Compliance Updates | Page 6 of 6

Audits and Evidence of Compliance- Will Your Organization Be Audited?

Could your organization be selected for an audit? The answer is obviously yes. So how do you prepare? We recommend that your organization conduct a document review and organize all your HIPAA privacy, security, and breach notification policies, procedures, plans and evidence of due diligence in one place for easy access to provide to OCR. Remember that OCR only provides a two-week notice. If your organizations documentation is not organized, two weeks may not be enough time to get ready for the audit.

Webinar with Leading Industry Experts on Best Practices for Omnibus Rule Compliance and Vendor Management

The Omnibus Rule outlines significant changes to the relationships between covered entities and business associates, leading to a variety of compliance and vendor management challenges. This webinar provides attendees with an understanding of what has changed for business associates with the Omnibus Rule, and discusses how it changes the relationship between provider and vendor.

All Aboard the Omnibus – A Look at HIPAA’s First Update in 10 Years

On January 25, 2013, the Office for Civil Rights (OCR) published their long awaited updates to the HIPAA Privacy and Security Rules. The formal name of the rules is “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule,” known to those that must implement its provisions and deal with its enforcement as the Omnibus Rule.

OCR HIPAA Audits – We Now Know the Protocols

We should all know by now that the Office for Civil Rights (OCR) has been mandated to audit all HIPAA Covered Entities (CEs) and Business Associates (BAs), and we now know the main ingredients of the audits, the protocols, which are subject to change over time based on audit results. All CEs and BAs should begin a process now to prepare for an OCR audit based on the most current protocols. Why? Because once the OCR notifies you that your organization will be audited, you only have a couple of weeks to prepare.

The HITECH Omnibus final rule -“Fall” for IT

The HITECH Omnibus final rule -“Fall” for IT (Journal of Healthcare Information Management – (JHIM) –Fall 2012 – Used by permission from HIMSS). See you in September – That was a great song, first done by the Tempos in 1959 and then by the Happenings in 1966. So let’s use it as the theme for the current estimated timing for the publication of the HITECH Omnibus final rule. Of course, it could also be “Home for the Holidays”.

Mobile Devices Are Here to Stay, But Challenges Remain

Mobile Devices Are Here to Stay, But Challenges Remain (Journal of Healthcare Information Management – (JHIM) – Summer 2012 – Used by permission from HIMSS). “The use of portable devices, especially the iPhone and iPad are turning physicians into iDocs. These consumer tools are moving into the healthcare environment at a break neck speed! We have seen increased usability. That is good. But, we also have seen increased security risks. That is bad”.

HIPAA and HITECH Security in the New World – Accountable Care Organizations and Health Information Exchanges

Information security risk management is a numbers game. The bigger the numbers, the harder it is to manage the risk of unauthorized access to PHI.