About

We help companies safely and securely do business on the web, in accordance with applicable law. How? By helping them reduce risk. Privacy and security compliance issues are merely a subset of legal issues that online businesses face. This is equally true for eCommerce sites as it is for healthcare providers, facilities, and vendors.

Read more »

Contact

Read more »

Attorney Profile

Read more »

Resources
Email Newsletter icon, E-mail Newsletter icon, Email List icon, E-mail List icon
Sign up for a FREE
HITECH / HIPAA
Compliance Newsletter

Enter your email address

HITECH / HIPAA Archived Newsletters

This page contains an archive of The Digital Business Law Group's monthly HITECH / HIPAA Compliance Newsletters. Each month's issue will contain a "Quick Link" to this page so that readers can easily find content they may want to reference. This also allows new subscribers to go back and get caught up on topics previously covered. The current issue of the newsletter is not available here until after the month in which it was issued. To get the current version you can subscribe to our FREE HITECH / HIPAA Compliance Newsletter here. if you are interested in a FREE EHR Software Checklist click here. 

Need a HITECH Business Associate Contract? Check out the HSG Store.

Looking for best of breed HITECH / HIPAA compliance tracking software?

February 2012

The featured article this month is entitled HIPAA Compliance: Preview of the HHS Omnibus Rule?

This article explores the proposed HHS Omnibus Rule. The HHS Omnibus Rule ("OR") mostly concerns sections of the HITECH Act that went into effect on February 18, 2010. There was an NPRM that was issued on July 14, 2010 that contained the changes proposed for the final rule. It is quite evident that HHS has not broken any "land speed records" in finalizing the OR, but all indications are that it will be forthcoming "soon." The full text of the OR can be found here.  

January 2012

The featured article this month is entitled HIPAA Compliance: The Privacy Rule and the Patient's Bill of Rights?

This article explores the Patient's Bill of Rights ("PBR") contained within the   HIPAA Privacy Rule.  Although the PBR has existed since the Privacy Rule was first promulgated, changing demographics and marketplace trends will force covered entities (and in many cases business associates) to take a new look at the PBR and its implications. Recently, due to the significant movement to EHRs enabled by the HITECH Act, it is the HIPAA Security Rule that has garnered most of the attention, and rightfully so. However, the PBR may (at the end of the day) be the single biggest driver of compliance change within an organization, superseded only by changes brought on by breach notification. 

December 2011

The featured article this month is entitled HIPAA Compliance: The Intersection of Privacy, Security, Mobile and Social Media?

This article explores the use of social media and mobile devices in the healthcare industry and the potential risks associated with such rampant use. It is not a question of whether or not covered entities ("CEs") should engage in this type of use, the fact of the matter is that they are doing so in large numbers. This phenomenon is not about to stop anytime soon, nor should it. Social media and mobile devices provide CEs with a way to engage their patients in a manner that allows CEs to differentiate their offerings in an increasingly more competitive marketplace.

November 2011

The featured article this month is entitled HITECH / HIPAA: The Cost of Non-Compliance?

This article explores the cost of HITECH / HIPAA non-compliance to the healthcare industry. It will examine a number of cost factors and suggest strongly that relatively small investments in compliance could produce significant returns. It will also revisit the reasons why healthcare's compliance status quo is no longer sustainable.

October 2011

The featured article this month is entitled HITECH / HIPAA Compliance: a checklist manifesto?

This article explores how, in a world that is increasingly becoming more complex, where the volume of knowledge often exceeds an individual's ability to assimilate and communicate it, simple tools such as checklists are having a profound and compelling positive impact on dealing with complexity. In particular, this article explores how checklists can be used as HITECH / HIPAA compliance tools.

September 2011

The featured article this month is entitled HITECH / HIPAA and the Cloud: what are the benefits and risks?

This article explores the healthcare industry's emphatic adoption of cloud computing and the benefits and risks of moving to the cloud, including those directly related to HITECH / HIPAA Compliance.

August 2011

The featured article this month is entitled Meaningful Use: How do you verify that you are meeting the requirements?

This article addresses the kinds of information that must be tracked in order to receive your EHR Incentives under the meaningful use stage 1 requirements. Clearly there is quite a bit of information that needs to be tracked, most of which will be coming from a provider's EHR system. However, the information in an EHR system is not static. Therefore, providers must capture all required information to legally attest to HITECH Act compliance as a snapshot in a point intime, which is not a trivial task given the complexity of the objectives.

July 2011

The featured article this month is entitled:  HIPAA Breach Notification Decision Points: when is notification triggered?.

