The post What is HIPAA Compliance? appeared first on HIPAA Compliance Org.
HIPAA
How MSP HIPAA Compliance Has Changed During COVID-19
The post How MSP HIPAA Compliance Has Changed During COVID-19 appeared first on HIPAA Compliance Org.
General Data Protection Regulation (GDPR) Compliance
HIPAA Journal published an article online this week regarding General Data Protection Regulation (GDPR) Compliance. Their article states that the goal of their short piece is to provide a checklist for companies or businesses who are concerned with GDPR compliance. Their list should permit such entities to take initial steps in order to comply with GDPR and to note that it is not intended to be a comprehensive guide, more so a few “rules of thumb” to take into account in order to get started.
For more information and to view the full article visit HIPAA Journal’s website here.
For daily HIPPA News visit our HIPAA News sidebar at https://hipaanews.net.
If you would like to receive an email update every time HIPAA news posts a blog, sign up on our website at https://hipaanews.net or follow us on Facebook at https://www.facebook.com/hipaanews.
Doc Vader on ER Misuse
Here is another clip of Doc Vader doing what he does best, putting a smile on your face. This time discussing the misuse of the ER. Click the video below to watch!
For daily HIPPA News visit our HIPAA News sidebar at https://hipaanews.net
If you would like to receive an email update every time HIPAA news posts a blog, sign up on our website at https://hipaanews.net
HIPAA Privacy Complaints
HIPAA Journal published an article online this week addressing client HIPAA violation complaints and whether or not health care providers are equipped to properly address these complaints. According to the article, in order for an efficient response to be conducted, policies should be developed covering the complaints procedure and staff must be trained to handle HIPAA privacy complaints correctly. Also, patients must also be clearly informed how they can make a HIPAA privacy complaint if they feel that their privacy has been violated or HIPAA Rules have been breached. This should be clearly stated in your Notice of Privacy Practices.
For more information and to view the full article visit HIPAA Journal’s website here.
For daily HIPPA News visit our HIPAA News sidebar at https://hipaanews.net.
If you would like to receive an email update every time HIPAA news posts a blog, sign up on our website at https://hipaanews.net or follow us on Facebook at https://www.facebook.com/hipaanews.
2017 is Raising the Bar for Annual HIPAA Breaches
This week MSPmentor published an article online regarding the current pace of HIPAA breaches potentially doubling that of 2016. According to the article, the 66 percent increase – thus far – is driven by a sharp rise in the number of incidents designated as “Hacking/IT Incident,” which were up 82 percent, to 104 in 2017. The second most common cause for a HIPAA breach this year was unauthorized access or disclosure, which totaled 69 cases. An MSPmentor review of records maintained by the U.S. Department of Health and Human Services Office of Civil Rights (OCR) suggests hackers are stepping up attacks against healthcare targets, which hold the holy grail of data: Detailed medical information.
For the full article visit MSPmentor’s website here.
For daily HIPPA News visit our HIPAA News sidebar at https://hipaanews.net.
If you would like to receive an email update every time HIPAA news posts a blog, sign up on our website at https://hipaanews.net or follow us on Facebook at https://www.facebook.com/hipaanews.
Ensuring Availability of HIPAA During Natural Disasters
This week Mondaq published an article online regarding the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reminded health care providers of the importance of ensuring the availability and security of health information during and after natural disasters.
According to the article, OCR recently published a bulletin during Hurricane Harvey discussing how the HIPAA Privacy Rule applies to sharing protected health information (PHI) during natural disasters. Recirculated while Irma was looming, the guidance document reminds health care providers that HHS may waive sanctions and penalties against a covered hospital for certain activities (e.g., obtaining a patient’s agreement before speaking with family or friends involved in the patient’s care) during an emergency. However, the waiver is limited to certain hospitals located within an emergency area and for a specific period of time. More importantly, OCR noted in the bulletin that the Privacy Rule still applies to covered entities and their business associates during such emergencies, but the Privacy Rule does allow the disclosure of PHI without the patient’s consent for the patient’s treatment or public health activities. Covered entities may also share PHI with a patient’s family or friends identified by the patient as being involved in their care, but OCR recommends that the covered entities obtain verbal permission or otherwise confirm that the patient does not object to sharing the information with these individuals.
For the full article visit Mondaq’s website here.
For daily HIPPA News visit our HIPAA News sidebar at https://hipaanews.net
If you would like to receive an email update every time HIPAA news posts a blog, sign up on our website at https://hipaanews.net or follow us on Facebook at https://www.facebook.com/hipaanews
Gmail, Google Apps for Business HIPAA Business Associate Agreements
The Health Insurance Portability and Accountability of Act demands that all HIPAA covered businesses prevent unauthorized access to “Protected Health Information” or PHI. PHI includes patients’ names, addresses, and all information pertaining to the patients’ health and payment records. According to the Department of Health and Human Services, “HIPAA Rules apply to covered entities and business associates.” Complete compliance with HIPAA guidelines requires implementation of basic and advanced security measures. Basic security includes benchmark-based password creation and use, personnel education and training, limited access to PHI, data encryption, use of firewalls, antivirus software, and digital signatures. With increasing adoption of electronic medical records and cloud-based software-as-service (SaaS), advanced security measures are necessary. Google’s Business Associate Agreement, introduced in September 2013, offers HIPAA compliant online services for covered entities.
