Touchstone Compliance

PHI

HIPAA Privacy Rule. HIPAA Security Rule. What’s the Difference?

Eavesdrop on a conversation about HIPAA compliance and most likely you’ll hear the words “privacy” and “security” — sometimes separately, often together, and usually in the context of safeguarding patient information. “So, what exactly is the difference between ‘privacy’ and ‘security’ in relation to HIPAA compliance?” you ask. With today’s HIPAA Quick Tip I’ll try […]

HIPAA Privacy Rule. HIPAA Security Rule. What’s the Difference? Read More »

The Basics of Mobile Device Security for Protected Health Information

The single most common way Protected Health Information (PHI) is compromised is through the loss of devices themselves, whether this happens by accident or by theft. Technology — thumb drives, CDs, smart phones, tablets — has made it possible for large amounts of information to be tucked into our pockets or purses and carried to

The Basics of Mobile Device Security for Protected Health Information Read More »

Basics of a Good Business Associate Agreement for HIPAA

When it comes to safeguarding Protected Health Information (PHI), you could say, “It takes a village.”  The Omnibus Rule underscores the fact that protecting patients’ health information and their right to privacy is the responsibility today not only of healthcare providers, but also of their business associates (BAs) whose work requires them to access PHI.

Basics of a Good Business Associate Agreement for HIPAA Read More »

Basic Guide to Thwarting Theft of Protected Health Information

Fact: According to the latest HIPAA and Breach Enforcement Stats from the Office of Civil Rights (the arm of Health and Human Services responsible for HIPAA enforcement), theft is the leading cause of reported breaches. Last year, as a direct result of a breach report of a stolen unencrypted laptop, Concentra Health Services paid OCR

Basic Guide to Thwarting Theft of Protected Health Information Read More »

Urban Legends & the HIPAA Risk Analysis

Strange as it might seem, HIPAA compliance and the New York City sewer system share a connection. Both have given rise to “stories with little or no supporting evidence that spread spontaneously in varying forms and often have elements of humor, moralizing, or horror” — in other words, both contain  the stuff of “urban legends.”

Urban Legends & the HIPAA Risk Analysis Read More »

Having Business Associate Agreements Can Save a Healthcare Office Boku Bucks

“The times they are a changin’,” Bob Dylan sang in the Sixties. And they still are, especially when it comes to HIPAA and its regulaltions regarding Business Associate Agreements. The Omnibus Rule that went into effect in September of 2013 makes it clear that business associates of healthcare practices now have to comply with many

Having Business Associate Agreements Can Save a Healthcare Office Boku Bucks Read More »

Why Serious HIPAA Enforcement Is Inevitable

To borrow a phrase from Stephen Colbert, the Office of Civil Rights (OCR) — the department in charge of HIPAA enforcement — got a “wag of the finger” a while back from the Health and Human Services Office of the Inspector General. And that’s bound to have an impact on healthcare offices everywhere. A November

Why Serious HIPAA Enforcement Is Inevitable Read More »