Touchstone Compliance

HHS

Cracking the Code of HHS Guidelines for Encryption of PHI

To encrypt or not to encrypt, that is the question. Or to put it another way: To convert readable data into gibberish that must be decoded to become readable again — or not to convert readable data into gibberish that must be decoded to become readable again, that is the question. The Health Insurance Portability […]

Cracking the Code of HHS Guidelines for Encryption of PHI Read More »

Recent Changes in the Notice of Privacy Practices: What You Need to Know

If there’s one aspect of HIPAA compliance it seems every office implements, it’s the Notice of Privacy Practices (NPP) — the document that informs patients of the permitted uses and disclosures of their Protected Health Information (PHI) and also spells out their rights as patients regarding their own access to their PHI. I can vouch

Recent Changes in the Notice of Privacy Practices: What You Need to Know Read More »

Healthcare Providers: Why a Computer’s Audit Trail Is Important

I’m going to talk a little bit today about audit trails — sometimes called “audit logs” — and the vital role they can play in your ongoing efforts to keep Protected Health Information (PHI) safe, your workforce honest, and hackers at bay. What is an audit trail? According to Fundamentals of Law for Health Informatics

Healthcare Providers: Why a Computer’s Audit Trail Is Important Read More »

Basics of a Good Business Associate Agreement for HIPAA

When it comes to safeguarding Protected Health Information (PHI), you could say, “It takes a village.”  The Omnibus Rule underscores the fact that protecting patients’ health information and their right to privacy is the responsibility today not only of healthcare providers, but also of their business associates (BAs) whose work requires them to access PHI.

Basics of a Good Business Associate Agreement for HIPAA Read More »

Basic Guide to Thwarting Theft of Protected Health Information

Fact: According to the latest HIPAA and Breach Enforcement Stats from the Office of Civil Rights (the arm of Health and Human Services responsible for HIPAA enforcement), theft is the leading cause of reported breaches. Last year, as a direct result of a breach report of a stolen unencrypted laptop, Concentra Health Services paid OCR

Basic Guide to Thwarting Theft of Protected Health Information Read More »

Best Popcorn for Watching a Short HIPAA Video about Security of EHR

This short blog is going to point you in the direction of a good HHS video about the security of EHR  and a good popcorn to go with it. I’ve always loved popcorn. Who doesn’t? I remember my mom sprinkling the kernels into the hot oil in a heavy-duty kettle on our kitchen stove, slapping

Best Popcorn for Watching a Short HIPAA Video about Security of EHR Read More »

Why Serious HIPAA Enforcement Is Inevitable

To borrow a phrase from Stephen Colbert, the Office of Civil Rights (OCR) — the department in charge of HIPAA enforcement — got a “wag of the finger” a while back from the Health and Human Services Office of the Inspector General. And that’s bound to have an impact on healthcare offices everywhere. A November

Why Serious HIPAA Enforcement Is Inevitable Read More »

The Role of a Practice’s HIPAA Privacy Officer

  Exactly when an HHS auditor will visit your office is anybody’s guess. But I do know the first words an auditor is likely to say when he/she arrives to assess how the practice is doing with HIPAA compliance: “I’m from Health and Human Services and I’d like to speak with your Privacy Officer.”Roblox Robux

The Role of a Practice’s HIPAA Privacy Officer Read More »