Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HITECH Act Compliance is a Team Sport:  Is your team HITECH ready?

 First Quarter 2011 Issue No. 16
In This Issue
HITECH Ready Business Associate Contract Now Available in the HSG Store
Ten Steps to Selecting the Right EHR Software
Featured Archived Article
September 2010's featured article was entitled Healthcare for the 21st Century, it's the architecture stupid. Because healthcare architecture and interoperability will be such important topics going forward, we have decided to feature this article in this month's newsletter as well. For a summary continue reading, otherwise to read the full article click here.

This article discusses a notion that has heretofore been mostly foreign to health information technology ("HIT") professionals let alone to healthcare executives.

The HITECH Act has engendered significant discussion regarding "interoperability." However the latter term is a concept that is critically dependent on the healthcare architecture that underpins it. Therefore, this article takes a broad look at the importance of architecture within healthcare and highlights the business significance of healthcare architecture to an organization's competitive advantage (large or small).

It should be clear by now to even casual observers of the U.S. healthcare industry that it is quickly evolving into something radically different than the status quo. In fact, it is no understatement to suggest that the disruption occurring within the industry is a tsunami of sorts, one that has far reaching implications. Although healthcare architecture is not a buzz word that you are accustomed to hearing, it will be.

Remember you read it here first. Also remember that there can be no meaningful discussion of healthcare architecture without including privacy and security in "virtually the same breadth."
HITECH Switch OnHITECH Ready Business Associate Contract & Compliance Roadmaps now available in the HSG Store.
Business Associate Agreement: a HITECH Ready Model Contract

The HIPAA regulations and the HITECH Act mandate that a CE establish a written contract with a BA in a number of instances, including whenever a BA "manages" PHI on behalf of a CE.

Our Model Contract includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links, where appropriate, to the relevant statutory/regulatory authority that underpins each Contract clause.

The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract. It can be used, with minor modifications, out-of-the-box, or as an educational tool to draft a customized version.

Buy Now...

The Security Rule Under HITECH:
a Business Associate Perspective
First Edition

The most important step for building a "good SR compliance story" is for the business associate to get started. The approach recommended herein is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. Getting started in the wrong direction initially could be far more costly in the long run, since much of the compliance budget may simply be wasted. The framework discussed throughout this document provides a good road map to follow.

Buy Now...

HIPAA Survival Guide Third Edition

The Third Edition of the HIPAA Survival Guide updates various substantive text of the first two editions and adds completely new material. The HITECH Act has indeed proven to be transformational. In order to deal more effectively with its changing regulatory landscape we have decided to release an updated version available here and on Amazon's Kindle platform.

Buy Now...

Quick Links
Join Our Mailing List/b>
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.

Also, if you are interested in "jumpstarting" your compliance efforts then check out the HSG Store. If you need to compare EHR software offerings click here and if you need a HITECH compliant data backup checklist click here.

Finally, interested in reducing costs and delivering more value to your patients? Then check out Info-Surge's patient engagement portal.
Other Resources

DBLG Logo White
Dear Carlos,

Welcome to the First Quarter 2011 HITECH / HIPAA Compliance Newsletter. The featured article this quarter is entitled: "Disruption in Compliance Governance:
Why the old governance model is DOA." This article addresses why the old approach to privacy and security compliance is woefully inadequate to meet the challenges of social/technological disruption occurring in healthcare and what should be done about it.

The first 15 issues of this newsletter covered significant ground with respect to specific challenges that lie ahead vis-a-vis HITECH / HIPAA compliance. Our archived newsletters can be found here. We have decided to start featuring an archived article in each quarterly issue in order to remind new readers that our previous issues are all available online.

This issue of the newsletter takes a more thematic approach in an attempt to describe the new environment that healthcare compliance initiatives will operate in (i.e. the context). Although subsequent issues will address the "just tell me what to do" practical needs of our readers through a discussion of various frameworks (e.g. breach notification), we felt it that it was important to discuss the organizational challenges that this new environment presents. In short, this issue focuses on the "forest" as opposed to the "trees." 

HITECH / HIPAA Newsletter
HSG Announcements
HITECH Survival Guide

We are now actively promoting what we believe to be the best of breed HIPAA compliance tracking system ("CTS") on the market. We performed a significant amount of due diligence over the last couple of years and this is the one solution that is clearly ahead of the pack and economically priced to be within the reach of even the smallest covered entities and business associates. To see a demo of the product clickhere.

