risks, threats and vulnerabilities to PHI […]

HIPAAKTR

Episode 33: Know The Rules! Case Study: Business Associate Breach

Today, I am presenting a case study on the chain of events after a Business Associate breach of electronic protected health information (ePHI). Business Associates (BAs) YOU may be directly liable for violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and Breach Notification Rule as well as certain provisions of the […]

Episode 32: Know The Rules! HIPAA Security Awareness and Training

Covered Entities (CEs) and Business Associates (BAs) are required to secure the electronic protected health information (ePHI) against internal and external security risks and vulnerabilities. That is why the next standard, HIPAA Security Awareness and Training, § 164.308(a)(5), is so important. Workforce education and training plus creating a culture of compliance valuing patients’ privacy are […]