Blog Posts Tagged with "HHS"

959779642e6e758563e80b5d83150a9f

Network Exposure and Healthcare Privacy Breaches

August 20, 2012 Added by:Danny Lieberman

EHR interconnected with HIE systems have a big threat surface, because of big, very complex software systems with a large number of attacker entry points. Healthcare system vulnerabilities are compounded since everyone is using the same technology from Microsoft and following the same HIPAA compliance checklists...

Comments  (0)

65be44ae7088566069cc3bef454174a7

Lack of Basic Security Practices Results in $1.7 Million Sanction

July 02, 2012 Added by:Rebecca Herold

“This is OCR’s first HIPAA action against a state agency and we expect organizations to comply with their obligations under these rules regardless of whether they are private or public entities.” Bottom line for all organizations of all sizes: It is wise to learn from the pain of others...

Comments  (0)

65be44ae7088566069cc3bef454174a7

Is a W-2 Considered PHI Under HIPAA?

March 25, 2012 Added by:Rebecca Herold

The question was framed as meaning the entire W-2 form was being “submitted” for financial assistance to pay for healthcare, so with this in mind, we will consider it as one document containing several information items that are necessarily grouped together...

Comments  (0)

65be44ae7088566069cc3bef454174a7

Do Subpoenas Trump HIPAA or Trample Security of PHI?

January 12, 2012 Added by:Rebecca Herold

I’ve spoken to many business leaders over the years, and most have gotten serious about ensuring safeguards are in place when putting their signatures on attestations and other types of legally binding documents. So, you need to have documented procedures in place...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

HIPAA Tool Helps Organizations Meet Security Requirements

November 30, 2011 Added by:Headlines

A new tool, developed by the NIST is intended to be a resource that organizations can use to support their risk assessment processes by identifying areas where security safeguards may be needed to protect EPHI, or where existing security safeguards may need to be improved...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Find Out Who Has Accessed Your Health Records

June 07, 2011 Added by:David Navetta

Access reports would include the date and time of access, and the name of the individual or entity accessing an individual’s health information. Additionally, an access report would include a description of the information that was accessed and of the action taken by the user...

Comments  (0)

65be44ae7088566069cc3bef454174a7

HHS: HIPAA Privacy Rule Accounting of Disclosures

June 01, 2011 Added by:Rebecca Herold

Covered entities and business associates would need to account for disclosures of PHI in electronic health records that are part of a designated record set for treatment, payment and health care operations in addition to the existing requirements for accounting for access to PHI...

Comments  (0)

10e258c8d23d441b915c1b2333b6996a

HIPAA - HITECH Compliance: Avoid the Wall of Shame

March 24, 2011 Added by:Jack Anderson

Free Webinar on HIPAA and HITECH Compliance: Join us to find out how easy it can be to take your practice from zero to compliant with our easy-to-use online system that combines all the pre-drafted policies, procedures and forms you need plus assistance from a HIPAA compliance expert..

Comments  (0)

65be44ae7088566069cc3bef454174a7

Auditors: Prepare for the "Year of Healthcare Privacy"

March 03, 2011 Added by:Rebecca Herold

Most of the lawyers and regulatory analysts I’ve spoken with have indicated that they anticipate most, if not all, of the proposed changes will be enacted into the Final Rule as law by the end of March 2011. Many changes will result, and eight areas will be significantly impacted...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Privacy Enforcement Storm: HHS, FTC and FINRA Act

March 03, 2011 Added by:David Navetta

If your organization does not have a privacy program in place, now is the time to act. Legal compliance function, vendor management and appropriate security provisions in vendor and customer agreements are just a few of the hallmarks of a program that could help avoid enforcement actions...

Comments  (0)

10e258c8d23d441b915c1b2333b6996a

Proving HIPAA HITECH Compliance

January 30, 2011 Added by:Jack Anderson

There is no third party authorized by HHS to attest to their compliance such as The Joint Commission or JCAHO can attest to accreditation. Even if they could prove to your satisfaction that they were compliant in January, how would you know that they were compliant in February, or March, etc...

Comments  (2)

69dafe8b58066478aea48f3d0f384820

Medical Server Hacked by Call of Duty Gamers

January 14, 2011 Added by:Headlines

A network server at Seacoast Radiology was illegally accessed by hackers intent on using it to host "Call of Duty: Black Ops" gaming sessions. The server provides storage for records for over 230,000 individuals...

Comments  (0)

65be44ae7088566069cc3bef454174a7

HIPAA-HITECH Final Rule To Be Published in March

January 06, 2011 Added by:Rebecca Herold

On December 20, 2010, the federal government published “Part II: Regulatory Information Service Center: Introduction to The Regulatory Plan and the Unified Agenda of Federal Regulatory and Deregulatory Actions.” Within it is the long-awaited HHS time line for when they would publish the final rule...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Identity Theft Resource Center 2010 Breach Report

January 04, 2011 Added by:Headlines

Breaches happen. Consumers, government and the business community need to stop acting like ostriches with their heads in the sand. Second, the concept of “risk of harm” is not acceptable for determining notification. This is true especially if the company involved is allowed to define risk of harm...

Comments  (0)


Most Liked