Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HITECH / HIPAA Newsletter June 2013 Archive


HITECH Act Compliance is a Team Sport:  Is your team Omnibus Rule ready?

 June 2013 Issue No.  42
In this Issue
Products now available in the HSG Store
The HHS Omnibus Rule: HIPAA Myth Making Continues
HITECH Switch OnProducts now available in the HSG Store. 


HIPAA Breach Notification Framework 

Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.

 

 Buy Now...  

 

 

Business Associate Agreement: a HITECH Ready Model Contract

Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract. 

Buy Now...

The Security Rule Under HITECH:
a Business Associate Perspective
First Edition

The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.

Buy Now...

HIPAA Core Training Combo

This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH  Training Module and the HITECH and HIPAA Compliant  Training Module all in one Combo Package.  Buy all 4 for a little more than than the price of 3

 Buy Now...
Quick Links

Join Our Mailing List
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.

Other Resources
HIPAA Survival Guide Store Overview
HIPAA Survival Guide Store Overview

Cloud, Social Media, and Mobile Checklist Product Overview
Cloud, Social Media, and Mobile Checklist Product Overview
Business Associate Agreement Product Overview
Business Associate Agreement Product Overview
HIPAA / HITECH Core Training Product Overview
HIPAA / HITECH Core Training Product Overview
Privacy Rule Checklist Product Overview
Privacy Rule Checklist Product Overview
Breach Notification Framework Product Overview
Breach Notification Framework Product Overview

HSG Logo 
 
Dear Carlos,

Welcome to our June 2013 HITECH / HIPAA Compliance Newsletter.  

 

Our article this month is entitled: The HHS Omnibus Rule: HIPAA Myth Making Continues.

 

This article provides insight as to why HIPAA myths continue to perpetuate and what you can do ensure that you are getting quality guidance. It is somewhat surprising that a law, and a corresponding set of regulations, that have been around for so long remain so widely misunderstood. To an outsider looking in for the first time it is likely far from obvious why the healthcare industry lags in privacy and security compliance (e.g. vis-a-vis other industries such as financial services) despite the fact that privacy and security are now "front and center" national security issues. Why such an enormous disconnect in best practices across industries?

 

HSG Subscription Plan Front Cover We are pleased to announce Release 1.0 of our Subscription Service which is available for purchase in our new HIPAA Survival Guide Store along with our suite of Omnibus Rule Ready™ products. Our product suite has been updated to reflect Omnibus Rule modifications.

 

Our Subscription Service and products ("Products") provide policies, processes, and tracking mechanisms to help covered entities and business associates deliver visible, demonstrable evidence of HIPAA compliance. The HIPAA Rules tell you what is required in order to comply; our Products provide best practice step-by-step guidance that helps you meet your compliance objectives.

HSG Announcements
Webtones PointerIn addition to our commercial-off-the-shelf training products, we now offer training customized for your organization through our partnership with the Digital Business Law Group. We recognize that some organizations, including business associates, have a need for HIPAA / HITECH training tailored to their specific needs (click here or on the image below to get more information).
 
HIPAA Training  

 

Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape. 

Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below.  If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.  
Twitter

Become a Fan
Follow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos.




Advertising Opportunities
HSG is now welcoming advertisers to help support one of the most comprehensive and usable HITECH / HIPAA sites on the Internet. Our audience continues to grow as healthcare providers and business associates, both large and small, return to HSG again and again.
Main_Article The HHS Omnibus Rule: HIPAA Myth Making Continues.
Webtones Pointer This article provides insight as to why HIPAA myths continue to perpetuate and what you can do ensure that you are getting quality guidance. It is somewhat surprising that a law, and a corresponding set of regulations, that have been around for so long remain so widely misunderstood. To an outsider looking in for the first time it is likely far from obvious why the healthcare industry lags in privacy and security compliance (e.g. vis-a-vis other industries such as financial services) despite the fact that privacy and security are now "front and center" national security issues. Why such an enormous disconnect in best practices across industries?

 

The approach we take in the article is to use the recently promulgated Omnibus Rule as prism for looking at HIPAA myth making.

 

HITECH / HIPAA NewsletterThe HHS Omnibus Rule

 

The Omnibus Rule introduced very little that was new. The majority of the 500 plus pages of commentary and updated regulations (very little of the latter) were nothing more than conforming regulations to either previously promulgated interim final rules, or the final set of conforming regulations pursuant to the HITECH Act. It is the latter that has caused (and is causing) a sea change in HIPAA compliance and enforcement.
 
The HITECH Act is the driving force that underpins the Omnibus Rule. Most of what is discussed in the Omnibus Rule are HITECH-based regulations that have already been in place for several years now (e.g. the Interim Breach Notification and Enforcement Rules). Sure some of the regulations changed, but very little of it was substantive. 
 
The 180 days to comply with the Omnibus Rule is therefore misleading. It doesn't mean that you have 180 days to comply with Breach Notification regulations, you have been required to comply with these regulations for several years. It doesn't mean that you won't get "whacked" with HITECH's stiffer penalties. Nope, those have in place for a couple of years now as well. 
 
Many HIPAA stakeholders reacted as if the Omnibus Rule had turned their view of HIPAA compliance "upside down." Well, that may be true, but only if you have been asleep at the wheel for the last three years. Why so much confusion? That's the question we attempt to answer. This article is not about the Omnibus Rule per se. We use the rule to explore HIPAA myths and myth makers.
  

Key Contract SectionsMyths and Myth Makers?

 

This article explores reasons why HIPAA myth making perpetuates including:

  1. The healthcare industry's "hair is on fire" with 150 years of change compressed into five.
  2. Prior to the HITECH Act, HIPAA, the "dirty little secret" of the healthcare industry that most insiders knew was that HIPAA was an unenforced paper tiger; something to pay lip service to but clearly not something that the executive team paid attent to.
  3. The healthcare industry is run by superstar cowboys (and some cowgirls) brilliant and self-reliant individualists by training that don't always play nice with other children. 
Read More...
About Us
HITECH Puzzles3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.

We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.


Carlos Leyva, CEO
3Lions Publishing, Inc.
(800) 516-7903


Contact us today

CLICK HERE!