A Practice’s Privacy Officer and Security Officer: The Batman & Robin of HIPAA Compliance
As part of HIPAA compliance, every healthcare office must have a Privacy Officer and a Security Officer. This article describes the responsibilities of each.
HIPAA
A New Approach to ePHI Security in Your Practice
Safeguarding ePHI (electronic Protected Health Information) isn’t the sole responsibility of a healthcare office’s IT person. It’s a team effort that depends on everyone adhering to good computer practices.
A New Approach to ePHI Security in Your Practice Read More »
Are Templates for HIPAA Policies & Procedures a Good Idea?
Some providers believe the solution to HIPAA’s Policies and Procedures requirement is to buy a bunch of templates, fill in all the blanks that say NAME OF YOUR PRACTICE HERE, put those pages in a binder, slide the binder on a shelf, and be done with it. Templates can provide an acceptable starting point, but Policies and Procedures need to be specific to each practice.
Are Templates for HIPAA Policies & Procedures a Good Idea? Read More »
HIPAA & The Miley-Cyrus Approach to Data Disposal
Does a Miley Cyrus video with over 750 million views offer any insights into what HIPAA says about data disposal? Well, consider this: The massive wrecking ball Ms. Cyrus sits on in the video swings between cinder-block walls. And before the hit song is over, they’re reduced to rubble, destroyed beyond recognition. If it’s not
HIPAA & The Miley-Cyrus Approach to Data Disposal Read More »
How Falling Prey to a Phishing Expedition Puts PHI at Risk
Phishing has become so commonplace, the word has made its way into the dictionary: Phish — to try to obtain financial or other confidential information from Internet users, typically by sending an e-mail that looks as if it is from a legitimate organization, usually a financial institution, but contains a link to a fake website
How Falling Prey to a Phishing Expedition Puts PHI at Risk Read More »
9 Safeguards for a HIPAA Compliant Fax
Before there was widespread access to email and the Internet, fax machines in healthcare practices were a common and accepted way to expeditiously share patient information with other providers. Convenient, affordable, easy to use, it’s no wonder fax machines are still whirring in a lot of offices. Maybe even yours. But with all the regulations
9 Safeguards for a HIPAA Compliant Fax Read More »
Cracking the Code of HHS Guidelines for Encryption of PHI
To encrypt or not to encrypt, that is the question. Or to put it another way: To convert readable data into gibberish that must be decoded to become readable again — or not to convert readable data into gibberish that must be decoded to become readable again, that is the question. The Health Insurance Portability
Cracking the Code of HHS Guidelines for Encryption of PHI Read More »
Beware of the Email Attachments from Hell
If you or someone on your staff opens one of these diabolic — yet seemingly innocent — email attachments, they can infect the office’s computers and make running your practice “hella” difficult until they’re fixed. Email attachments are a common source of viruses and worms. When opened, they can give hackers control of your computer,
Beware of the Email Attachments from Hell Read More »
Healthcare Providers: Why a Computer’s Audit Trail Is Important
I’m going to talk a little bit today about audit trails — sometimes called “audit logs” — and the vital role they can play in your ongoing efforts to keep Protected Health Information (PHI) safe, your workforce honest, and hackers at bay. What is an audit trail? According to Fundamentals of Law for Health Informatics
Healthcare Providers: Why a Computer’s Audit Trail Is Important Read More »
The Newest Standard for Notifying Patients of a PHI Breach
Before the HIPAA Omnibus Rule went into effect last year, the standard for determining whether or not patients needed to be notified in the event of a breach of Protected Health Information (PHI) was pretty subjective. If, for instance, a computer with PHI  of 3000+ patients was stolen from a small practice, it was the
The Newest Standard for Notifying Patients of a PHI Breach Read More »