Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HITECH / HIPAA Newsletter December 2013 Archive


HIPAA Compliance is a Team Sport:  Is your team Omnibus Rule ready?

 December  2013 Issue No.  48
In this Issue
Products now available in the HSG Store
Launching a HIPAA Risk Management Compliance ProgramIPAA Compliance Program.
HITECH Switch OnProducts now available in the HSG Store. 


HIPAA Breach Notification Framework 

Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.

  

 Buy Now...  

  

 

Business Associate Agreement: a HITECH Ready Model Contract

Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract. 

Buy Now...

The Security Rule Under HITECH:
a Business Associate Perspective
First Edition

The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.

Buy Now...

HIPAA Core Training Combo

This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH  Training Module and the HITECH and HIPAA Compliant  Training Module all in one Combo Package.  Buy all 4 for a little more than than the price of 3

 Buy Now...
tr>
Quick Links
Join Our Mailing List
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.

Other Resources
HIPAA Survival Guide Subscription Plan
HIPAA Survival Guide Subscription Plan

Cloud, Social Media, and Mobile Checklist Product Overview
Cloud, Social Media, and Mobile Checklist Product Overview
Business Associate Agreement Product Overview
Business Associate Agreement Product Overview
HIPAA / HITECH Core Training Product Overview
HIPAA / HITECH Core Training Product Overview
Privacy Rule Checklist Product Overview
Privacy Rule Checklist Product Overview
Breach Notification Framework Product Overview
Breach Notification Framework Product Overview

HSG Logo 
 
Dear Carlos,

Welcome to our December 2013 HIPAA Compliance Newsletter.  

 

Our article this month is entitled:  Launching a HIPAA Risk Management Compliance Program

 

This article discusses the Security Rule's ("SR") requirement for establishing a Risk Management compliance program. Risk Management is the process used to identify and implement security measures to reduce  risk to reasonable and appropriate levels within your organization. It is based on your organization's unique operational environment.  

 

The measures implemented to comply with this SR specification must also allow your organization to comply with §164.306(a) of the SR (i.e. the "General Rules"). Your organization will want to ensure that your Risk Management strategy takes into account the unique characteristics of your operational environment, including the "flexibility factors" in §164.306(b)(2). These factors will help your organization determine what security controls are "reasonable and appropriate."

 

HIPAA Survival Guide Subscription Plan
HIPAA Survival Guide Subscription Plan

 

FREE Webinar: Launching A HIPAA Risk Management Program 

 

Webinar Description

 

This webinar will discuss the steps required in order to launch an effective HIPAA Risk Management compliance program.

 

Date/Time

 

Wednesday, December 11, 2013 2:00 PM - 3:30 PM EDT

 

Registration

 

Click here to register.

 

We are pleased to announce the availability of our Risk Assessment Training Module on the HSG Store! You can purchase it stand alone for $179.95 or purchase it as part of our Subscription Plan.

 

2400 Hipaa Risk Assessment Training  Omnibus Rule Ready
 

HIPAA Risk Assessment Training - Our HIPAA Risk Assessment Training Module gets you up to speed on the mandatory HIPAA Security Rule's Risk Assessment implementation specification. 

 

A Risk Assessment is required to comply with the HIPAA Security Rule and also to comply with Meaningful Use Stage I's Core Objective 15 and attestation. 

 

A Risk Assessment is foundational to your HIPAA Security Rule compliance initiative and your Organization could be found in "willful neglect" if you ignore this requirement.

HSG Announcements
Webtones PointerIn addition to our commercial-off-the-shelf training products, we now offer training customized for your organization through our partnership with the Digital Business Law Group. We recognize that some organizations, including business associates, have a need for HIPAA / HITECH training tailored to their specific needs (click here or on the image below to get more information).
 
HIPAA Training  

 

Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape. 

Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below.  If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.  
Twitter

Become a Fan
Follow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos.



Main_Article 
Webtones Pointer This article discusses the Security Rule's ("SR") requirement for establishing a Risk Management compliance program. Risk Management is the process used to identify and implement security measures to reduce  risk to reasonable and appropriate levels within your organization. It is based on your organization's unique operational environment.  

 

The measures implemented to comply with this SR specification must also allow your organization to comply with §164.306(a) of the SR (i.e. the "General Rules"). Your organization will want to ensure that your Risk Management strategy takes into account the unique characteristics of your operational environment, including the "flexibility factors" in §164.306(b)(2). These factors will help your organization determine what security controls are "reasonable and appropriate." 

HITECH / HIPAA NewsletterSteps in a Risk Management Program?  


We have elected to modify a Risk Management framework ("RMF") proposed by NIST in order
to illustrate that Risk Management is an iterative and recursive process. The steps in our RMF
are as follows:
  1. Assess: Gather information.
  2. Simplify: Take the information gathered and organize it to reduce complexity.
  3. Protect: Implement the security controls required in order to reduce Risks.
  4. Monitor: Continuous review of your operational environment in order to ensure risks are reduced and/or eliminated as anticipated.
  5. Report: Demonstrate that your Risk Management strategy is having its desired effect.
  6. Repeat: Repeat these steps as often as changes in your operational environment and/or changes in applicable law dictate.
Step 1 in the RMF ("Assess") encompasses the Risk Analysis/Assessment specification that was the topic of last month's article.
 

Key Contract Sections Additional Steps in a Risk Management Program? 

 

Step 2 assumes that the Assess step of the RMF has already been completed, either because this is your organization's baseline (i.e. first) execution or because a change in your operational environment has mandated that you re-execute the RMF.

 

About Us
HITECH Puzzles3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.

We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.


Carlos Leyva, CEO
3Lions Publishing, Inc.
(800) 516-7903

 

Contact us today

CLICK HERE!