|
Featured Article
|
This month's featured article discusses how to build a good compliance story. It will focus on the compliance continuum and describe an iterative road map for moving from no HITECH Act compliance story, to a point on the continuum that allows a provider or facility to make a reasonable good faith argument (i.e. to a government agency and/or a court of law) that they are either in compliance, or have a strong plan in place for meeting the legal requirements of the Act.
It will also discuss in more detail, as an extension of Part I of the series, the key components that underpin why HITECH/HIPAA compliance is a wicked problem, and then shifts focus to offering practical guidance for achieving compliance going forward, using meaningful use as an organizing principle.
|
The World Health
Care Congress Leadership Summit on HITECH and HIPAA Compliance Management for
Providers
November 9 - 10, 2009
Alexandria, VA
|
Presenting strategic frameworks for the C-Suite
and in-depth, tactical solutions for your IT and operations teams, this must
attend Summit will feature industry experts and key association think-tank
leaders presenting
solutions on how to expose risk, minimize liability and maintain compliance in
an environment of continual "HIT change." Save an extra $200.00 off
the current rate with code BFX997 (not applicable on gov't rate). To
register, contact us at 800-767-9499.
Read More...
|
|
Why a HIPAA Survival Guide?
|
The following is a paraphrased version of the introduction to the HIPAA Survival Guide (HSG):
This Survival Guide attempts a "forest from the trees" overview of the HIPAA Privacy and Security rules. The genesis of these rules is covered in the Background section of this document. The HSG only targets a subset of covered
entities, namely providers.
Furthermore, the guide focuses mostly on
small providers, since this group will clearly be the most challenged by new laws and
regulations, especially if their baseline understanding of HIPAA is lacking.
After writing the guide, we (see author bios) decided to launch an online version to make it more accessible to the wider community. The online version has indeed received a fair amount of traction as a reference tool, and we continue to use it ourselves for this very reason.
Read More...
|
|
Join Our Mailing List
|
|
Interested in staying current on HITECH / HIPAA compliance issues? Click the join our list link above and receive your own copy of the newsletter on the first business day of each month.
Please feel free to share the newsletter with colleagues that might find the information of use.
|
|
Announcement
|
 The authors of the HIPAA Survival Guide will be presenting at the World Health Care Congress Leadership Summit on HITECH and HIPAA Compliance Management for Providers (see left sidebar for more information).
The title of our presentation is: "Meaningful Use Under HITECH: Why HIPAA is No Longer a Paper Tiger"
We encourage you attend this event and quickly get up to speed on the latest HITECH/HIPAA compliance issues. Changes in the healthcare industry are happening at a furious pace. Most providers and facilities are ill prepared for these changes. Take this opportunity to get information on HITECH/HIPAA best practices and on avoiding the hidden pain points.
If you would like to follow the authors' blogs click here and here. Also, if you plan to attend the conference we would enjoy meeting you. Please stop by after our presentation and say hello.
|
|
HITECH/HIPAA and Meaningful Use: Part II
|
 As a practical matter (i.e. as opposed to a question of law),
compliance exists along a continuum; this is the tension that almost
always exists between rule and reality. A simple but effective way to
illustrate this continuum is shown above. Obviously, the further along you are on the continuum, the better your
"good faith" legal argument becomes, if/when you may be required to
articulate one.
The diagrams that follow (click on Read More... below) illustrate some of the key concepts that must be
incorporated into any HITECH/HIPAA compliance strategy, and
moreover, these concepts apply in general to an EHR implementation as well, since under HITECH policy, law and technology are all converging.
EHR & HITECH/HIPAA: Mother of Wicked Problems?
OK, it is not quite like solving world hunger, but for the reasons discussed here, the implementation of an EHR that meets the meaningful use requirements (including full compliance with HITECH/HIPAA) is a non-trivial problem. Old waterfall methodologies are not going to get the job done. Therefore, the healthcare industry will be forced to become agile; a challenge that it may not be quite prepared for.
In
essence, the key concepts mostly represent the "soft" aspects of an
EHR/compliance strategy, that is, those that have nothing directly to do with
law or technology per se, but everything to do with enabling success. As Tom Peters has consistently said: the soft stuff is the hard stuff. In short, while consultants, software vendors, and other gurus come in with grand visions, things often get messy real quick on the ground.
Providers and facilities will gravitate toward legacy methodologies that no longer apply. Solving wicked problems
is a different kind of endeavor. The healthcare industry will need to
look outside of itself and borrow knowledge and lessons learned from
other industries in order to succeed. It took the software industry decades to understand
that software development was a wicked problem and therefore, unlike
bridge building, a different set of methodologies were required.
As you review these concepts, keep in mind that they are not presented as light reading, but rather as reference material that you can review as required. These concepts may not seem obvious at first; in fact they are likely to appear quite the opposite. However, the intent is to get readers thinking with an expanded view in mind, in order to more effectively ask relevant questions later.
There are no "silver bullet" solutions, only some methods that work better than others. No two implementations across providers or facilities will be the same. Why? Because the problem is mostly people and process centric, and by definition these differ across organizations.
Practical HITECH/HIPAA Compliance Guidance Going Forward?
Once you have a minimum basic understanding of the complexity involved, the article then shifts focus to offering practical compliance guidance going forward. In short, a methodology will be suggested that hopefully allows organizations to bring order to the chaos, instead of being consumed by it.
By now most of the healthcare industry has heard of EHR disasters, soon there will be stories of HITECH/HIPAA compliance disasters. Technology/compliance disasters occur in all complex initiatives (e.g. eDiscovery, SAP, CRM, etc.) and across all industries. These failures often occur for similar reasons: people and process issues are ignored or poorly managed.
Read More ...
|
|
About Us
|
|
We help
companies safely and securely do business on the web, in accordance
with applicable law. How? By helping them reduce risk. Privacy and
security compliance issues are merely a subset of legal issues that
online businesses face. This is equally true for eCommerce sites as it
is for healthcare providers, facilities, and vendors.
We take a partnering and collaborative approach in our legal practice.
If you would like to see specific topics covered in this newsletter then please let us know.
Sincerely,
|
|
|
