Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HITECH / HIPAA Compliance Newsletter December 2011


HITECH Act Compliance is a Team Sport:  Is your team HITECH ready?

 December 2011 Issue No. 24
In This Issue
Products now available in the HSG Store
HIPAA Compliance: The Intersection of Privacy, Security, Mobile and Social Media?
In the News

OIG continues to announce  fraud enforcement actions at what appears to be an alarming rate.

______________________ 

 

November 17, 2011: 

 

U.S. Department of Justice

Houston Patient Recruiter Sentenced to 21 Months in Prison for Medicare Fraud Scheme Involving Claims of Hurricane Damage to Power Wheelchairs

 

U.S. Attorney; Northern District of California

Three Bay Area Residents Charged With Oxycodone Trafficking

 

U.S. Department of Justice

Fort Lauderdale, Fla.-Area Assisted Living Facility Manager Pleads Guilty to Fraud and Kickback Scheme 

 

November 16, 2011:

 

U.S. Attorney; District of New Jersey Three Others Sentenced for Scheme in Which More than 20,000 Patient Visits Were Conducted by Unqualified Individuals 

 

http://go.usa.gov/XRw

 

State Enforcement Actions Updated 

 

 http://go.usa.gov/0XM 

 

November 14, 2011:

 

U.S. Department of Justice

U.S. Attorney General Holder and Dominican Prosecutor General Jiménez Sign Agreement to Share $7.5 Million in Forfeited Assets as Countries Agree to Share Assets Forfeited in Medicare Fraud Case  

 

U.S. Department of Justice

Miami-Area Patient Recruiter Pleads Guilty to Fraud and Kickback Scheme 

 

U.S. Attorney; District of New Jersey Fugitive Returned From Pakistan after 13 Years Sentenced to Prison for 1997 Health Care Fraud   

 

U.S. Attorney; Southern District of Texas Former Houston Doctor Sentenced to Federal Prison 

 

U.S. Attorney; Western District of Washington South Sound Doctor Convicted Of Multiple Counts of Healthcare Fraud, Tax Crimes And Drug Distribution 

 

http://go.usa.gov/XRw 

HITECH Switch OnProducts now available in the HSG Store. 
We are also pleased to announce our Combo Package which includes:  
  1. Business Associate Agreement: HITECH Ready Model Contract
  2. Breach Notification Framework
  3. Breach Notification Policy
  4. The Security Rule Under HITECH: a Business Associate's Perspective
Save over $100.00 off the retail price. 

Buy Now...  

HIPAA Breach Notification Framework 

Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.

 

 Buy Now... 

 

Our HIPAA Breach Notification Policy

This policy implements section 13402 of the HITECH Act which requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. The policy was derived from our HIPAA Breach Notification Framework and is included as a FREE gift that product

 

Buy Now... 


Business Associate Agreement: a HITECH Ready Model Contract


Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract. 

Buy Now...

The Security Rule Under HITECH:
a Business Associate Perspective
First Edition

The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.

Buy Now...

HIPAA Survival Guide Third Edition

The Third Edition of the HIPAA Survival Guide updates various substantive text of the first two editions and adds completely new material. The HITECH Act has indeed proven to be transformational. In order to deal more effectively with its changing regulatory landscape we have decided to release an updated version available here and on Amazon's Kindle platform.

Buy Now...


Quick Links
HIPAA Lawyer
Join Our Mailing List
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.

Other Resources

HSG Logo 
 
Dear Reader,

Welcome to the December 2011 HITECH / HIPAA Compliance Newsletter. In the month of December we have two FREE webinars to announce.

 

FREE WEBINAR: What does "Meaningful Use" really mean?

 

So you acquired an EHR (Electronic Health Records) platform and now want to submit your information to CMS (Centers for Medicare and Medicaid Services)  so you can receive a Government Payment for your endeavors. That is great news. However, there are some pitfalls you need to be aware of when doing so.

There are 15 Core Requirements that you need to comply with. In this webinar we will discuss the basics and share some tips on how to address article 15.

 

Date: December 7, 2011. 

Time: 2:00 to 3:30 EST. 

To register CLICK HERE

 

 

FREE WEBINAR: HIPAA Privacy Rule Under HITECH 

 

Our HIPAA Privacy Rule Under HITECH Webinar will help get you up to speed on how the HITECH Act has impacted the HIPAA Privacy Rule and how marketplace trends are impacting it as well. We walk you through the Privacy Rule and discuss the effect that the HITECH Act has had under three major sections: 1) uses and disclosures of PHI contained in sections §164.502 through §164.514; 2) the Patient's Bill of Rights contained in sections §164.520 through §164.528; and 3) the Administrative Requirements contained in Section §164.530.