We are also pleased to announce the availability of our Breach Notification Framework. Section 13402 of the HITECH Act requires that HIPAA covered entities and their business associates provide various notifications following a breach of unsecured protected health information. Our Breach Notification Framework offers guidance for complying with HITECH's Breach Notification requirements.

Our EHR Library remains one of our most popular downloads. Here you will find content that will help you select the right EHR package for your practice or facility.
Contract DraftingWe continue to be excited about the marketplace feedback of our Business Associate Agreement: a HITECH Ready Model Contract (Buy Now). 

The HIPAA regulations and the HITECH Act mandate that a covered entity establish a written contract with a business associate in a number of instances, including whenever a business associate "manages" PHI on behalf of a covered entity. Our Model Contract includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links, where appropriate, to the relevant statutory/regulatory authority that underpins each Contract clause. 

Our Model Business Associate Contract, Roadmaps, and other offerings are now available in the HSG Store

Stay Connected
Want to stay updated throughout the month then follow Debbie on Twitter by clicking on the badge below.  If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.


Become a Fan
Follow us on FaceBook by becoming a fan of the guide and support the HSG by purchasing some HSG Wearables. Also, be sure to check out our HITECH Videos.

Advertising Opportunities
HSG is now welcoming advertisersto help support one of the most comprehensive and usable HITECH / HIPAA sites on the Internet. Our audience continues to grow as healthcare providers, both large and small, return to HSG again and again.

HITECH Survival Guide Wordle  
Disruption in Compliance Governance: Why the old governance model is DOA.
Webtones PointerIf any reader still believes that the healthcare industry has not already been disrupted more in the last year then it has in the past fifty, with more disruption on the way in 2011, then you have simply been asleep at the wheel for all of 2010. Further, we have a news flash for you, it is no longer the government that is the most active agent in the disruption business, it's that scary (or holy, depending on your point of view) thing we call "the free market" that is driving the disruption

In short, huge corporations are investing billions of dollars with the hope of reaping the benefits of disruption. Forget what is going in Washington D.C., it pales in comparison to the tsunami of change that billions of investment dollars creates when unleashed upon the marketplace. Adding to this, and in part fueling it, is the fact that in the age of the global Internet, patients will no longer tolerate the healthcare industry's Luddite stance regarding EHRs in particular and technology in general. You can kiss those "good 'ole days" goodbye, they are gone forever (RIP).


This is not an argument that all will be "sweetness and light" with respect to the change the industry will undergo, but rather a statement of the obvious: the healthcare industry status quo has exploded into a million and one pieces and we are never going back. Privacy and security concerns regarding protected health information ("PHI") remain a mission critical component of healthcare's next iteration. The importance of privacy and security grows exponentially as the Nationwide Health Information Network ("NHIN") become more and more real with each passing day.

What does that mean to you if you are responsible for your organization's HITECH / HIPAA compliance initiative? It means that what you do today will be disrupted by all the technological changes surrounding you. Why? Because there is no way that the NHIN can survive without robust privacy and security governance baked in from the get go, and without a commitment from all market participants, which means you. It is not likely that the government is the entity to be feared the most, but rather the demands of the marketplace, and your organization's role in this ecosystem.

The reality is that, for all intents and purposes, the old governance model was pure fiction, because HIPAA was largely a paper tiger (i.e. un-enforced legislation). The healthcare industry clearly understood that this was the case. Sure the industry paid lip service to the Privacy Rule, but that response can hardly be construed as a governance model. Therefore, the challenge that the industry now faces, across stakeholders of all sizes, is to invent a model from whole cloth, with all the cultural and organizational challenges associated with same.


About Us
HITECH Puzzles We help companies safely and securely do business on the web, in accordance with applicable law. How? By helping them reduce risk. Privacy and security compliance issues are merely a subset of legal issues that online businesses face. This is equally true for eCommerce sites as it is for healthcare providers, facilities, and vendors.

We take a partnering and collaborative approach in our legal practice. If you would like to see specific topics covered in this newsletter then please let us know.

Carlos Leyva
Managing Shareholder
The Digital Business Law Group, P.A.


Contact us today