Bulletproof Office Helping You to Better Enable Your IT

By: Steve | June 25, 2015

JDL HealthTech  

NOTE:  This is a reprint from a recent Press Release.  At my current firm, JDL Technologies, we have exercised strong relationships with our technology partners and have also minimized our own financial margins in an effort to make HIPAA compliance easier and more manageable for the smaller Practices we serve.   

By: Steve | May 18, 2015

HealthIT.gov

Everyone has a role to play in the privacy and security of electronic health information — it is truly a shared responsibility. The Office of the National Coordinator for Health Information Technology (ONC) provides resources to help you succeed in your privacy and security responsibilities. This Guide to Privacy and Security of Electronic Health Information (referred to as “Guide”) is an example of just such a tool.


The intent of the Guide is to help health care providers ― especially Health Insurance Portability and Accountability Act (HIPAA) Covered Entities (CEs) and Medicare Eligible Professionals (EPs) from smaller organizations ― better understand how to integrate federal health information privacy and security requirements into thei...

By: Steve | April 02, 2015

Sorry!

Now, that would be a great tune - a bit catchy, don't you think? Yes, rather silly and, as we know, with the size of the fines being handed out for "willful neglect," enabling and maintaining compliance is a serious matter.

 

HIPAA compliance is not easy.  If it was, every healthcare provider would be fully compliant, and many continue to struggle with understanding exactly what needs to be done.  No-one wants to deal with the coming pain as the Health and Human Services Office for Civil Rights amps up its enforcement audits.

If you are a healthcare provider with a desire to efficiently, effectively and inexpensively work through your compliance program, I have a prescription for you!  

 

The first step is to receiv...

By: Steve | December 09, 2014

The HIPAA Security Rule imposes a number of requirements that the HHS Office For Civil Rights (OCR) has begun auditing for compliance, including four requirements related to information system and ePHI activity, as outlined below:


HIPAA §164.308(a)(1)(ii)(D) requires healthcare providers to implement procedures to regularly review records of information system activity, such as audit logs, access reports and security incident tracking reports.

ePHI Data Breach Statistics

HIPAA §164.312(B) requires healthcare providers to implement hardware, software,and/or procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information(ePHI). 


HIPAA §164.308(a)(5)(ii)(C) require...

By: Steve | October 27, 2014

paper files

This is the last in a series of three posts I am providing based upon "compliance secrets" presented at the recent HIPAA Security conference by the HHS Office for Civil Rights (OCR) and NIST in Washington DC.


These views are strictly my own based upon information gathered at the conference.

New Standard for Data Breach Impact

By: Steve | October 15, 2014

medical jargon

This is the second in a series of three posts I am providing based upon "compliance secrets" presented at the recent HIPAA Security Conference by the HHS Office for Civil Rights (OCR) and NIST in Washington DC.


These views are strictly my own based upon information gathered at the conference.

You Must Have a Compliance Program and a Culture of Compliance


As conference leaders made very clear, HIPAA Compliance has two parts.  One is a comprehensive compliance plan, with documentation that confirms your adherence to HIPAA regulations.  The second is a “Culture of Compliance” that you create every day in your practice, medical center or hospital.  Think of one as the letter of the law, and the second as the spirit of the law....

By: Steve | October 09, 2014

Some highly important information was presented at the HIPAA Security Conference recently by the HHS Office For Civil Rights (OCR) and NIST in Washington DC.

OCR Announces New HIPAA Audit and Enforcement Program