|
Featured Article
|
This month's featured article begins to provide the foundation for a HIPAA Security Rule ("SR") framework. An approach by which the SR can be "attacked" by providers of all sizes. Let's be clear, a framework is not a cookbook solution, those do not exist for wicked problems, but rather, its a kind of map of the territory. Going forward, we will be laser focused on developing various frameworks for meeting the challenges of the HITECH Act, and its transformational impact on the HIPAA Regulations. These frameworks are intended to move an organization forward on the compliance continuum.
|
The World Health
Care Congress Leadership Summit on HITECH and HIPAA Compliance Management for
Providers
November 9 - 10, 2009
Alexandria, VA
|
Presenting strategic frameworks for the C-Suite
and in-depth, tactical solutions for your IT and operations teams, this must
attend Summit will feature industry experts and key association think-tank
leaders presenting
solutions on how to expose risk, minimize liability and maintain compliance in
an environment of continual "HIT change." Save an extra $200.00 off
the current rate with code BFX997 (not applicable on gov't rate). To
register, contact us at 800-767-9499.
Read More...
|
The Value of Technology and the Internet for Improving Healthcare: Engaging Patients & Families
|
In 2004, the Internet was in its "infancy" with respect to "cloud computing" and reliable online healthcare information. And... electronic health records and telemedicine were only vague ideas on the horizon. Now these technologies are becoming mainstream. Both providers and patients want access to reliable healthcare information. A leading visionary in patient centric care summarized the issue both with eloquence and clarity:
"The cure of diseases is doubtless a matter of great importance; but the preservation of health is of still greater. This is the concern of every man, and surely what relates to it ought to be rendered as plain and obvious to all as possible."
This article's central theme is to tell a short story of where we have been and where we are likely to go with the use of healthcare information and technology. The intersection of policy, law and technology requires stakeholders to think holistically as Health 2.0 rolls out. HITECH now mandates, with the force of law, that privacy and security play a key role as providers and facilities implement the envisioned enabling technologies.
In short, privacy and security cannot be an after thought that we only let IT or administrators worry about. Furthermore, there are other legal touch points that providers must pay attention to that have nothing to do with HITECH/HIPAA, but rather have to do with doing business online/electronically. These issues will also be discussed where appropriate.
Read More...
|
|
Join Our Mailing List
|
|
Interested in staying current on HITECH / HIPAA compliance issues? Click the join our list link above and receive your own copy of the newsletter on the first business day of each month.
|
|
Dear Subscriber,
Welcome to the October 2009 HITECH/HIPAA Compliance Newsletter. The featured article this month is entitled: "HITECH/HIPAA and Meaningful Use Part III: Attacking the HIPAA Security Rule (Hug the Monster). It is the third in a series of featured articles over the next few months that will discuss the transformational impact that the HITECH Act is likely to have on HIPAA's regulatory environment.
The September Issue's featured article took a big picture view of what it is going to take to implement an effective EHR/HITECH/HIPAA compliance strategy. This month we are heading completely in the opposite direction. This issue also features a guest article by Deborah Leyva.
Deborah's article discusses the multiple (and often hidden) PHI "touch points" that providers will encounter as they move online. In addition, her article provides commentary regarding the legal/compliance issues related to this migration. The article is entitled: The Value of Technology and the Internet for Improving Healthcare: Engaging Patient & Families.
Compliance with HIPAA's Privacy and Security Rules is now part of HHS's "meaningful use" definition, which as a practical matter means that providers or facilities found to be non-HIPAA compliant may not get paid their electronic health record (EHR) incentives under the HITECH Act. That, coupled with HITECH's "improved HIPAA enforcement" regime, is likely to transform HIPAA from a paper tiger to legislation that is actively enforced.
Our focus from the outset has been to provide actionable information to our readers. In short, "news you can use." We are excited about the addition of various guest authors that we are lining up, but you will have to read to end of the featured article for more information.
|
Announcement
|
 The authors of the HIPAA Survival Guide will be presenting at the World Health Care Congress Leadership Summit on HITECH and HIPAA Compliance Management for Providers (see left sidebar for more information).
The title of our presentation is: "Meaningful Use Under HITECH: Why HIPAA is No Longer a Paper Tiger"
We encourage you attend this event and quickly get up to speed on the latest HITECH/HIPAA compliance issues. Changes in the healthcare industry are happening at a furious pace. Most providers and facilities are ill prepared for these changes. Take this opportunity to get information on HITECH/HIPAA best practices and on avoiding the hidden pain points.
If you would like to follow the authors' blogs click here and here. Also, if you plan to attend the conference we would enjoy meeting you. Please stop by after our presentation and say hello.
|
|
HITECH/HIPAA and Meaningful Use Part III: Attacking the HIPAA Security Rule (Hug the Monster)
|
 As mentioned in the introduction, the subtitle of Part III is: "Attacking the HIPAA Security Rule: Hug the Monster." We are using military metaphors because the Security Rule presents a completely different challenge than the Privacy Rule. It appears at first glance (and second, third, fourth glances as well) as a "military like" specification for cyber security. We would not be surprised if in fact that was where the substance of the rule originated.
There has not been much attention paid to the Security Rule for several reasons: 1) few providers have implemented EHRs; and 2) the previous HIPAA enforcement regime was essentially a paper tiger. The HITECH Act changes all that, providers now have very little choice other than to "hug the monster." The latter is a military term that means (more or less) when your survival is literally on the line you have to confront and acknowledge this reality before you can take meaningful steps to deal with it.
The Security Rule is so complex and daunting that we have decided to dedicate two featured articles to it in order to adequately provide the necessary foundation. There is likely no more significant public policy issue regarding the success of the proposed U.S. National Health Information Infrastructure than protecting the privacy and the security of the data contained within it.
This issue introduces the concept of a number of organizational frameworks that will be required in order to effectively cope with your EHR/HITECH/HIPAA initiatives. The framework concept was first introduced in this podcast that we did in collaboration with the World Health Congress.
We hope to add more multimedia content going forward. We understand that individuals vary in the manner by which they process and assimilate information. Often, the most clarity comes from seeing material presented via alternative forms.
We like to use "mind maps" for this reason, but also want to experiment with other tools. The HITECH Act and the HIPAA regulations are challenging, not only to understand, but to apply effectively. The HIPAA Security Rule is perhaps the canonical example of the complexity involved.
Read More ...
|
|
About Us
|
|
We help
companies safely and securely do business on the web, in accordance
with applicable law. How? By helping them reduce risk. Privacy and
security compliance issues are merely a subset of legal issues that
online businesses face. This is equally true for eCommerce sites as it
is for healthcare providers, facilities, and vendors.
We take a partnering and collaborative approach in our legal practice.
If you would like to see specific topics covered in this newsletter then please let us know.
Sincerely,
|
|
|