This article addresses the kind of analysis required to decide whether breach notification is triggered under the HITECH Act for a given security incident. The bottom line is that not all security incidents trigger notification but the wicked problem remains how to determine the ones that do?

June 2011

The featured article this month is entitled: Tracking Patients Using HITECH / HIPAA Compliance Software.

This article addresses features and functionality required to ensure that your organization can provide visible demonstrable evidence that it is managing patient authorizations, restrictions, incidents, and access requests according to applicable law. This article provides an overview of how our recommended best of breed HIPAA Compliance Software accomplishes these tasks. In subsequent articles we will discuss the other baseline components in greater detail.

Q2 2011

The featured article this quarter is entitled: "Must Have Features in a HITECH / HIPAA Compliance Tracking System." 

This article describes the kinds of features and functionality that an organization should seek in a HIPAA compliance software in order to be able to show visible demonstrable evidence that it is serious about meeting its HITECH / HIPAA compliance obligations.We have often written about the concept that compliance is a process and that simply having policies and procedures in place, although necessary, is woefully insufficient with respect to demonstrating process due diligence over time. In short, in addition to providing assistance in the creation and management of policies and procedures, HIPAA compliance software should also allow an organization to manage its compliance processes and to demonstrate evidence that it is doing so.

Q1 2011

The featured article this quarter is entitled: "Disruption in Compliance Governance: Why the old governance model is DOA." 

If any reader still believes that the healthcare industry has not already been disrupted more in the last year then it has in the past fifty, with more disruption on the way in 2011, then you have simply been asleep at the wheel for all of 2010. Further, we have a news flash for you, it is no longer the government that is the most active agent in the disruption business, it's that scary (or holy, depending on your point of view) thing we call "the free market" that is driving the disruption. 

October 2010

The featured article this month is entitled: "Ten Steps to Selecting the Right EHR Software." 

First of all, if you have been following along with this newsletter you understand that there are no ten steps (or five, pick a number) to "solving" any wicked problem (for new readers see here and here). Software selection is clearly a wicked problem and therefore does not lend itself to a linear process. The software selection problem is much more chaotic than what may be apparent on its face. Second, although an EHR implementation and your HITECH compliance initiative are closely intertwined, for reasons to be discussed in this article, we feel compelled to (once again) remind our readers that they are NOT one and the same thing.

September 2010

The featured article this month is entitled: "Healthcare for the 21st Century, it's the architecture stupid." 

What is healthcare architecture? My "elevator pitch" answer to this question goes something like this: "architecture concerns itself with making sure that the various parts of a complex system (e.g. healthcare interoperability) work well together." Huh? In short, the question is not an easy, or straightforward, one to answer. We have a 2000-year history of architecture as it relates to the built world, and still the general public has only a vague understanding of its first principles. In the healthcare universe, at least with respect to anything that could be called healthcare interoperability, we have, at most, a very short history indeed (especially in the U.S.) Therefore, it should come as no surprise that even practitioners within the healthcare information technology industry are confused when the word is used.

August 2010

The featured article this month is entitled: "Compliance with HITECH / HIPAA Privacy and Security: Biomedical Device Integration (BMDI)."

This article, by Deborah Leyva, RN, Clinical Solutions Executive, at Nuvon, Inc.,  presents an overview of the importance of medical device integration vis-a-vis EHR ROI, and the corresponding privacy and security challenges under HITECH.

July 2010

The featured article this month is entitled: "HITECH Breach Notification Framework: an Overview.

 This article presents an overview of issues that covered entities ("CE") face when confronted with a breach of PHI and its corresponding reporting requirements under HITECHTo say that the HITECH Act changes everything with respect to breach notification is not hyperbole. There were no equivalent breach notification requirements under HIPAA, and therefore, HITECH introduces and entirely new regulatory regime in this regard. HITECH's breach notification requirements also have implications with respect to business associates, and with respect to the relationship between a business associate and a covered entity.

June 2010

 This month's featured article is entitled: "Business Associate Contracts: HITECH Implications."

Until the HITECH Act was enacted into law on February 17, 2009, as part of ARRA, a business associate's ("BA") compliance with HIPAA's Regulations was mandated only as part of the contract (see 164.504(e)(1) ) with its respective Covered Entity ("CE"). Under HITECH a BA is "directly on the hook" (i.e. via statutory authority) for complying with the0 sections of the HIPAA Security Rule("SR").

May 2010

 This month's featured article is entitled: "Business Associates: That was then, this is now."

All business associate contracts will have certain key sections as required by the regulations. This article walks you through each key section from our perspective, highlighting issues that you should consider before entering into a binding agreement.  It should be noted that these issues will obviously vary with the individual party using the agreement, and whether or not your organization is a Covered Entity ("CE") or a Business Associate ("BA").

