In this week’s Know The Rules! I present a case study on what happens when you don’t perform your Business Associates Due Diligence. Do you know the expression … What you don’t know WILL hurt you!! That is what Advanced Care Hospitalists (ACH), a contractor physician group in West Florida, found …
Third-Party Vendors Size Doesn’t Matter That’s right folks – if you are a healthcare third-party vendor size doesn’t matter when it comes to HIPAA compliance. Healthcare third-party vendors that create, receive, maintain, and/or transmit protected health information is required by law to comply with the regulations. Did You Know? A healthcare third-party vendor, referred to by the Department …
What if your Business Associates Had A Security Incident? Covered Entities (CEs) believe it’s impossible to determine whether the policies and procedures of their Business Associates (BAs) are adequate to respond effectively to a security incident. To complicate matters, more believe their Business Associates would NOT notify them in the event of a security incident. …
Business Associate Healthcare Data Breaches In “Episode 63: Know The Rules!”, I reported what I thought were all of the healthcare data breaches reported on the Health & Human Services (HHS) Office of Civil Rights (OCR) Breach Portal website by Business Associates (BAs) in 2018. This is what I reported last week: The year 2018 …
2018 Third-Party Healthcare Data Breaches – Update Read More »
HIPAA Privacy Rule Minimum Necessary In this week’s “Know The Rules!,” I am discussing the Privacy Rule minimum necessary standard, [45 CFR 164.502(b), 164.514(d)]. Minimum necessary applies: When using or disclosing protected health information (PHI) or when requesting PHI from another Covered Entity (CE) or Business Associate (BA), a CE or BA must make reasonable …
When it comes to healthcare, what does Minimum Necessary mean? Read More »
How To Spot Phishing In this week’s “Know The Rules!,” I present different methods Covered Entities (CEs) and Business Associates (BAs) can use to detect and avoid phishing attacks. Spam & Phishing on Social Networks Spam, phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites, like Facebook, WhatsApp, …
HIPAA Audit Controls and Audit Logs Today I am breaking down the one of the Technical Safeguard standards, Audit Controls, 45 § 164.312(b), into byte-size portions to help you understand how it is significant to your organization. Audit Logs are The HIPAA Security Rule provision on requires regulated entities to: Implement hardware, software, and/or procedural mechanisms that record and …
Get to Know the HIPAA Notice of Privacy Practices The first time you see a healthcare provider or dentist, (known as a Covered Entity), or check in to a hospital or change health insurance coverage, you will likely be asked to read and sign several different forms. One of those forms, called the Notice of Privacy Practices (NPP). …
Get to Know the HIPAA Notice of Privacy Practices Read More »
Today, I am presenting a case study of what happens when a Covered Entity (CE) and a pharmaceutical company collude to violate the Federal Anti-Kickback Statute and the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Healthcare has a Federal Anti-kickback Statute (AKS), 42 U.S.C. § 1320a-7b(b), that makes it illegal for providers to …
Do I need my HIPAA Security Plan Evaluated? It is important for Covered Entities (CEs) and Business Associates (BAs) to know if their security plans and procedures continue to adequately protect their electronic protected health information (ePHI). To accomplish this, CEs and BAs must implement and monitor your Evaluation Plan. CEs and BAs must periodically …