HIPAA

Five Steps to HIPAA Security Compliance

Posted by HIPAA.com Staff
The health insurance portability and accountability act has set various guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing and sharing any electronic medical data to keep patient data secure . Lack of compliance to the HIPAA security standards could lead to large fines and in extreme cases even loss of medical licenses. Several steps can be followed by medical practices to ensure compliance to HIPAA standards. These steps include:
Run a complete risk assessment of the medical practice
Some medical practices adopted electronic health recording systems before there were clear guidelines on what these systems should contain. This means that a medical practice could be using electronic systems which are not compliant with HIPAA standards. To ensure HIPAA compliance a risk assessment should be done on the current systems using HIPAA standards and guidelines to highlight areas in which compliance is not enforced. A risk assessment against HIPAA guidelines exposes areas in which changes are needed.
Prepare for disaster before it occurs
All the data handled by a medical practice should be safe both from loss and corruption. One of the main ways of ensuring that data is not lost in case of any mishaps is backing up of medical data regularly. Data should be backed up in an offsite location such that in case of incidents such as fires in the medical premises the data backup is not destroyed, as well. Antivirus programs should also be installed in all computers to ensure that data is not corrupted or destroyed by computer viruses.
Have an ongoing employee training program
Any system is only as strong as its weakest link and in most cases untrained employees are the weakest links in medical practices. A medical practice could have a very secure encryption system, but if the employees don’t use their passwords to securely access records and files the encryption system is rendered useless, and anyone can gain access to these records. Medical practices should continually train their staff on how to follow the right security protocols to ensure data integrity and security.
Buy medical products with security compliance and compatibility in mind
New equipment bought for a medical institution should be compatible with existing systems and should offer enough security features. Some medical equipment may offer enough security features but may be incompatible with existing systems or vice versa. Thus before making any major purchases enough review of the product should be done to ensure both security and compatibility.
Collaborate with affected parties
Changes which need to be made to bring about HIPAA compliance affect many people in the medical practice. Affected departments should be consulted when making changes to ensure all parties affected by the changes are happy with the changes.

The Health Insurance Portability and Accountability Act has set various guidelines, which should be adhered to by anyone who handles any electronic medical data. These guidelines stipulate that all medical practices must ensure that all necessary measures are in place while saving, accessing and sharing any electronic medical data to keep patient data secure . Lack of compliance to the HIPAA security standards could lead to large fines and in extreme cases even loss of medical licenses. Several steps can be followed by medical practices to ensure compliance to HIPAA standards. These steps include:

Run a complete risk assessment of the medical practice
Some medical practices adopted electronic health recording systems before there were clear guidelines on what these systems should contain. This means that a medical practice could be using electronic systems which are not compliant with HIPAA standards. To ensure HIPAA compliance a risk assessment should be done on the current systems using HIPAA standards and guidelines to highlight areas in which compliance is not enforced. A risk assessment against HIPAA guidelines exposes areas in which changes are needed.

Prepare for disaster before it occurs
All the data handled by a medical practice should be safe both from loss and corruption. One of the main ways of ensuring that data is not lost in case of any mishaps is backing up of medical data regularly. Data should be backed up in an offsite location such that in case of incidents such as fires in the medical premises the data backup is not destroyed, as well. Antivirus programs should also be installed in all computers to ensure that data is not corrupted or destroyed by computer viruses.

Have an ongoing employee training program
Any system is only as strong as its weakest link and in most cases untrained employees are the weakest links in medical practices. A medical practice could have a very secure encryption system, but if the employees don’t use their passwords to securely access records and files the encryption system is rendered useless, and anyone can gain access to these records. Medical practices should continually train their staff on how to follow the right security protocols to ensure data integrity and security.

Buy medical products with security compliance and compatibility in mind
New equipment bought for a medical institution should be compatible with existing systems and should offer enough security features. Some medical equipment may offer enough security features but may be incompatible with existing systems or vice-versa. Thus before making any major purchases enough review of the product should be done to ensure both security and compatibility.

