Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HITECH / HIPAA Newsletter February 2013

HITECH Act Compliance is a Team Sport:  Is your team HITECH ready?

 February 2013 Issue No. 38
In this Issue
Products now available in the HSG Store
HITECH/HIPAA: HHS Omnibus Rule Review.
HITECH Switch OnProducts now available in the HSG Store. 

HIPAA Breach Notification Framework 

Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.


 Buy Now...  



Business Associate Agreement: a HITECH Ready Model Contract

Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract. 

Buy Now...

The Security Rule Under HITECH:
a Business Associate Perspective
First Edition

The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.

Buy Now...

HIPAA Core Training Combo

This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH  Training Module and the HITECH and HIPAA Compliant  Training Module all in one Combo Package.  Buy all 4 for a little more than than the price of 3

 Buy Now...
Quick Links
HIPAA Survival Guide Videos
Join Our Mailing List
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.

Other Resources

HIPAA Cloud, Social Media, and Mobile Checklist
HIPAA Cloud, Social Media, and Mobile Checklist
Business Associate Agreement
Business Associate Agreement
HITECH / HIPAA Core Training Modules Overview
HITECH / HIPAA Core Training Modules Overview

HIPAA Privacy Rule Checklist Product Overview
HIPAA Privacy Rule Checklist Product Overview

HITECH Breach Notification Framework Overview
HITECH Breach Notification Framework Overview

HSG Logo 
Dear Carlos,

Welcome to our February 2013 HITECH / HIPAA Compliance Newsletter.  


The featured article this month is entitled: HITECH/HIPAA: HHS Omnibus Rule Review.  We have argued that the HHS Omnibus Rule ("the Rule") is neither a "Tweak" or "Sweeping Reform." There is far too much substantive law included in the Rule for it to be characterized as the former. It also cannot be characterized as the latter/ However the HITECH Act WAS sweeping and, for the most part, the Rule is simply HITECH-izing the Privacy Rule, the Security Rule, the Breach Notification Rule, and the Enforcement Rule.


FREE WEBINAR:  HITECH/HIPAA 2013: Why Mobile is the Hot Compliance Issue?


Date: Tuesday, February 5th 
Time: 3:30pm-4:30pm EDT



CSMMFrontCoverThumbNail The HIPAA Survival Guide is pleased to announce that our Cloud, Social Media and Mobile Checklist is now available on the HSG Store HITECH / HIPAA Newsletter 
HSG Announcements
Webtones PointerIn addition to our commercial-off-the-shelf training products, we now offer training customized for your organization through our partnership with the Digital Business Law Group. We recognize that some organizations, including business associates, have a need for HIPAA / HITECH training tailored to their specific needs (click here or on the image below to get more information).
HIPAA Training  


Our EHR Library remains one of our most popular downloads. Here you will find content that will help you select the right EHR package for your practice or facility and other useful EHR collateral.
HITECH Switch On  


Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape. 

Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below.  If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.  

Become a Fan
Follow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos.

Advertising Opportunities
HSG is now welcoming advertisers to help support one of the most comprehensive and usable HITECH / HIPAA sites on the Internet. Our audience continues to grow as healthcare providers and business associates, both large and small, return to HSG again and again.
Main_Article  HITECH/HIPAA: HHS Omnibus Rule Review.
Webtones Pointer 

We have argued that the HHS Omnibus Rule ("the Rule") is neither a "Tweak" or "Sweeping Reform." There is far too much substantive law included in the Rule for it to be characterized as the former. It also cannot be characterized as the latter/ However the HITECH Act WAS sweeping and, for the most part, the Rule is simply HITECH-izing the Privacy Rule, the Security Rule, the Breach Notification Rule, and the Enforcement Rule.


Sure there are some "odds and ends" that deal with something other than these Rules, but that is a very small part. What is "sweeping" however, is the clarification and commentary that HHS has provided as part of the Final Rule. For the foreseeable future the PDF Version of the Rule will remain the goto place for HHS guidance on any number of issues. Although the next version of our FREE Newsletter will attempt to summarize the changes under the various Rules, there is simply no substitute for going to the source itself. 


HITECH / HIPAA NewsletterThe HHS Summary?

HHS summarized the over 500 pages of Omnibus Rule as follows:

This omnibus final rule is comprised of the following four final rules:

1. Final modifications to the HIPAA Privacy, Security, and Enforcement Rules mandated by the Health Information Technology for Economic and Clinical Health (HITECH) Act, and certain other modifications to improve the Rules,which were issued as a proposed rule on July 14, 2010. These modifications: 

a) Make business associates of covered entities directly liable for compliance with certain of the HIPAA Privacy and Security Rules' requirements.

b) Strengthen the limitations on the use and disclosure of protected health information for marketing and fundraising purposes, and prohibit the sale of protected health information without individual authorization.

c) Expand individuals' rights to receive electronic copies of their health information and to restrict disclosures to a health plan concerning treatment for which the individual has paid out of pocket in full.

d) Require modifications to, and redistribution of, a covered entity's notice of privacy practices.

e) Modify the individual authorization and other requirements to facilitate research and disclosure of child immunization proof to schools, and to enable access to decedent information by family members or others.

f) Adopt the additional HITECH Act enhancements to the Enforcement Rule not previously adopted in the October 30, 2009, interim final rule (referenced immediately below), such as the provisions addressing enforcement of noncompliance with the HIPAA Rules due to willful neglect.

2. Final rule adopting changes to the HIPAA Enforcement Rule to incorporate the increased and tiered civil money penalty structure provided by the HITECH Act, originally published as an interim final rule on October 30, 2009. 

3. Final rule on Breach Notification for Unsecured Protected Health Information under the HITECH Act, which replaces the breach notification rule's "harm" threshold with a more objective standard and supplants an interim final rule published on August 24, 2009.

4. Final rule modifying the HIPAA Privacy Rule as required by the Genetic Information Nondiscrimination Act (GINA) to prohibit most health plans from using or disclosing genetic information for underwriting purposes, which was published as a proposed rule on October 7, 2009.  

Key Contract Sections Although HHS presents an excellent summary at 100K feet, we will attempt a more detailed summary that gives you a look at the prominent changes under each rule. In addition the Full Omnibus Rule Text, as reflected in the updated Rules, is now available on the HIPAA Survival Guide. It is safe to say that "we aren't in Kansas anymore and this is not your daddy's HIPAA."
About Us
HITECH Puzzles3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.

We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.

Carlos Leyva, CEO
3Lions Publishing, Inc.
(800) 516-7903

Contact us today