HIPAA Spoken Here

Helpful tips and straight talk about HIPAA compliance

Having Business Associate Agreements Can Save a Healthcare Office Boku Bucks

“The times they are a changin’,” Bob Dylan sang in the Sixties. And they still are, especially when it comes to HIPAA and its regulaltions regarding Business Associate Agreements. The Omnibus Rule that went into effect in September of 2013 makes it clear that business associates of healthcare practices now have to comply with many of the provisions of the HIPAA Privacy Rule, all of the HIPAA Security Rule, and HIPAA’s Breach Notification Rule. While Business Associate Agreements have been part of HIPAA since it began, the big changes since the passage of the Omnibus Rule include: An expanded definition […]

Read more »

Can You Keep a Secret? 9 Tips for Creating Strong Passwords.

The computers in your office are veritable treasure chests of information cyber pirates would love to get their hands on. Only authorized personnel in a practice should have the keys to unlock what’s inside.  Passwords as those keys. They play an important role in protecting Electronic Health Records (EHR) and the vital information those records hold. The HIPAA Security Rule says that “reasonable and appropriate . . . procedures for creating, changing, and safeguarding passwords” must be in place. But the rule doesn’t stop there. It goes on to say that “In addition to providing passwords for access, entities must ensure that workforce […]

Read more »

How to Prepare for the Risk Assessment HIPAA Requires

  My brother-in-law retired a few years ago after more than three decades in private practice. He ran his busy office the old fashioned way — without computers. His patients’ records were kept in manila folders filed in a wall of shelves. In longhand, his office manager recorded appointments in a big black book and kept track of accounts in a ledger tucked into a backroom drawer. Today when I sat down to blog here about how to prepare for a risk analysis/risk assessment (the terms are interchangeable), I couldn’t help but think about my brother-in-law’s healthcare office and how […]

Read more »

Best Popcorn for Watching a Short HIPAA Video about Security of EHR

This short blog is going to point you in the direction of a good HHS video about the security of EHR  and a good popcorn to go with it. I’ve always loved popcorn. Who doesn’t? I remember my mom sprinkling the kernels into the hot oil in a heavy-duty kettle on our kitchen stove, slapping on the kettle’s cover, sliding the whole thing back and forth over a red-hot burner. And me and my sisters waiting for the “pop-pop-pop” that told us our favorite snack would soon be ready for Saturday Night at the Movies on the couch in the […]

Read more »

Why Serious HIPAA Enforcement Is Inevitable

To borrow a phrase from Stephen Colbert, the Office of Civil Rights (OCR) — the department in charge of HIPAA enforcement — got a “wag of the finger” a while back from the Health and Human Services Office of the Inspector General. And that’s bound to have an impact on healthcare offices everywhere. A November 2013 report from that office pointed out serious weaknesses that need to be addressed in OCR’s enforcement of HIPAA compliance. Titled — in all caps, no less — THE OFFICE FOR CIVIL RIGHTS DID NOT MEET ALL FEDERAL REQUIREMENTS IN ITS OVERSIGHT AND ENFORCEMENT OF […]

Read more »

The Role of a Practice’s HIPAA Privacy Officer

  Exactly when an HHS auditor will visit your office is anybody’s guess. But I do know the first words an auditor is likely to say when he/she arrives to assess how the practice is doing with HIPAA compliance: “I’m from Health and Human Services and I’d like to speak with your Privacy Officer.”Roblox Robux Hack 2017  HIPAA says that every practice or healthcare organization must designate a privacy officer. No office—no matter its size—is exempt from this HIPAA requirement. In larger healthcare organizations, it’s not uncommon for the role of HIPAA Privacy Officer to be someone’s entire job. That […]

Read more »

8 Common HIPAA Compliance Cop-Outs

Let’s be honest. To many healthcare providers, HIPAA is four-letter word. And the phrase “HIPAA compliance” — around since 1996 — has become a kind of irritating background noise they’ve gotten used to, but still wish would go away. Here in 2015 HIPAA compliance can no longer be ignored. Advances in technology and consumer awareness, along with recent changes in the law, stiffer enforcement, and larger penalties have made the old excuses for not dealing with HIPAA compliance unworkable and untrue. Let’s look at 8 of them. “HIPAA compliance isn’t part of the Hippocratic oath and the real work of […]

Read more »