HIPAA – Touchstone Compliance

Having Business Associate Agreements Can Save a Healthcare Office Boku Bucks

“The times they are a changin’,” Bob Dylan sang in the Sixties. And they still are, especially when it comes to HIPAA and its regulaltions regarding Business Associate Agreements. The Omnibus Rule that went into effect in September of 2013 makes it clear that business associates of healthcare practices now have to comply with many …

Having Business Associate Agreements Can Save a Healthcare Office Boku Bucks Read More »

A Practice’s Privacy Officer and Security Officer: The Batman & Robin of HIPAA Compliance

Leave a Comment / HIPAA Privacy Rule, HIPAA Security Rule / By Roman Diaz

As part of HIPAA compliance, every healthcare office must have a Privacy Officer and a Security Officer. This article describes the responsibilities of each.

A New Approach to ePHI Security in Your Practice

Leave a Comment / Data Security, HIPAA Security Rule / By Roman Diaz

Safeguarding ePHI (electronic Protected Health Information) isn’t the sole responsibility of a healthcare office’s IT person. It’s a team effort that depends on everyone adhering to good computer practices.

Are Templates for HIPAA Policies & Procedures a Good Idea?

Leave a Comment / HIPAA Privacy Rule, HIPAA Security Rule, Policies and Procedures / By Roman Diaz

Some providers believe the solution to HIPAA’s Policies and Procedures requirement is to buy a bunch of templates, fill in all the blanks that say NAME OF YOUR PRACTICE HERE, put those pages in a binder, slide the binder on a shelf, and be done with it. Templates can provide an acceptable starting point, but Policies and Procedures need to be specific to each practice.

HIPAA & The Miley-Cyrus Approach to Data Disposal

Leave a Comment / HIPAA Security Rule / By Roman Diaz

Does a Miley Cyrus video with over 750 million views offer any insights into what HIPAA says about data disposal? Well, consider this: The massive wrecking ball Ms. Cyrus sits on in the video swings between cinder-block walls. And before the hit song is over, they’re reduced to rubble, destroyed beyond recognition. If it’s not …

HIPAA & The Miley-Cyrus Approach to Data Disposal Read More »

How Falling Prey to a Phishing Expedition Puts PHI at Risk

Leave a Comment / HIPAA Quick Tip / By Roman Diaz

Phishing has become so commonplace, the word has made its way into the dictionary: Phish — to try to obtain financial or other confidential information from Internet users, typically by sending an e-mail that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake website …

How Falling Prey to a Phishing Expedition Puts PHI at Risk Read More »

9 Safeguards for a HIPAA Compliant Fax

Leave a Comment / HIPAA Privacy Rule, HIPAA Security Rule / By Roman Diaz

Before there was widespread access to email and the Internet, fax machines in healthcare practices were a common and accepted way to expeditiously share patient information with other providers. Convenient, affordable, easy to use, it’s no wonder fax machines are still whirring in a lot of offices. Maybe even yours. But with all the regulations …

9 Safeguards for a HIPAA Compliant Fax Read More »

Cracking the Code of HHS Guidelines for Encryption of PHI

Leave a Comment / HIPAA Security Rule / By Roman Diaz

To encrypt or not to encrypt, that is the question. Or to put it another way: To convert readable data into gibberish that must be decoded to become readable again — or not to convert readable data into gibberish that must be decoded to become readable again, that is the question. The Health Insurance Portability …

Cracking the Code of HHS Guidelines for Encryption of PHI Read More »

Beware of the Email Attachments from Hell

Leave a Comment / HIPAA Quick Tip / By Roman Diaz

If you or someone on your staff opens one of these diabolic — yet seemingly innocent — email attachments, they can infect the office’s computers and make running your practice “hella” difficult until they’re fixed. Email attachments are a common source of viruses and worms. When opened, they can give hackers control of your computer, …

Beware of the Email Attachments from Hell Read More »

Healthcare Providers: Why a Computer’s Audit Trail Is Important

Leave a Comment / audit trail, HIPAA Security Rule / By Roman Diaz

I’m going to talk a little bit today about audit trails — sometimes called “audit logs” — and the vital role they can play in your ongoing efforts to keep Protected Health Information (PHI) safe, your workforce honest, and hackers at bay. What is an audit trail? According to Fundamentals of Law for Health Informatics …

Healthcare Providers: Why a Computer’s Audit Trail Is Important Read More »