Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HITECH / HIPAA Newsletter March 2013


HITECH Act Compliance is a Team Sport:  Is your team HITECH ready?

 March 2013 Issue No. 39
In this Issue
Products now available in the HSG Store
HIPAA Cloud Storage: Why Microsoft's Office 365 Announcement is a Big Deal?
HITECH Switch OnProducts now available in the HSG Store. 


HIPAA Breach Notification Framework 

Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.

 

 Buy Now...  

 

 

Business Associate Agreement: a HITECH Ready Model Contract

Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract. 

Buy Now...

The Security Rule Under HITECH:
a Business Associate Perspective
First Edition

The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.

Buy Now...

HIPAA Core Training Combo

This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH  Training Module and the HITECH and HIPAA Compliant  Training Module all in one Combo Package.  Buy all 4 for a little more than than the price of 3

 Buy Now...
Quick Links
HIPAA Survival Guide Videos
Join Our Mailing List
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.

Other Resources

HIPAA Cloud, Social Media, and Mobile Checklist
HIPAA Cloud, Social Media, and Mobile Checklist
Business Associate Agreement
Business Associate Agreement
HITECH / HIPAA Core Training Modules Overview
HITECH / HIPAA Core Training Modules Overview

HIPAA Privacy Rule Checklist Product Overview
HIPAA Privacy Rule Checklist Product Overview

HITECH Breach Notification Framework Overview
HITECH Breach Notification Framework Overview

HSG Logo 
 
Dear Carlos,

Welcome to our March 2013 HITECH / HIPAA Compliance Newsletter.  

 

Our article this month is entitled: HIPAA Cloud Storage: Why Microsoft's Office 365 Announcement is a Big Deal?

 The reluctance of "big name" cloud storage vendors (e.g. Amazon, Google, and almost every other market participant that we are aware of) to enter into a Business Associate Agreement ("BAA") with a covered entity ("CE") or a business associate ("BA") certainly has put a damper on the healthcare industry's move to the public cloud. Any PHI stored on any vendor's cloud offering requires a BAA. Without one, the CE or BA would be in "gross violation" of the HIPAA Rules and risk exposure to a significant fine.

 

 

We are pleased to announce the availability of the HIPAA Survival Guide Fourth Edition.

 

HSG Fourth Edition
 
Omnibus Rule Ready
 
We expect to have all of our products Omnibus Rule Ready on or before March 15, 2013. Look for a Product Announcement to that effect (and a special offer of customers and readers). We will also be launching our Subscription Model at the same time. 

 

Key Contract Sections The Fourth Edition of the HIPAA Survival Guide  updates the Third Edition of the Guide with the recent Omnibus Rule modifications. This product is now available on the HSG Store.

 

The Omnibus Rule modifications are placed contextually throughout the Guide depending on the part of the Rules modified. All regulatory links in the Fourth Edition point to the the Omnibus Rule Ready regulations on the HIPAA Survival Guide website.

 

The Fourth Edition also comes with a rigorous and detailed summary of the HHS Omnibus Rule. The summary reduces the 500 pages contained in the Rule to a manageable number of pages, providing you only the essence of what was modified. In short, "news you can use." 

 

The HITECH Act has indeed proven to be transformational. The Fourth Edition of the Guide is foundational to your understanding of the Rules going forward. Accept no substitute. 

 
HSG Announcements
Webtones PointerIn addition to our commercial-off-the-shelf training products, we now offer training customized for your organization through our partnership with the Digital Business Law Group. We recognize that some organizations, including business associates, have a need for HIPAA / HITECH training tailored to their specific needs (click here or on the image below to get more information).
 
HIPAA Training  

 

Our EHR Library remains one of our most popular downloads. Here you will find content that will help you select the right EHR package for your practice or facility and other useful EHR collateral.
 
HITECH Switch On  

 

Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape. 

Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below.  If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.  
Twitter

Become a Fan
Follow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos.




Advertising Opportunities
HSG is now welcoming advertisers to help support one of the most comprehensive and usable HITECH / HIPAA sites on the Internet. Our audience continues to grow as healthcare providers and business associates, both large and small, return to HSG again and again.
Main_Article Cloud Storage: Why Microsoft's Office 365 Announcement is a Big Deal?
Webtones Pointer 

The reluctance of "big name" cloud storage vendors (e.g. Amazon, Google, and almost every other market participant that we are aware of) to enter into a Business Associate Agreement ("BAA") with a covered entity ("CE") or a business associate ("BA") certainly has put a damper on the healthcare industry's move to the public cloud. Any PHI stored on any vendor's cloud offering requires a BAA. Without one, the CE or BA would be in "gross violation" of the HIPAA Rules and risk exposure to a significant fine.

 

 A significant fine could be levied even if all the PHI stored on the vendor's cloud were encrypted as per HHS guidance (i.e. encrypted in a way that allow the CE or BA to qualify for the breach notification safe harbor). In its Omnibus Rule commentary, HHS made it perfectly clear that it considered ALL entities that "store or maintain" PHI on behalf of a CE or BA as requiring a BAA. These do not qualify for the "conduit exception" (i.e. where the PHI in question is merely "passing through the pipe" like at an ISP). 

 

HITECH / HIPAA NewsletterMicrosoft's Office 365 Announcement? 


Microsoft's Office 365 Announcement regarding its willingness to enter into a BAA is apparently not a new development, back in December of 2011 
Dennis Schmuland MD FAAFP, Chief Health Strategy Officer, U.S. Health & Life Sciences for Microsoft, stated that HIPAA compliance was a big move for the cloud services suite: 

Why is this such a monumental step in our commitment to the health industry?  Because communication and collaboration is the lifeblood of the health industry and Office 365 makes it easier for people and teams to be efficient and productive anytime and anywhere.  By embedding HIPAA privacy and security capabilities in Office 365, Microsoft is enabling health organizations to confidently empower their staff to communicate and collaborate anytime, anywhere and substantially lower their IT operating costs.

So although Microsoft's willingness to enter into a BAA for Office 365 is not new, large heatlhcare stakeholders like the Texas Department of Information Resources taking them up on it is.
 
Key Contract Sections Microsoft is Walking the Talk

Microsoft is doing a lot more than simply making announcement, it is showing once again that it understands the enterprise better than its rivals. While Amazon, Google, Apple and others focus on the consumer spend, Microsoft is placing a bet that the "enterprise spend" is where the lion's share of its future lies. Along those lines it has acquired ISO 27001 certification and taken other steps to that send a message of confidence to the healthcare industry.
 
About Us
HITECH Puzzles3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.

We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.


Carlos Leyva, CEO
3Lions Publishing, Inc.
(800) 516-7903


Contact us today

CLICK HERE!