• Home
  • About Us
  • Services
  • Stepping Up
  • Pricing
  • Blog
  • Partners
  • Contact
  • Client Login
Home / HIPAA Security Rule

Archives

Category Archive for: "HIPAA Security Rule"

Healthcare Providers: Why a Computer’s Audit Trail Is Important

Roman Diaz
audit trail, HIPAA Security Rule
0

I’m going to talk a little bit today about audit trails — sometimes called “audit logs” — and the vital role they can play in your ongoing efforts to keep Protected Health Information (PHI) safe, your workforce honest, and hackers at bay. What is an audit trail? According to Fundamentals of Law for Health Informatics and Information Management, an audit trail is basically a “record that shows who has accessed a computer system, when it was accessed, and what operations were performed.” As that definition makes clear, one of the main functions of an audit trail is access management. But […]

Read more »

The Newest Standard for Notifying Patients of a PHI Breach

Roman Diaz
HIPAA Security Rule, Omnibus Rule, PHI Breach
0

Before the HIPAA Omnibus Rule went into effect last year, the standard for determining whether or not patients needed to be notified in the event of a breach of Protected Health Information (PHI) was pretty subjective.  If, for instance, a computer with PHI  of 3000+ patients was stolen from a small practice, it was the responsibility of the practice’s Privacy Officer to assess whether the theft was likely to result in harm to any patient’s reputation or bank account. If the answer was “yes,” then the breach had to be reported and the patients notified. The trouble with that standard […]

Read more »

Is Texting PHI (Protected Health Information) Allowed by HIPAA?

Roman Diaz
HIPAA Security Rule, Texting PHI
0

The answer to that question is more complicated than a simple yes or no. “It depends,” says it best. The reason lies in the law itself. The lawmakers who crafted the HIPAA legislation went to great lengths, it seems to me, to make the mandate non-prescriptive.  HIPAA compliance doesn’t expressly require the use or avoidance of any specific modes of communication. In fact, the law doesn’t even mention texting PHI! What HIPAA does say is that with any means of communication, appropriate safeguards must be in place to ensure the privacy and security of Protected Health Information (PHI).  Whether or […]

Read more »

HIPAA Risk Assessment: Lessons from General Motors

Roman Diaz
HIPAA Security Rule, risk assessment
0

For healthcare providers who’ve been putting off doing a risk assessment and developing a mitigation plan, Mary Barra, the CEO of General Motors, could make a compelling case against that kind of procrastination. If ten years earlier GM had identified the ignition switch in last year’s headlines as a potentially deadly defect and taken steps then to fix it, it could have saved at least 13 lives, prevented the company from having to pay $35 million in government fines and untold millions more from civil lawsuits, made the recall of 2.6 million vehicles unnecessary, and spared the CEO from having […]

Read more »

HIPAA Privacy Rule. HIPAA Security Rule. What’s the Difference?

Roman Diaz
HIPAA Privacy Rule, HIPAA Security Rule
0

Eavesdrop on a conversation about HIPAA compliance and most likely you’ll hear the words “privacy” and “security” — sometimes separately, often together, and usually in the context of safeguarding patient information. “So, what exactly is the difference between ‘privacy’ and ‘security’ in relation to HIPAA compliance?” you ask. With today’s HIPAA Quick Tip I’ll try to clear that up. And at the end of this post, you can test your understanding of that distinction with a one-question quiz. (I’m joking. Sort of. You’ll see.) The HIPAA’s Privacy Rule refers to the broad requirements to protect the confidentiality of Protected Health […]

Read more »

9 Safeguards for a HIPAA Compliant Fax

Roman Diaz
HIPAA Privacy Rule, HIPAA Security Rule
0

Before there was widespread access to email and the Internet, fax machines in healthcare practices were a common and accepted way to expeditiously share patient information with other providers. Convenient, affordable, easy to use, it’s no wonder fax machines are still whirring in a lot of offices. Maybe even yours. But with all the regulations now in place to ensure the privacy and security of Protected Health Information (PHI), many practices are wondering: Is information sent via fax HIPAA compliant? In today’s blog I’ll answer that question, provide guidelines for a HIPAA compliant fax for those of you who aren’t […]

Read more »

Cracking the Code of HHS Guidelines for Encryption of PHI

Roman Diaz
HIPAA Security Rule
0

To encrypt or not to encrypt, that is the question. Or to put it another way: To convert readable data into gibberish that must be decoded to become readable again — or not to convert readable data into gibberish that must be decoded to become readable again, that is the question. The Health Insurance Portability and Accountability Act (HIPAA) says, “A covered entity must implement a mechanism to encrypt and decrypt electronic protected health information.” That sounds a lot like the government’s way of saying, “End of discussion.” But actually it’s not that clear cut. HIPAA goes on to state, […]

Read more »

The Pluses of a Virtual Private Network for Exchanging PHI Remotely

Roman Diaz
HIPAA Quick Tip, HIPAA Security Rule
0

Let me set a scene where a Virtual Private Network (VPN) would be “just what the doctor ordered.” You’re out of town at a conference of healthcare professionals in your specialty. Before you left home, a colleague asked you to consult on a paricular case. She said she would email you the patient’s test results  as soon as she got them, along with relevant details from his medical history.Watch Full Movie Online Streaming Online and Download “Take a look as soon as you can,” she said, “Then tell me what you think.” You brought your laptop with you. The hotel […]

Read more »

The Basics of Mobile Device Security for Protected Health Information

Roman Diaz
HIPAA Quick Tip, HIPAA Security Rule
0

The single most common way Protected Health Information (PHI) is compromised is through the loss of devices themselves, whether this happens by accident or by theft. Technology — thumb drives, CDs, smart phones, tablets — has made it possible for large amounts of information to be tucked into our pockets or purses and carried to our cars, homes, favorite coffee shops, or hotel rooms at conferences. Files that used to take up an entire wall can now fit on a 2-inch thumb drive, a mini iPad, a laptop. But with this amazing technological convenience, comes increased responsibility. “Covered entities and […]

Read more »

Basics of a Good Business Associate Agreement for HIPAA

Roman Diaz
Business Associate Agreement, HIPAA Security Rule, Omnibus Rule
0

When it comes to safeguarding Protected Health Information (PHI), you could say, “It takes a village.”  The Omnibus Rule underscores the fact that protecting patients’ health information and their right to privacy is the responsibility today not only of healthcare providers, but also of their business associates (BAs) whose work requires them to access PHI.  And the Business Associate Agreements mandated by HIPAA play an important role in that shared responsibility. Get your free BAA template here! (Not.) In this post I’d like to offer a handy BAA template that would work for all your business associates, as defined by […]

Read more »

© Copyright 2020 Touchstone Compliance All Rights Reserved