Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HITECH / HIPAA Newsletter September 2014 Archive


HIPAA Compliance is a Team Sport:  Is your team Omnibus Rule ready?

 September  2014 Issue No.  57
In this Issue
Products now available in the HSG Store
HIPAA Audits: Why all the mystery?
HITECH Switch OnProducts now available in the HSG Store. 


HIPAA Breach Notification Framework 

Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.

  

Buy Now...  


 

Business Associate Agreement: a HITECH Ready Model Contract

Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract. 

Buy Now...

The Security Rule Checklist

Our HIPAA Security Rule Checklist ("Checklist") is intended to deliver step-by-step guidance, including suggested policies, processes, and tracking mechanisms that will allow you to make sense out of this complex terrain. It is intended as a knowledge transfer vehicle that allows you to derive the HIPAA Security Rule compliance solution that works best within your organization. Our Checklist will "walk you through" the relevant statutory / regulatory sections of the HIPAA Security Rule, highlighting the policies, processes and tracking mechanisms required at a granular level. 

Buy Now...

HIPAA Core Training Combo

This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH  Training Module and the HITECH and HIPAA Compliant  Training Module all in one Combo Package.  Buy all 4 for a little more than than the price of 3

 Buy Now...
Quick Links
Join Our Mailing List
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.

Other Resources
HIPAA Survival Guide Subscription Plan
HIPAA Survival Guide Subscription Plan

Cloud, Social Media, and Mobile Checklist Product Overview
Cloud, Social Media, and Mobile Checklist Product Overview
Business Associate Agreement Product Overview
Business Associate Agreement Product Overview
HIPAA / HITECH Core Training Product Overview
HIPAA / HITECH Core Training Product Overview
Privacy Rule Checklist Product Overview
Privacy Rule Checklist Product Overview
Breach Notification Framework Product Overview
Breach Notification Framework Product Overview

HSG Logo 
 
Dear Carlos,

Welcome to our September 2014 HIPAA Compliance Newsletter.  

   

Our article this month is entitled:   HIPAA Audits: Why all the Mystery?

 

This article discusses what to expect during a HIPAA audit. For the longest time HIPAA compliance professionals have approached a "HIPAA Audit" as if it were some kind of mysterious exercise; where only a few "high priests" were actually in the know. Prior to theHITECH Act (i.e. at a time when HIPAA Audits were not mandatory), there was the now famous article about the forty-two (42) questions that you might be asked during a HIPAA Audit (i.e. that purportedly enlightened the "unwashed masses" of what you should really expect during this secret ritual). 

 

HIPAA Survival Guide Subscription Plan
HIPAA Survival Guide Subscription Plan

 

 

Title: HIPAA Audits: What you should Expect? 

 
Description: This webinar explores HIPAA's requirements found in the Privacy Rule, the Security Rule and the Breach Notification Rule pursuant to what you should expect in a HIPAA audit.
 

Date/Time

 

Thursday September 18, 2014 2:00 PM - 3:30 PM EDT

 

Get this event on your calendar! 

Registration
 
Click here to register.
HSG Announcements
Webtones PointerIn addition to our commercial-off-the-shelf training products, we now offer training customized for your organization through our partnership with the Digital Business Law Group. We recognize that some organizations, including business associates, have a need for HIPAA / HITECH training tailored to their specific needs (click here or on the image below to get more information).
 
HIPAA Training  

 

Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape. 

Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below.  If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.  
Twitter

Become a Fan
Follow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos.



Main_Article 

HIPAA Audits: Why all the mystery?  

 
Webtones Pointer For the longest time HIPAA compliance professionals have approached a "HIPAA Audit" as if it were some kind of mysterious exercise; where only a few "high priests" were actually in the know. Prior to the HITECH Act (i.e. at a time when HIPAA Audits were not mandatory), there was the now famous article about the forty-two (42) questions that you might be asked during a HIPAA Audit (i.e. that purportedly enlightened the "unwashed masses" of what you should really expect during this secret ritual). 
 
This, despite the fact that, prior to the HITECH Act, HIPAA was an unenforced paper tiger. The chances of an organization being audited was slim to none. The "dirty little secret" that the entire industry knew was that ALL that was required for compliance was your Notice of Privacy Practices ("NOPP"), perhaps some "feel good" training, and NOT much else. In short, because the vast majority of organizations were not making a good faith effort to comply, there was a great deal of mystery surrounding the regulations. The REAL FEAR was, OMG, what do we do if we are actually audited?
 
Even post the HITECH Act, the mystery has persisted, albeit to a lesser degree as more and more compliance professionals started becoming familiar with what the regulations actually said. You need not fear any longer, this article will reveal EXACTLY what you should expect during a HIPAA Audit. In fact, HHS already revealed this secret when it released its audit protocol.
    

HITECH / HIPAA NewsletterWhat's a HIPAA Audit?

 

A HIPAA Audit, to state the obvious, is when HHS (or an HHS designate) comes into a covered entity's (or business associate's) place of business (usually, although a "remote audit" is not out of the question) and verifies to what degree the organization is complying with HITECH/HIPAA. This might be as a result of three primary events: (1) you had a significant breach; (2) someone (usually a patient) filed a complaint with HHS and from the facts of the complaint HHS determines that your organization is likely in "willful neglect" (e.g. you refuse to give patients access to their PHI as CigNet did); or (3) you have randomly been selected for an audit, which under HITECH section 13411 are now mandatory, despite the fact that HHS has yet to announceme the methodology that will be used for audit selection.

Key Contract SectionsIt's All About Requirements? 

 

Did HHS reveal its "secret sauce" when it made its audit protocol public? NO! What HHS did was simply publish the compliance requirements already contained within: (1) the HIPAA Privacy Rule; (2) the HIPAA Security Rule; and (3) HITECH Breach Notification Rule. To those familiar with the Rules there was NOTHING new in the HHS audit protocol! Why? Because these are the requirements that have existed in the rules since the regulations first became law. All anyone ever needed to "grok"  what a HIPAA audit might consist of was to read the regulations and deduce/infer the requirements. That is ALL that HHS did when it published its audit protocol.

 

Read More...

About Us
HITECH Puzzles3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.

We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.


Carlos Leyva, CEO
3Lions Publishing, Inc.
(800) 516-7903

 
 

Contact us today

CLICK HERE!