Tag Archives for: "Health and Human Services"

Healthcare Providers: Why a Computer’s Audit Trail Is Important

I’m going to talk a little bit today about audit trails — sometimes called “audit logs” — and the vital role they can play in your ongoing efforts to keep Protected Health Information (PHI) safe, your workforce honest, and hackers at bay. What is an audit trail? According to Fundamentals of Law for Health Informatics and Information Management, an audit trail is basically a “record that shows who has accessed a computer system, when it was accessed, and what operations were performed.” As that definition makes clear, one of the main functions of an audit trail is access management. But […]

Read more »

Recent Changes in the Notice of Privacy Practices: What You Need to Know

If there’s one aspect of HIPAA compliance it seems every office implements, it’s the Notice of Privacy Practices (NPP) — the document that informs patients of the permitted uses and disclosures of their Protected Health Information (PHI) and also spells out their rights as patients regarding their own access to their PHI. I can vouch for the widespread use of NPPs from my own experience as a healthcare consumer. At every first-time visit to a doctor’s or dentist’s office in recent memory, I’ve been handed a clipboard with a lengthy, legal-sounding NPP to read, along with a pen to sign […]

Read more »

Cracking the Code of HHS Guidelines for Encryption of PHI

To encrypt or not to encrypt, that is the question. Or to put it another way: To convert readable data into gibberish that must be decoded to become readable again — or not to convert readable data into gibberish that must be decoded to become readable again, that is the question. The Health Insurance Portability and Accountability Act (HIPAA) says, “A covered entity must implement a mechanism to encrypt and decrypt electronic protected health information.” That sounds a lot like the government’s way of saying, “End of discussion.” But actually it’s not that clear cut. HIPAA goes on to state, […]

Read more »

Basic Guide to Thwarting Theft of Protected Health Information

Fact: According to the latest HIPAA and Breach Enforcement Stats from the Office of Civil Rights (the arm of Health and Human Services responsible for HIPAA enforcement), theft is the leading cause of reported breaches. Last year, as a direct result of a breach report of a stolen unencrypted laptop, Concentra Health Services paid OCR $1,725,220 to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. And that’s just one story. There have been plenty more, and the number continues to grow. First step to thwarting theft of Protected Health Information: Think like […]

Read more »

Why Serious HIPAA Enforcement Is Inevitable

To borrow a phrase from Stephen Colbert, the Office of Civil Rights (OCR) — the department in charge of HIPAA enforcement — got a “wag of the finger” a while back from the Health and Human Services Office of the Inspector General. And that’s bound to have an impact on healthcare offices everywhere. A November 2013 report from that office pointed out serious weaknesses that need to be addressed in OCR’s enforcement of HIPAA compliance. Titled — in all caps, no less — THE OFFICE FOR CIVIL RIGHTS DID NOT MEET ALL FEDERAL REQUIREMENTS IN ITS OVERSIGHT AND ENFORCEMENT OF […]

Read more »

The Role of a Practice’s HIPAA Privacy Officer

  Exactly when an HHS auditor will visit your office is anybody’s guess. But I do know the first words an auditor is likely to say when he/she arrives to assess how the practice is doing with HIPAA compliance: “I’m from Health and Human Services and I’d like to speak with your Privacy Officer.”Roblox Robux Hack 2017  HIPAA says that every practice or healthcare organization must designate a privacy officer. No office—no matter its size—is exempt from this HIPAA requirement. In larger healthcare organizations, it’s not uncommon for the role of HIPAA Privacy Officer to be someone’s entire job. That […]

Read more »