Collaborate with affected parties
Changes which need to be made to bring about HIPAA compliance affect many people in the medical practice. Affected departments should be consulted when making changes to ensure all parties affected by the changes are happy with the changes.

The post Five Steps to HIPAA Security Compliance appeared first on HIPAA.com.

Don’t Overthink HIPAA Privacy Rules

Posted by user

Ever since HIPAA Privacy Rules became finalized law in 2003, many healthcare practices have been anxious and fearful of penalties should they interpret the law incorrectly and be out of compliance. Non-compliance fines can be hefty, so it is understandable why many providers practice with apprehension.

HIPAA rules have brought a needed awareness for patient privacy, but at the same time much of the law is hazy with areas often needing legal interpretation.  According to Ronald B. Sterling, MBA, a health technology consultant, “A lot of people overthink HIPAA and take it to extremes.” (1)  When the law is unclear and healthcare professionals are worried about self-protection, staff members tend to go overboard when interpreting the rules.  And the office philosophy becomes if we want to be safe and stay compliant, we can’t tell anyone anything!  Hospitals also have this mindset created by overzealous risk managers and lawyers. The doctors with privileges at these institutions take this viewpoint back to their practice as the safe hospital-endorsed thing to do.

Interpretation errors, even when on side of caution, aren’t necessarily good for the patients and can actually infringe upon their rights.  And, the “don’t tell anyone anything” concept is keeping information from people who need and deserve to be informed.

Medcape reported that at a congressional subcommittee hearing on HIPAA last April, Carol Levine from the United Hospital Fund testified that when she took her sister to the emergency room with severe abdominal pain, even though her sister asked her to stay with her in the room, a triage nurse said, “You can’t come with her.  It’s a HIPAA rule.”  When her sister replied, “But I want her with me,” the nurse responded, “no way.” (1) Congressman Tim Murphy also testified at that hearing and spoke of provider anxiety by saying, “Fearful of new penalties for violating HIPAA, doctors and nurses were refusing to even talk about a patient’s illness with caretakers, all of whom were [professional] caretakers, spouses, siblings, or those managing the affairs of their elderly parent.” (1)

These are examples of how incorrect versions of this law can actually work against the people it was designed to protect, the patients.  Withholding information does not protect anyone and is a violation of the patient’s rights.  There are numerous resources available to help healthcare professionals understand this law.  While some questions can be answered quickly by accessing the U.S. Department of Health and Human Service’s website, the best protection comes from thorough HIPAA training. (2)

Sources:
1. www.medscape.com/viewarticle/810648 (requires registration)
2. www.hhs.gov/ocr/privacy/hipaa/

Dentists: Don’t Forget HIPAA Compliance

Posted by HIPAA.com Staff
Since the inception of HIPAA in 1996, its broad implications have affected all areas of health care including dentistry. And, if asked, most dentists and their staff would say they know what the HIPAA regulations are, and yes, they have been trained, but are they really up to date with HIPAA’s ever expanding changes and compliance requirements?  Are they trained in the areas of HIPAA Security, Privacy, Enforcement and Breach Notification Rules and do they know that they must be in compliance with the 2013 HIPAA Omnibus Final Rule by September 23, 2013?
Compared to the ever-growing size of medical practices today, most dental offices are still rather small with just one to five dentists practicing together, and maintaining compliance is not easy for a small office. It requires a continual effort on the part of the dentist and the office staff. This commitment of time, people and resources is sometimes where the process hits a wall. Many dental offices did their initial training when the Privacy Rules were enacted but have not kept current with training, and often the HIPAA protocols that they put in place have fallen by the wayside. This is especially true in offices with a limited number of employees and frequent staff turnover.
Almost all dental practices submit their claims electronically to insurance companies, which subjects them to the HIPAA regulations in regards to electronic claims submission. But, are these offices following through with the certification requirements to safeguard and protect electronic patient information, and is there a written risk assessment?
Most offices are much more familiar with the HIPAA Privacy Rule. But, without the benefit of refresher training and instruction for new staff, these offices may not be fully adhering to the HIPAA privacy conditions.
The American Dental Association does offer resources and online webinars for dental offices to help them educate their staff and remain compliant with HIPAA laws. But, there are also many other online training programs, such as HIPAA School that are ideal for the small dental office…and besides providing a good solid base of instruction, they help offices stay on track with their HIPAA programs.
Dentists who realize the importance of training their staff regularly and making sure new hires are immediately well-informed and proficient in HIPAA law are much less likely to have any reported complaints or fail an audit. HIPAA training is crucial, not just because the office could be substantially fined if not in compliance, but because it is essential to protecting their patient’s private health information.

