Blog Posts Tagged with "HHS"
August 20, 2012 Added by:Danny Lieberman
EHR interconnected with HIE systems have a big threat surface, because of big, very complex software systems with a large number of attacker entry points. Healthcare system vulnerabilities are compounded since everyone is using the same technology from Microsoft and following the same HIPAA compliance checklists...
July 02, 2012 Added by:Rebecca Herold
“This is OCR’s first HIPAA action against a state agency and we expect organizations to comply with their obligations under these rules regardless of whether they are private or public entities.” Bottom line for all organizations of all sizes: It is wise to learn from the pain of others...
March 25, 2012 Added by:Rebecca Herold
The question was framed as meaning the entire W-2 form was being “submitted” for financial assistance to pay for healthcare, so with this in mind, we will consider it as one document containing several information items that are necessarily grouped together...
January 12, 2012 Added by:Rebecca Herold
I’ve spoken to many business leaders over the years, and most have gotten serious about ensuring safeguards are in place when putting their signatures on attestations and other types of legally binding documents. So, you need to have documented procedures in place...
November 30, 2011 Added by:Headlines
A new tool, developed by the NIST is intended to be a resource that organizations can use to support their risk assessment processes by identifying areas where security safeguards may be needed to protect EPHI, or where existing security safeguards may need to be improved...
June 07, 2011 Added by:David Navetta
Access reports would include the date and time of access, and the name of the individual or entity accessing an individual’s health information. Additionally, an access report would include a description of the information that was accessed and of the action taken by the user...
June 01, 2011 Added by:Rebecca Herold
Covered entities and business associates would need to account for disclosures of PHI in electronic health records that are part of a designated record set for treatment, payment and health care operations in addition to the existing requirements for accounting for access to PHI...
March 24, 2011 Added by:Jack Anderson
Free Webinar on HIPAA and HITECH Compliance: Join us to find out how easy it can be to take your practice from zero to compliant with our easy-to-use online system that combines all the pre-drafted policies, procedures and forms you need plus assistance from a HIPAA compliance expert..
March 03, 2011 Added by:Rebecca Herold
Most of the lawyers and regulatory analysts I’ve spoken with have indicated that they anticipate most, if not all, of the proposed changes will be enacted into the Final Rule as law by the end of March 2011. Many changes will result, and eight areas will be significantly impacted...
March 03, 2011 Added by:David Navetta
If your organization does not have a privacy program in place, now is the time to act. Legal compliance function, vendor management and appropriate security provisions in vendor and customer agreements are just a few of the hallmarks of a program that could help avoid enforcement actions...
January 30, 2011 Added by:Jack Anderson
There is no third party authorized by HHS to attest to their compliance such as The Joint Commission or JCAHO can attest to accreditation. Even if they could prove to your satisfaction that they were compliant in January, how would you know that they were compliant in February, or March, etc...
January 14, 2011 Added by:Headlines
A network server at Seacoast Radiology was illegally accessed by hackers intent on using it to host "Call of Duty: Black Ops" gaming sessions. The server provides storage for records for over 230,000 individuals...
January 06, 2011 Added by:Rebecca Herold
On December 20, 2010, the federal government published “Part II: Regulatory Information Service Center: Introduction to The Regulatory Plan and the Unified Agenda of Federal Regulatory and Deregulatory Actions.” Within it is the long-awaited HHS time line for when they would publish the final rule...
January 04, 2011 Added by:Headlines
Breaches happen. Consumers, government and the business community need to stop acting like ostriches with their heads in the sand. Second, the concept of “risk of harm” is not acceptable for determining notification. This is true especially if the company involved is allowed to define risk of harm...
Good Security Starts at Home... Prabhas Raju on 12-20-2014
Paying Lip Service (Mostly) to User Educatio... Sherrley Max on 12-20-2014
Amphion Forum Highlights Promise and Problem... Margot Bertin on 12-19-2014