Compliance Updates
The Evolution of Risk to PHI and Patient Safety
In the 70s and 80s, healthcare organizations started to migrate their patient management information from hard copy to electronic, either on shared mainframes such as SMS and McAuto or on microprocessors. The user workstations had no intelligence and were known as “dumb terminals.” There were limited locations of electronic identifiable health information. There was no motivation to sell identifiable health information.
ComplyAssistant’s Gerry Blass Volunteers as a 405(d) Task Group Brand Ambassador
ComplyAssistant Contact:Gerry Blass(800) 609-3414 ext 700gerry@complyassistant.com Colts Neck, N.J.—April 26, 2021 – Gerry Blass, President and CEO of ComplyAssistant, has
Information Blocking and the Future of Patient Care: Breaking Down the 8 Exceptions
President and CEO Gerry Blass sat down with Journal of AHIMA senior editor Mary Butler on a recent episode of the Hi Pitch Podcast to talk about the 21st Century Cures Act Information Blocking Final Rule and the eight information blocking exceptions. Blass was joined by attorney Helen Oscislawski, who spoke to the challenges her clients have faced as they prepare to comply with the rule, which goes into effect on April 5th.
Breaking Down The Health Industry Cybersecurity Practices (HICP)
In this episode of Digital Checkup, Bill Siwicki asked Gerry Blass about the new Health Industry Cybersecurity Practices (HICP) Final Rule.
Briefings on HIPAA Article Shines Light on Need for Better Patient Access
A February 1 article published in Briefings on HIPAA focuses on recent findings from the Office for Civil Rights’ much-anticipated 2016-2017 HIPAA Audits Industry Report released in December 2020. The article shines light on some of the flaws and challenges in the way patient access to information has been handled over the years.

HIPAA and COVID-19 – A Timeline of OCR Notifications and Guidelines
We know. It can be difficult to find accurate and consistent information on HIPAA and the temporary changes due to COVID-19. To that end, we’ve put together a timeline and brief descriptions of the notifications and guidance issued by the OCR during the COVID-19 public health emergency.
Is Meaningful Use Still Meaningful?
Originally designed as part of HITECH to encourage providers to adopt electronic health records (EHRs), meaningful use was a means to an end – towards improved population health and better patient care among fragmented providers. The program prioritized five pillars of health outcomes:

GDPR Impact on US Healthcare Organizations
The General Data Protection Regulation (GDPR) is the European Union (EU) regulation on privacy and security of personally identifiable information (PII). It goes into effect on May 25, 2018. This blog provides an important comparison between GDPR and HIPAA.
Third Party (BA) Contract and Privacy and Security Risk Management
The HITECH-OMNIBUS final rule stepped up the requirements and for both CEs and BAs and both must now include the new requirements in their information privacy and security risk analysis and management program.
Office of Civil Rights Phase 2 HIPAA Audit Protocols
Based on prior statements from the OCR and their recently distributed survey, the pool of audit candidates will be approximately 800 to start. These randomly selected organizations will be chosen using the National Provider Identifier database and other external sources.
Workforce Risk and the Evolution of the Breach of Protected Health Information (PHI)
Who would have thought back in 1990 that someone in China or Russia or anywhere would be able to steal health information in a hospital in Anytown USA and even hold it for ransom.
Back to the Future – Root cause of Information Security Breaches
Healthcare seems to be the #1 target for hackers and ransomware and there are two (2) main reasons that make up the root cause.