Since the inception of HIPAA in 1996, its broad implications have affected all areas of health care including dentistry. And, if asked, most dentists and their staff would say they know what the HIPAA regulations are, and yes, they have been trained, but are they really up to date with HIPAA’s ever expanding changes and compliance requirements?  Are they trained in the areas of HIPAA Security, Privacy, Enforcement and Breach Notification Rules and do they know that they must be in compliance with the 2013 HIPAA Omnibus Final Rule by September 23, 2013?

Compared to the ever-growing size of medical practices today, most dental offices are still rather small with just one to five dentists practicing together, and maintaining compliance is not easy for a small office. It requires a continual effort on the part of the dentist and the office staff. This commitment of time, people and resources is sometimes where the process hits a wall. Many dental offices did their initial training when the Privacy Rules were enacted but have not kept current with training, and often the HIPAA protocols that they put in place have fallen by the wayside. This is especially true in offices with a limited number of employees and frequent staff turnover.

Almost all dental practices submit their claims electronically to insurance companies, which subjects them to the HIPAA regulations in regards to electronic claims submission. But, are these offices following through with the certification requirements to safeguard and protect electronic patient information, and is there a written risk assessment?

Most offices are much more familiar with the HIPAA Privacy Rule. But, without the benefit of refresher training and instruction for new staff, these offices may not be fully adhering to the HIPAA privacy conditions.

The American Dental Association does offer resources and online webinars for dental offices to help them educate their staff and remain compliant with HIPAA laws. But, there are also many other online HIPAA training programs that are ideal for the small dental office…and besides providing a good solid base of instruction, they help offices stay on track with their HIPAA programs.

Dentists who realize the importance of training their staff regularly and making sure new hires are immediately well-informed and proficient in HIPAA law are much less likely to have any reported complaints or fail an audit. HIPAA training is crucial, not just because the office could be substantially fined if not in compliance, but because it is essential to protecting their patient’s private health information.

The post Dentists: Don’t Forget HIPAA Compliance appeared first on HIPAA.com.

Celebrate Earth Day 2011 with eco-friendly digital HIPAA reference materials

Posted by admin

Here are the top 5 highest rated HIPAA books on Amazon that are available in earth-friendly digital Kindle format.  We thought it would be good to celebrate Earth Day by sharing these with you, and encouraging everyone who hasn’t gone paperless yet to consider doing so. Note that in most cases, buying the book in Kindle format is cheaper than buying the same book in print form. Handy tip for saving money, or justifying the cost of a Kindle if you don’t already have one!

#1: Practical Guide to HIPAA Privacy and Security Compliance

Practical Guide to HIPAA Privacy and Security Compliance

496 pages

Description:

This book is a one-stop resource for HIPAA privacy and security advice that can immediately be applied to any organization’s unique situation. It defines what HIPAA is, what it requires, and what can be done to achieve and maintain compliance. It describes the HIPAA Privacy and Security Rules and compliance tasks in easy-to-understand language, focusing not on technical jargon, but on what organizations need to do to meet requirements. Anyone preparing an organization for HIPAA laws will receive expert guidance on requirements and other commonly-discussed topics. The book enables organizations determine how HIPAA will impact them, regardless of whether they are a HIPAA Covered Entity.