Online Security: Google’s Business Associate Agreement
Many healthcare businesses use Google Business Apps. Google Business Apps are cloud-based software-as-service (SaaS) where small businesses have access to a suite of Google services such as Gmail, Google Calendar, Docs, Drive (storage), Apps etc. Google uses Ernst and Young third party evaluated and ISO 27001 certified encryption and authentication. But despite these foundational precautions, not all components of GBA have a level of security necessary for HIPAA compliance.
Enter Google’s Business Associate Agreement (BAA). Google’s Business Associate Agreement provides an additional layer of online safety by offering HIPAA compliant security for users of Google Apps Vault, Gmail, Google Calendar, and Google Drive. Businesses that opt for this agreement are precluded from using any of the other services in the Google Business Apps package (such as Google Docs, Hangouts, Marketplace, websites, etc), under the domain registered with and covered by Google’s Business Associate Agreement. Google’s BAA guidelines state “Customers who have not entered into a BAA with Google must not use Google services in connection with PHI.” The agreement requires that HIPAA covered businesses sign up for a Google Apps for Business Administrator account.
Training Reduces Human Errors
In addition to having the best online security, complete compliance requires implementation of solid procedures and policies, which includes training for staff members to prevent human errors. The Privacy and Security Rules require that healthcare businesses educate and train workers regarding policies and procedures for HIPAA compliance. Training requires experience and specialized knowledge that even the most advanced healthcare executive may not have.
When evaluating HIPAA training services, make sure the company you choose provides a complete HIPAA training package and is knowledgeable about online security strategies. Training should be affordable, but also useful in other ways. For example, HIPAA training that offers CME and CEU credits is a good way to maintain compliance with HIPAA law while helping your employees maintain valuable credentials.
The post Gmail, Google Apps for Business HIPAA Business Associate Agreements appeared first on HIPAA.com.
Gmail, Google Apps for Business HIPAA Business Associate Agreements
The Health Insurance Portability and Accountability of Act demands that all HIPAA covered businesses prevent unauthorized access to “Protected Health Information” or PHI. PHI includes patients’ names, addresses, and all information pertaining to the patients’ health and payment records. According to the Department of Health and Human Services, “HIPAA Rules apply to covered entities and business associates.” Complete compliance with HIPAA guidelines requires implementation of basic and advanced security measures. Basic security includes benchmark-based password creation and use, personnel education and training, limited access to PHI, data encryption, use of firewalls, antivirus software, and digital signatures. With increasing adoption of electronic medical records and cloud-based software-as-service (SaaS), advanced security measures are necessary. Google’s Business Associate Agreement, introduced in September 2013, offers HIPAA compliant online services for covered entities.
Online Security: Google’s Business Associate Agreement
Many healthcare businesses use Google Business Apps. Google Business Apps are cloud-based software-as-service (SaaS) where small businesses have access to a suite of Google services such as Gmail, Google Calendar, Docs, Drive (storage), Apps etc. Google uses Ernst and Young third party evaluated and ISO 27001 certified encryption and authentication. But despite these foundational precautions, not all components of GBA have a level of security necessary for HIPAA compliance.
Enter Google’s Business Associate Agreement (BAA). Google’s Business Associate Agreement provides an additional layer of online safety by offering HIPAA compliant security for users of Google Apps Vault, Gmail, Google Calendar, and Google Drive. Businesses that opt for this agreement are precluded from using any of the other services in the Google Business Apps package (such as Google Docs, Hangouts, Marketplace, websites, etc), under the domain registered with and covered by Google’s Business Associate Agreement. Google’s BAA guidelines state “Customers who have not entered into a BAA with Google must not use Google services in connection with PHI.” The agreement requires that HIPAA covered businesses sign up for a Google Apps for Business Administrator account.
Training Reduces Human Errors
In addition to having the best online security, complete compliance requires implementation of solid procedures and policies, which includes training for staff members to prevent human errors. The Privacy and Security Rules require that healthcare businesses educate and train workers regarding policies and procedures for HIPAA compliance. Training requires experience and specialized knowledge that even the most advanced healthcare executive may not have.
When evaluating HIPAA training services, make sure the company you choose provides a complete HIPAA training package and is knowledgeable about online security strategies. Training should be affordable, but also useful in other ways. For example, HIPAA training that offers CME and CEU credits is a good way to maintain compliance with HIPAA law while helping your employees maintain valuable credentials.
The post Gmail, Google Apps for Business HIPAA Business Associate Agreements appeared first on HIPAA.com.