Risk Analysis is Key Document in Achieving HIPAA Security Compliance

We commend to your attention an important article that appears in a June 13, 2014, Healthcare IT News posting:  “Security tips from the health IT pros,” which is available online at: http://www.healthcareitnews.com/print/80616.  This article has useful advice on a number of topics, including the importance of

Lessons Learned from Breach Reports: A Cautionary Tale for Achieving HIPAA Compliance in Six Parts – (VI) Training

On May 20, 2014, then Secretary of the Department of Health and Human Services (HHS), Kathleen Sebelius, transmitted to Congress the required HITECH Act document:  Annual Report to Congress on Breaches of Unsecured Protected Health Information For Calendar Years 2011 and 2012, which is available online at: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachreport2011-2012.pdf.  Much of this document analyzes the characteristics of breaches that the HITECH Act requires be reported to the HHS Office for Civil Rights (OCR), which prepared the report.

 

Lessons Learned from Breach Reports: A Cautionary Tale for Achieving HIPAA Compliance in Six Parts – (V) Physical Access Controls

On May 20, 2014, then Secretary of the Department of Health and Human Services (HHS), Kathleen Sebelius, transmitted to Congress the required HITECH Act document:  Annual Report to Congress on Breaches of Unsecured Protected Health Information For Calendar Years 2011 and 2012, which is available online at: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachreport2011-2012.pdf.  Much of this document analyzes the characteristics of breaches that the HITECH Act requires be reported to the HHS Office for Civil Rights (OCR), which prepared the report.

Lessons Learned from Breach Reports: A Cautionary Tale for Achieving HIPAA Compliance in Six Parts – (IV) Proper Disposal

On May 20, 2014, then Secretary of the Department of Health and Human Services (HHS), Kathleen Sebelius, transmitted to Congress the required HITECH Act document:  Annual Report to Congress on Breaches of Unsecured Protected Health Information For Calendar Years 2011 and 2012, which is available online at: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachreport2011-2012.pdf.  Much of this document analyzes the characteristics of breaches that the HITECH Act requires be reported to the HHS Office for Civil Rights (OCR), which prepared the report.

Lessons Learned from Breach Reports: A Cautionary Tale for Achieving HIPAA Compliance in Six Parts – (III) Portable Device Security

On May 20, 2014, then Secretary of the Department of Health and Human Services (HHS), Kathleen Sebelius, transmitted to Congress the required HITECH Act document:  Annual Report to Congress on Breaches of Unsecured Protected Health Information For Calendar Years 2011 and 2012, which is available online at: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachreport2011-2012.pdf.  Much of this document analyzes the characteristics of breaches that the HITECH Act requires be reported to the HHS Office for Civil Rights (OCR), which prepared the report.

 

Lessons Learned from Breach Reports: A Cautionary Tale for Achieving HIPAA Compliance in Six Parts – (II) Security Evaluation

On May 20, 2014, then Secretary of the Department of Health and Human Services (HHS), Kathleen Sebelius, transmitted to Congress the required HITECH Act document:  Annual Report to Congress on Breaches of Unsecured Protected Health Information For Calendar Years 2011 and 2012, which is available online at: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachreport2011-2012.pdf.  Much of this document analyzes the characteristics of breaches that the HITECH Act requires be reported to the HHS Office for Civil Rights (OCR), which prepared the report.

Lessons Learned from Breach Reports: A Cautionary Tale for Achieving HIPAA Compliance in Six Parts – (I) Risk Analysis and Risk Management

On May 20, 2014, then Secretary of the Department of Health and Human Services (HHS), Kathleen Sebelius, transmitted to Congress the required HITECH Act document:  Annual Report to Congress on Breaches of Unsecured Protected Health Information For Calendar Years 2011 and 2012, which is available online at: http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/breachreport2011-2012.pdf.  Much of this document analyzes the characteristics of breaches that the HITECH Act requires be reported to the HHS Office for Civil Rights (OCR), which prepared the report.

 

Adoption of Operating Rules for HIPAA Transactions at Final Rule Stage in HHS Semiannual Regulatory Agenda

June 13, 2014.  In today’s Federal Register, the Department of Health and Human Services (HHS) published its Semiannual Regulatory Agenda of “forthcoming regulatory actions.”  Included under Final Rule Stage actions of the Centers for Medicare & Medicaid Services (CMS) was “Adoption of Operating Rules for HIPAA Transactions (CMS-0036-IFC).”  Here is the abstract of this action, which can be found on page 34064 of the Semiannual Regulatory Agenda at http://www.gpo.gov/fdsys/pkg/FR-2014-06-13/pdf/2014-13125.pdf

 

Patient Engagement: Correcting Medical Errors Is a Different Type of Security

June 10, 2014.  When we speak of “security” in this set of HIPAA Safeguard posts, we generally refer to it in the context of the HIPAA Security Rule and compliance by covered entities and business associates with its standards and implementation specifications to safeguard electronic protected health information.  Another context relates the growing use of electronic health records (EHRs) by covered entities such as hospitals and physicians and that persons authorized by those covered entities having access to protected health information contained in their EHR systems are  “secure” in the knowledge that such information is correct.  The June 10, 2014, Wall Street Journal has an article by Laura Landro entitled:  “Health-Care Providers Want Patients to Read Medical Records, Spot Errors, which is available online at: http://online.wsj.com/articles/health-care-providers-want-patients-to-read-medical-records-spot-errors-1402354902.  In that article is the statement:  “Studies show errors can occur on as many as 95% of the medication lists found in patient medical records.” 

 

More Great Advice on HIPAA Risk Assessment Pertaining to Electronic Protected Health Information (ePHI)

The June 2014 issue of Health Management Technology on pages 18-19 has an excellent article on compliance monitoring by Jason Free entitled:  “An in-depth discussion on risk management,” which can be found online at: http://www.healthmgttech.com/articles/201406/an-in-depth-discussion-on-risk-management.php.  We recommend that you read this entire article, which is a transcript of a conference call, and that you pay particular attention to the comments of Adam Green on risk analysis, from which we select the following:

 

Categories



Archives

  • October 2017 (1)
  • August 2017 (3)
  • July 2017 (1)
  • June 2017 (7)
  • May 2017 (12)
  • April 2017 (10)
  • March 2017 (2)
  • February 2017 (3)
  • January 2017 (4)
  • December 2016 (4)
  • November 2016 (7)
  • October 2016 (7)
  • September 2016 (2)
  • August 2016 (1)
  • July 2016 (3)
  • June 2016 (1)
  • May 2016 (1)
  • April 2016 (8)
  • March 2016 (6)
  • February 2016 (2)
  • December 2015 (1)
  • November 2015 (1)
  • October 2015 (4)
  • September 2015 (1)
  • June 2015 (8)
  • May 2015 (3)
  • April 2015 (2)
  • March 2015 (1)
  • November 2014 (1)
  • September 2014 (15)
  • August 2014 (6)
  • July 2014 (1)
  • June 2014 (13)
  • May 2014 (11)
  • April 2014 (13)
  • March 2014 (6)
  • February 2014 (12)
  • January 2014 (3)
  • December 2013 (1)