 

Date: December 13, 2011. 

Time: 2:00 to 3:30 EST. 

To register CLICK HERE.  

 

Additional training products now available on the HSG Store.

 

The featured article this month is entitled HIPAA Compliance: The Intersection of Privacy, Security, Mobile and Social Media?

 

This article explores the use of social media and mobile devices in the healthcare industry and the potential risks associated with such rampant use. It is not a question of whether or not covered entities ("CEs") should engage in this type of use, the fact of the matter is that they are doing so in large numbers. This phenomenon is not about to stop anytime soon, nor should it. Social media and mobile devices provide CEs with a way to engage their patients in a manner that allows CEs to differentiate their offerings in an increasingly more competitive marketplace.  

HITECH / HIPAA Newsletter 

 

HSG Announcements
HSG Logo 

 

Our EHR Library remains one of our most popular downloads. Here you will find content that will help you select the right EHR package for your practice or facility and other useful EHR collateral.
 
HITECH Switch On  
 
Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape. 

Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below.  If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.  
Twitter

Become a Fan
Follow us on FaceBook by becoming a fan of the guide. Also, be sure to check out our HITECH Videos.




Advertising Opportunities
HSG is now welcoming advertisers to help support one of the most comprehensive and usable HITECH / HIPAA sites on the Internet. Our audience continues to grow as healthcare providers and business associates, both large and small, return to HSG again and again.
Main_Article
HIPAA Compliance: The Intersection of Privacy, Security, Mobile and Social Media?
Webtones PointerThis article explores the use of social media and mobile devices in the healthcare industry and the potential risks associated with such rampant use. It is not a question of whether or not covered entities ("CEs") should engage in this type of use, the fact of the matter is that they are already doing so in large numbers. This phenomenon is not about to stop anytime soon, nor should it. Social media and mobile devices provide CEs with a way to engage their patients in a manner that allows CEs to differentiate their offerings in an increasingly more competitive marketplace.

The real question is how to allow for such use in a manner that complies with the HIPAA Privacy Rule, the HIPAA Security Rule, and at the same time does not expose the CE or its business associate ("BA") to potentially huge PHI data breach liability. For example, there are instances where nurses have been fired for posting cell phone photos of patients on the Internet (clearly a HIPAA violation). These social media nurse firings are not nearly as isolated as one might think (see here and here). 

Apparently it's either feast or famine with respect to IT usage in healthcare. Prior to the HITECH Act an objective observer would have questioned whether healthcare information technology had made it into 21st century. Now Twitter, Facebook, the Cloud, the iPhone, the iPad (name your phone and tablet of choice) and EHRs have forever changed all of that. It's game on! However, the patient (i.e. the CE) needs an intervention before unintended consequences force a timeout early in the first quarter.

The "timeout" is likely to occur due to an economically disastrous breach resulting from unauthorized access to thousands of unprotected patient records on a smartphone or other mobile device.

What do the doctors say?    
HITECH / HIPAA NewsletterThere are many forward thinking doctors, especially the new media types, that are clearly aware of the issues and generally provide sage privacy and security advice to their colleagues. However,  there are other clinicians (including nurses and other staff) that are now power users of mobile devices and social media but have far less appreciation of the privacy, security and reputation risks, and therefore, the potential harm that could be done to their respective organizations.

     

Why Social Media and Mobile Use Cases Matter?

Key Contract SectionsIt's a question of training. Simply telling staff that "if you wouldn't say it on an elevator then don't say it using social media" is NOT enough. Why? Because the context and the use cases are radically different. For example, now almost everyone is accustomed to taking photos with their phones. It feels like a "natural" thing to do, but it is obviously a HIPAA violation if the person you are taking a photo of is a patient and did not consent. Even if the patient consents to the photo, he/she clearly didn't consent to posting it on Facebook.

 

Notice that there may not be any bad intent here at all. Perhaps the staff member simply wanted to share a positive interaction with a patient. The bottom line is that these use cases should be expressly discussed during training. Don't rely on the staff member making the connection between hospital elevator talk and posting a photo on Facebook.

  

Read more...

 

About Us
HITECH Puzzles3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.

We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.


Carlos Leyva, CEO
3Lions Publishing, Inc.


 

Contact us today

CLICK HERE!