Tag Archives for: "compliance"

HIPAA & The Miley-Cyrus Approach to Data Disposal

Does a Miley Cyrus video with over 750 million views offer any insights into what HIPAA says about data disposal? Well, consider this: The massive wrecking ball Ms. Cyrus sits on in the video swings between cinder-block walls. And before the hit song is over, they’re reduced to rubble, destroyed beyond recognition. If it’s not too much of a stretch, let’s think of that image from the “Wrecking Ball” video as a metaphor for the Security Rule’s guidelines for the disposal of computers, laptops and other media that house Protected Health Information (PHI). The best way to prevent unauthorized access […]

Read more »

Why Serious HIPAA Enforcement Is Inevitable

To borrow a phrase from Stephen Colbert, the Office of Civil Rights (OCR) — the department in charge of HIPAA enforcement — got a “wag of the finger” a while back from the Health and Human Services Office of the Inspector General. And that’s bound to have an impact on healthcare offices everywhere. A November 2013 report from that office pointed out serious weaknesses that need to be addressed in OCR’s enforcement of HIPAA compliance. Titled — in all caps, no less — THE OFFICE FOR CIVIL RIGHTS DID NOT MEET ALL FEDERAL REQUIREMENTS IN ITS OVERSIGHT AND ENFORCEMENT OF […]

Read more »

Are Templates for HIPAA Policies & Procedures a Good Idea?

Some providers believe the solution to HIPAA’s Policies and Procedures requirement is to buy a bunch of templates, fill in all the blanks that say NAME OF YOUR PRACTICE HERE, put those pages in a binder, slide the binder on a shelf, and be done with it. Templates can provide an acceptable starting point, but Policies and Procedures need to be specific to each practice.

Read more »