Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HIPAA Compliance is a Team Sport:  Is your team HITECH ready?

  October 2009 Issue No. 3
In This Issue
World Health Care Congress Summit
Engaging Patients & Families
HITECH/HIPAA and Meaningful Use Part III
Featured Article
This month's featured article begins to provide the foundation for a HIPAA Security Rule ("SR") framework. An approach by which the SR can be "attacked" by providers of all sizes. Let's be clear, a framework is not a cookbook solution, those do not exist for wicked problems, but rather, its a kind of map of the territory. Going forward, we will be laser focused on developing various frameworks for meeting the challenges of the HITECH Act, and its transformational impact on the HIPAA Regulations. These frameworks are intended to move an organization forward on the compliance continuum.
The World Health Care Congress Leadership Summit on HITECH and HIPAA Compliance Management for Providers

November 9 - 10, 2009
Alexandria, VA
Presenting strategic frameworks for the C-Suite and in-depth, tactical solutions for your IT and operations teams, this must attend Summit will feature industry experts and key association think-tank leaders presenting solutions on how to expose risk, minimize liability and maintain compliance in an environment of continual "HIT change." Save an extra $200.00 off the current rate with code BFX997 (not applicable on gov't rate). To register, contact us at 800-767-9499.

The Value of Technology and the Internet for Improving Healthcare: Engaging Patients & Families
In 2004, the Internet was in its "infancy" with respect to "cloud computing" and reliable online healthcare information. And... electronic health records and telemedicine were only vague ideas on the horizon. Now these technologies are becoming mainstream. Both providers and patients want access to reliable healthcare information. A leading visionary in patient centric care summarized the issue both with eloquence and clarity:

"The cure of diseases is doubtless a matter of great importance; but the preservation of health is of still greater. This is the concern of every man, and surely what relates to it ought to be rendered as plain and obvious to all as possible."

This article's central theme is to tell a short story of where we have been and where we are likely to go with the use of healthcare information and technology. The intersection of policy, law and technology requires stakeholders to think holistically as Health 2.0 rolls out. HITECH now mandates, with the force of law, that privacy and security play a key role as providers and facilities implement the envisioned enabling technologies.

In short, privacy and security cannot be an after thought that we only let IT or administrators worry about. Furthermore, there are other legal touch points that providers must pay attention to that have nothing to do with HITECH/HIPAA, but rather have to do with doing business online/electronically. These issues will also be discussed where appropriate.


Quick Links
Join Our Mailing List
Interested in staying current on HITECH / HIPAA compliance issues? Click the join our list link above and receive your own copy of the newsletter on the first business day of each month.
Other Resources

DBLG Logo White
Dear Subscriber,

Welcome to the October 2009 HITECH/HIPAA Compliance Newsletter. The featured article this month is entitled: "HITECH/HIPAA and Meaningful Use Part III: Attacking the HIPAA Security Rule (Hug the Monster). It is the third in a series of featured articles over the next few months that will discuss the transformational impact that the HITECH Act is likely to have on HIPAA's regulatory environment.

The September Issue's featured article took a big picture view of what it is going to take to implement an effective EHR/HITECH/HIPAA compliance strategy. This month we are heading completely in the opposite direction. This issue also features a guest article by Deborah Leyva.

Deborah's article discusses the multiple (and often hidden) PHI "touch points" that providers will encounter as they move online. In addition, her article provides commentary regarding the legal/compliance issues related to this migration. The article is entitled: The Value of Technology and the Internet for Improving Healthcare: Engaging Patient & Families.

Compliance with HIPAA's Privacy and Security Rules is now part of HHS's "meaningful use" definition, which as a practical matter means that providers or facilities found to be non-HIPAA compliant may not get paid their electronic health record (EHR) incentives under the HITECH Act. That, coupled with HITECH's "improved HIPAA enforcement" regime, is likely to transform HIPAA from a paper tiger to legislation that is actively enforced.

Our focus from the outset has been to provide actionable information to our readers. In short, "news you can use." We are excited about the addition of various guest authors that we are lining up, but you will have to read to end of the featured article for more information.

We are now actively promoting what we believe to be is the best of breed HIPAA compliance tracking system ("CTS") on the market. We performed a significant amount of due diligence over the last couple of years and this is the one solution that is clearly ahead of the pack and economically priced to be within the reach of even the smallest covered entities and business associates. To see a demo of the product click here.

We are also pleased to announce the availability of our Breach Notification Framework. Section 13402 of the HITECH Act requires that HIPAA covered entities and their business associates provide various notifications following a breach of unsecured protected health information. Our Breach Notification Framework offers guidance for complying with HITECH's Breach Notification requirements.

Our EHR Library remains one of our most popular downloads. Here you will find content that will help you select the right EHR package for your practice or facility.
Contract DraftingWe continue to be excited regarding the marketplace feedback of our Business Associate Agreement: a HITECH Ready Model Contract (Buy Now). 

The HIPAA regulations and the HITECH Act mandate that a CE establish a written contract with a BA in a number of instances, including whenever a BA "manages" PHI on behalf of a CE. Our Model Contract includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links, where appropriate, to the relevant statutory/regulatory authority that underpins each Contract clause. 

Our Model Business Associate Contract, Roadmaps, and other offeringsare now available in the HSG Store.

HITECH / HIPAA Newsletter

If you would like to follow the authors' blogs click here and here. Also, if you plan to attend the conference we would enjoy meeting you. Please stop by after our presentation and say hello.
HITECH/HIPAA and Meaningful Use Part III: Attacking the HIPAA Security Rule (Hug the Monster)
Compliance Continuum
As mentioned in the introduction, the subtitle of Part III is: "Attacking the HIPAA Security Rule: Hug the Monster." We are using military metaphors because the Security Rule presents a completely different challenge than the Privacy Rule. It appears at first glance (and second, third, fourth glances as well) as a "military like" specification for cyber security. We would not be surprised if in fact that was where the substance of the rule originated.

There has not been much attention paid to the Security Rule for several reasons: 1) few providers have implemented EHRs; and 2) the previous HIPAA enforcement regime was essentially a paper tiger. The HITECH Act changes all that, providers now have very little choice other than to "hug the monster." The latter is a military term that means (more or less) when your survival is literally on the line you have to confront and acknowledge this reality before you can take meaningful steps to deal with it.

HITECH / HIPAA Newsletter

The Security Rule is so complex and daunting that we have decided to dedicate two featured articles to it in order to adequately provide the necessary foundation. There is likely no more significant public policy issue regarding the success of the proposed U.S. National Health Information Infrastructure than protecting the privacy and the security of the data contained within it.

This issue introduces the concept of a number of organizational frameworks that will be required in order to effectively cope with your EHR/HITECH/HIPAA initiatives. The framework concept was first introduced in this podcast that we did in collaboration with the World Health Congress.

We hope to add more multimedia content going forward. We understand that individuals vary in the manner by which they process and assimilate information. Often, the most clarity comes from seeing material presented via alternative forms.

We like to use "mind maps" for this reason, but also want to experiment with other tools. The HITECH Act and the HIPAA regulations are challenging, not only to understand, but to apply effectively. The HIPAA Security Rule is perhaps the canonical example of the complexity involved.

Read More ...

About Us
We help companies safely and securely do business on the web, in accordance with applicable law. How? By helping them reduce risk. Privacy and security compliance issues are merely a subset of legal issues that online businesses face. This is equally true for eCommerce sites as it is for healthcare providers, facilities, and vendors.

We take a partnering and collaborative approach in our legal practice.
If you would like to see specific topics covered in this newsletter then please let us know.

Contact us today