April 2010

 This month's featured article is entitled: "Change is Hard: EHR Implementations, Compliance Touch Points & Chaos Theory."

 It is a "concept article' with the following introduction

We understand that this newsletter has introduced concepts (e.g. wicked problems and agile methodologies) that may be foreign to healthcare providers. There are several reasons why we have felt compelled to do so: 1) we are bona fide geeks and can't help ourselves; and 2) more importantly, we believe that maybe (just maybe) some of our readers might benefit from our lessons learned (the hard way) in other industries.

March 2010

This month's featured article is entitled: "The HITECH Act One Year Out: Real Healthcare Reform?"

 It explores where we have been under HITECH and where we are likely headed. It attempts to provide a big picture view of more than just the regulatory impact, but rather discusses the convergence of law, policy and technology as the real foundation for change. All three combined will produce unprecedented change in the healthcare industry.  Why? Because these three meta-concepts are inextricably linked. Trying to understand any one of them without considering the other two is an exercise in futility.

February 2010

This month's featured article is entitled: "HHS' Interim 'Meaningful Use' Regulations (Part 2)."

It is a continuation of the guest article by Deborah Leyva, RN, BSN, contained in January's newsletter. The focus of our newsletter has been primarily on providing a better understanding of the HITECH / HIPAA requirements and on providing insights into strategies that will help providers and facilities meet the objectives of the new regulations. January's guest article began with a discussion of the changes made by ONC and HHS for the first Policy Priority specified by the HIT Policy Committee, covering specifications for Stage I - 2011 Meaningful Use criteria, subsequent to the announcement by ONC and HHS, on December 30th.

January 2010

This month's featured article is entitled: "The Compliance Crisis: Top Five Strategies Guaranteed to Fail.

The focus of our newsletter has been primarily on providing a better understanding of the HITECH / HIPAA requirements and on providing insights into strategies that will help providers and facilities meet the objectives of the new regulations. However, it is often just as useful to examine the status quo and to analyze why existing strategies will no longer work in this new regulatory environment, perhaps more so.The article five compliance strategies guaranteed to fail are as follows: (1) ostrich; (2) our staff's on top of it; (3) members of our legal team are compliance experts; (4) not invented here--healthcare is so different; and (5) the docs know best .

December 2009

The featured article this month is entitled: Understanding HITECH / HIPAA Risk Management Frameworks.

These frameworks are targeted to executives and others who require strategic guidance during these uncertain times. Now that the healthcare marketplace is starting to recognize the scope and magnitude of the HITECH Act, we felt it was necessary to take a step back and provide executive management teams (and other mission critical management staff) our perspective on how to move forward in a responsible and rigorous manner, especially in this highly competitive economic environment that mandates effective cost control. In short, how can an organization achieve HITECH / HIPAA compliance without breaking the bank?

November 2009

The featured article this month is entitled: "The Intersection of HITECH/HIPAA and Meaningful Use: Part IV: HITECH/HIPAA and Meaningful Use Part IV: Attacking the HIPAA Security Rule (Hug the Monster: Redux)."

 It is the fourth in a series of featured articles over the next few months that will discuss the transformational impact that the HITECH Act is likely to have on HIPAA's regulatory environment. This featured article explores the HIPAA Security Rule in the second of two parts that discusses "the monster."

October 2009

The featured article this month is entitled: "The Intersection of HITECH/HIPAA and Meaningful Use: Part III: Attacking the HIPAA Security Rule (Hug the Monster)."

It is the third in a series of featured articles over the next few months that will discuss the transformational impact that the HITECH Act is likely to have on HIPAA's regulatory environment. This featured article explores the HIPAA Security Rule in the first of two parts that discusses "the monster."

September 2009

The featured article this month is entitled: "The Intersection of HITECH/HIPAA and Meaningful Use: Part II."

It is the second in a series of featured articles over the next few months that will discuss the transformational impact that the HITECH Act is likely to have on HIPAA's regulatory environment. This featured article explores why an EHR/HITECH/HIPAA implementation is a "wicked problem."

August 2009

The featured article this month is entitled: "The Intersection of HITECH/HIPAA and Meaningful Use: Part I."

It is the first in a series of featured articles over the next few months that will discuss the transformational impact that the HITECH Act is likely to have on HIPAA's regulatory environment. This featured article introduces key aspects of the HITECH Act and why they collectively constitute a game changer.

     Hablamos Espanol.
Internet Lawyer
© 2008-2010 Digital Business Law Group, P.A. All rights reserved.
 Contact Privacy Policy Terms of Use HITECH Act