#2: PKI Security Solutions for the Enterprise: Solving HIPAA, E-Paper Act, and Other Compliance Issues

PKI Security Solutions for the Enterprise: Solving HIPAA, E-Paper Act, and Other Compliance Issues

336 pages

Description:

  • Outlines cost-effective, bottom-line solutions that show how companies can protect transactions over the Internet using PKI
  • First book to explain how PKI (Public Key Infrastructure) is used by companies to comply with the HIPAA (Health Insurance Portability and Accountability Act) rules mandated by the U.S. Department of Labor, Health, and Human Services
  • Illustrates how to use PKI for important business solutions with the help of detailed case studies in health care, financial, government, and consumer industries

#3: A Guide to HIPAA Security and the Law

A Guide to HIPAA Security and the Law

372 pages

Description:

This publication discusses the HIPAA Security Rule’s role in the broader context of HIPAA and its other regulations, and provides useful guidance for implementing HIPAA security. At the heart of this publication is a detailed section-by-section analysis of each security topic covered in the Security Rule. This publication also covers the risks of non-compliance by describing the applicable enforcement mechanisms that apply and the prospects for litigation relating to HIPAA security.

#4: The Clinical Documentation Sourcebook: The Complete Paperwork Resource for Your Mental Health Practice

The Clinical Documentation Sourcebook: The Complete Paperwork Resource for Your Mental Health Practice

336 pages

Description:

The paperwork required when providing mental health services in the current era of third-party accountability can be quite daunting. The sourcebook is designed to help clinicians provide this documentation in a form that satisfies managed care requirements and maximizes prospects for approval of payments. Includes ready-to-use sample forms that meet the documentation requirements of virtually every managed care organization. The sourcebook also provides properly completed examples of each form, as well as a computer disk which contains word-processing versions of every form in the book.

#5: HIPAA Survival Guide for Providers: Privacy, Security and the HITECH Act

HIPAA Survival Guide for Providers: Privacy, Security and the HITECH Act

Description:

The HIPAA Survival Guide attempts a “forest from the trees” overview of the HIPAA Privacy and Security rules, and also includes a general overview of the HITECH Act as it pertains to these rules. The genesis of these rules is covered in the Background section. The HIPAA Survival Guide only targets a subset of covered entities, namely healthcare providers, focusing mostly on small providers, since this group will clearly be the most challenged by new laws and regulations.

The Third Edition of the HIPAA Survival Guide updates various substantive text of the first two editions and adds completely new material. The HITECH Act has indeed proven to be transformational. In order to deal more effectively with its changing regulatory landscape we have decided to release an updated version available on Amazon’s Kindle.

BONUS #6 – YES, IT’S A HIPAA ROMANCE NOVEL — HIPAA Hysteria

We’re really not sure how good this could be, but cmon — a steamy romantic novel set in the wild world of HIPAA compliance? Yes please!

HIPAA Hysteria

Description:

Is it a romantic comedy? Yes! Is it a legal thriller? Yes!

Margaret Nicks, a new graduate with a couple of degrees in health information management, becomes the Acting Director of Health Information Management at a hospital when the Director suffers a stroke. She quickly finds out that her new duty of getting the hospital HIPAA compliant won’t be easy. But she hires a consultant that she had met at a Cross Country seminar. Follow their struggles with the hospital doctors, staff, and administration to get them into compliance. They are attracted to each other, but legal ethics prevents him from dating her. After the compliance date, a hospital employee commits identity theft and blames it on the hospital’s failure to enforce HIPAA. Management tries to hang Margaret out to dry to save the hospital administrator and the governing board from liability. The U.S. Attorney indicts her under the theory of corporate criminal liability. So she hires the consultant, who is also an experienced defense attorney. Can he keep her out of federal prison? Will they end up an item after she is no longer his client?

Don’t have a Kindle yet? Get one at a discounted price on Amazon here.

