Health & Human Services (HHS) Wall of Shame Covered Entities (CEs) are not alone when it comes to experiencing a healthcare breach. Business Associates (BAs) are at a greater risk by their limited knowledge, understanding, and/or implementation of the HIPAA Security and Breach Notification Rules in their organization. HIPAA Breach Notification Rule The HIPAA Breach […]
What are the HIPAA Security Technical Safeguards? In this week’s “Know The Rules!,” I am diving into the Technical Safeguards of the Health Insurance Portability and Accountability Act (HIPAA) Security Standards, 45 CFR § 164.312. The HIPAA Security Rule Technical Safeguards are increasingly more important due to advancements in technology used in healthcare. The Security […]
Workforce Security – Do You Have It? In this week’s “Know The Rules!,” I am diving into the third standard of the Administrative Safeguards of the Health Insurance Portability and Accountability Act (HIPAA) Security Standards: Workforce Security, 45 CFR § 164.308(a)(3). The Workforce Security section of the Administrative Safeguards, states that Covered Entities (CEs) and […]
In today’s “Know The Rules!” I provide a general understanding of risk analysis and risk management concepts and the HIPAA Security Management Process, the first standard in Administrative Safeguards, to provide you with a simple understanding and approach towards the Health Insurance Portability and Accountability Act (HIPAA) compliance, § 164.308(a)(1). This standard requires Covered Entities […]
In this week’s “Know The Rules!,” I am diving a little deeper into the Policies and Procedures, part of the Administrative, Physical, Technical, and Organizational Safeguards of the Health Insurance Portability and Accountability Act (HIPAA) security standard, 45 CFR § 164.316. The Policies and Procedures standard requires Covered Entities (CEs) and Business Associates (BAs) to […]
In this week’s “Know The Rules!,” I am diving a little deeper into the Organizational Requirements, part of the Administrative, Physical, and Technical Safeguards of the Health Insurance Portability and Accountability Act (HIPAA) security standards, 45 CFR § 164.314. As with all the standards in the HIPAA Security Rule, compliance with the Organizational Requirements standards […]
What to look for in a Business Associate Agreement? The HIPAA Privacy, Security, and Breach Notification Rule require Covered Entities and Business Associates (BAs) to obtain a signed Business Associate Agreement (BAA) from each BA, and their subcontractors, to ensure appropriate safeguards are implemented to protect Protected Health Information (PHI) and electronic PHI (ePHI). […]
Contingency Planning, Yes You Need It!! The purpose of contingency planning is to establish strategies for recovering access to electronic protected health information (ePHI). In the event an organization experiences an emergency or other incident, such as power outages and/or disruption of critical business operations, any lost or damaged ePHI must be recovered and/or restored. […]
Offshoring Medical Records – Why You Should Care? Your Medical Records Could Be in India, Pakistan, and/or the Philippines! Why is it important that medical records remain with a workforce located in the United States? The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules exist to protect your “individually identifiable health information” […]
These days more and more mobile devices and Internet of Things (IoT) type devices are being used by healthcare professionals to assist in patient care. These devices are more powerful and hold more information than ever before and pose greater risks to the security of your organization. Covered Entities (CEs) and Business Associates (BAs), who […]