Archives

Tag Archives for: "HIPAA compliance"

Healthcare Providers: Why a Computer’s Audit Trail Is Important

I’m going to talk a little bit today about audit trails — sometimes called “audit logs” — and the vital role they can play in your ongoing efforts to keep Protected Health Information (PHI) safe, your workforce honest, and hackers at bay. What is an audit trail? According to Fundamentals of Law for Health Informatics and Information Management, an audit trail is basically a “record that shows who has accessed a computer system, when it was accessed, and what operations were performed.” As that definition makes clear, one of the main functions of an audit trail is access management. But […]

Read more »

The Newest Standard for Notifying Patients of a PHI Breach

Before the HIPAA Omnibus Rule went into effect last year, the standard for determining whether or not patients needed to be notified in the event of a breach of Protected Health Information (PHI) was pretty subjective.  If, for instance, a computer with PHI  of 3000+ patients was stolen from a small practice, it was the responsibility of the practice’s Privacy Officer to assess whether the theft was likely to result in harm to any patient’s reputation or bank account. If the answer was “yes,” then the breach had to be reported and the patients notified. The trouble with that standard […]

Read more »

How Falling Prey to a Phishing Expedition Puts PHI at Risk

Phishing has become so commonplace, the word has made its way into the dictionary: Phish — to try to obtain financial or other confidential information from Internet users, typically by sending an e-mail that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake website that replicates the real one. In today’s HIPAA Quick Tip, I’ll show you a little trick that could save you and your staff from taking the bait from someone phishing for information. With regulations about data security getting stricter, hackers have stepped up their game. […]

Read more »

Recent Changes in the Notice of Privacy Practices: What You Need to Know

If there’s one aspect of HIPAA compliance it seems every office implements, it’s the Notice of Privacy Practices (NPP) — the document that informs patients of the permitted uses and disclosures of their Protected Health Information (PHI) and also spells out their rights as patients regarding their own access to their PHI. I can vouch for the widespread use of NPPs from my own experience as a healthcare consumer. At every first-time visit to a doctor’s or dentist’s office in recent memory, I’ve been handed a clipboard with a lengthy, legal-sounding NPP to read, along with a pen to sign […]

Read more »

The Pluses of a Virtual Private Network for Exchanging PHI Remotely

Let me set a scene where a Virtual Private Network (VPN) would be “just what the doctor ordered.” You’re out of town at a conference of healthcare professionals in your specialty. Before you left home, a colleague asked you to consult on a paricular case. She said she would email you the patient’s test results  as soon as she got them, along with relevant details from his medical history. “Take a look as soon as you can,” she said, “Then tell me what you think.” You brought your laptop with you. The hotel where you’re staying has Wi-Fi.  So does […]

Read more »

6 Symptoms of a Possible Computer Virus

In your line of work, people come to you every day with symptoms. Chest pains. Chills. Blurred vision. Toothaches. And every day you draw on your years of medical, optometry, or dental training and your skills as a diagnostician to figure what’s wrong and how to fix it. As a healthcare professional, it’s what you do. But when it comes to diagnosing a computer virus, it’s not uncommon for healthcare providers to say in frustration, “Beats me why this computer’s acting so weird!” Not uncommon either to hope that a simple re-boot will solve the problem. Sometimes it does. Not […]

Read more »

Urban Legends & the HIPAA Risk Analysis

Strange as it might seem, HIPAA compliance and the New York City sewer system share a connection. Both have given rise to “stories with little or no supporting evidence that spread spontaneously in varying forms and often have elements of humor, moralizing, or horror” — in other words, both contain  the stuff of “urban legends.” In the case of New York City, urban legend says that large alligators prowl its sewer system, flushed there by New Yorkers returning from Florida vacations with live, little “lizards,” souvenirs they soon tired of. In the case of HIPAA, legend has it that the […]

Read more »

How to Prepare for the Risk Assessment HIPAA Requires

  My brother-in-law retired a few years ago after more than three decades in private practice. He ran his busy office the old fashioned way — without computers. His patients’ records were kept in manila folders filed in a wall of shelves. In longhand, his office manager recorded appointments in a big black book and kept track of accounts in a ledger tucked into a backroom drawer. Today when I sat down to blog here about how to prepare for a risk analysis/risk assessment (the terms are interchangeable), I couldn’t help but think about my brother-in-law’s healthcare office and how […]

Read more »

The Role of a Practice’s HIPAA Privacy Officer

  Exactly when an HHS auditor will visit your office is anybody’s guess. But I do know the first words an auditor is likely to say when he/she arrives to assess how the practice is doing with HIPAA compliance: “I’m from Health and Human Services and I’d like to speak with your Privacy Officer.”Roblox Robux Hack 2017  HIPAA says that every practice or healthcare organization must designate a privacy officer. No office—no matter its size—is exempt from this HIPAA requirement. In larger healthcare organizations, it’s not uncommon for the role of HIPAA Privacy Officer to be someone’s entire job. That […]

Read more »

8 Common HIPAA Compliance Cop-Outs

Let’s be honest. To many healthcare providers, HIPAA is four-letter word. And the phrase “HIPAA compliance” — around since 1996 — has become a kind of irritating background noise they’ve gotten used to, but still wish would go away. Here in 2015 HIPAA compliance can no longer be ignored. Advances in technology and consumer awareness, along with recent changes in the law, stiffer enforcement, and larger penalties have made the old excuses for not dealing with HIPAA compliance unworkable and untrue. Let’s look at 8 of them. “HIPAA compliance isn’t part of the Hippocratic oath and the real work of […]

Read more »