The HIPAA Compliance Headache

Posted by David Greek

HIPAA Compliance Introduced. “Hip…what?”  That was my reaction when I first encountered HIPAA.  I was working at a dental office while home from college for the summer.  I had worked at that office part time while in high school and was now receiving instruction about the “new way” to do things around the office.  I…

The post The HIPAA Compliance Headache appeared first on SIMBUS.

HIPAA video

Posted by admin

Good video about network security, mentions HIPAA, security and the economics of spam.

ABSTRACT

Computer security has recently imported a lot of ideas from economics, psychology and sociology, leading to fresh insights and new tools. I will describe one thread of research that draws together techniques from fields as diverse as signals intelligence and sociology to search for artificial communities.

Evildoers online divide roughly into two categories – those who don’t want their websites to be found, such as phishermen, and those who do. The latter category runs from fake escrow sites through dodgy stores to postmodern Ponzi schemes. A few of them buy ads, but many set up fake communities in the hope of having victims driven to their sites for free. How can these reputation thieves be detected?

Some of our work in security economics and social networking may give an insight into the practical effects of network topology. These tie up in various ways with traffic analysis, long used by the signals intelligence agencies which trawl the airwaves and networks looking for interesting targets. I’ll describe a number of dubious business enterprises we’ve unearthed. Recent advances in algorithms, such as Newman’s modularity matrix, have increased the robustness of covert community detection. But much scope remains for wrongdoers to hide themselves better as they become topologically aware; we can expect attack and defence to go through several rounds of coevolution. I’ll therefore end up by talking about some strategic issues, such as the extent to which search engines and other service providers could, or should, share information in the interests of wickedness detection.

Speaker: Ross Anderson Ross Anderson is one of the top security researchers in the world.

View Video

11 Years of HIPAA and it’s still not easy for consumers

Posted by admin

NPR NPR did a good audio story on Morning Edition about the current state of HIPAA that is worth a listen.

Holding on to health insurance can be a big challenge if you have a chronic disease or history of illness. But it wasn’t supposed to be that way. Eleven years ago this month, Congress passed a law intended to free people who felt trapped in their jobs because they were afraid of losing their health insurance.

Click the Listen button to hear this story: Portable Health Insurance Faces Challenges – NPR.org

A good link for consumers from the story:
A CONSUMER GUIDE FOR GETTING AND KEEPING HEALTH INSURANCE.

(story found via HIPAAClicks.com)

HIPAA Checklists

Posted by admin

Get started with HIPAA compliance by checking out these free checklists. You may want to build your own customized checklist when developing your strategy for complying with HIPAA.

Bookmark this page, since it will be updated when we find more useful free HIPAA checklists.

Free HIPAA Compliance Checklists

Do you know of any other good HIPAA checklists we could add to this list? Leave a comment below!

Five Essential HIPAA Books for Beginners

Posted by admin

Here are five highly rated books (all available from Amazon.com) that are full of useful information for people who are new to the world of HIPAA compliance. If you are just learning the basics about HIPAA, these are a good place to start building your expertise.

#1: Getting Started with HIPAA

HIPAA Book

608 pages – ISBN: 1592000541

Read full reviews of this HIPAA book

#2: Hipaa Plain and Simple: A Compliance Guide for Healthcare Professionals

HIPAA Book

250 pages – ISBN: 1579474195

Read full reviews of this HIPAA book

#3: Understanding HIPAA: The Employer’s Guide to Compliance

HIPAA Book

152 pages – ISBN: 1410788784

Read full reviews of this HIPAA book

#4: Hipaa Facility Desk Reference: A Facilities’ Guide to Understanding the Administrative Simplification Provisions, 2003

HIPAA Book

243 pages – ISBN: 1563299267

Read full reviews of this HIPAA book

#5: Field Guide to HIPAA Implementation

HIPAA Book

266 pages – ISBN: 1579472834

Read full reviews of this HIPAA book

Do you have any other HIPAA books you would add to this list that you found to be helpful?