In the News
|
OIG continues to announce fraud enforcement actions at what appearsto be an alarming rate.
______________________
March 14, 2012
U.S. Department of Justice
Three Detroit-Area Clinic Owners
Plead Guilty for Their Roles in
$5.4 Million Medicare Fraud Scheme.
U.S. Attorney; Northern District of I
llinois Physician Who Operated South Side Medical Clinic Convicted Of
Health Care Fraud Involving Unnecessary Patient Tests
U.S. Attorney; Eastern District of
Texas Humble Woman Sentenced for East Texas Health Care Fraud
March 9, 2012
U.S. Department of Justice
Owner of Houston Health Care
Company Sentenced To 30 Months in Prison In Connection With Medicare
Fraud Scheme
U.S.Department of Justice
Broward County, Fla.-Area Halfway
House Owner Sentenced To 24 Months
In Prison For Participating In Fraud
And Kickback Scheme
http://go.usa.gov/RzT
State Enforcement Actions
Updated
http://go.usa.gov/kn2
____________________________
|
Products now available in the HSG Store. |
We are also pleased to announce our Combo Package which includes:
- Business Associate Agreement: HITECH Ready Model Contract
- Breach Notification Framework
- Breach Notification Policy
- The Security Rule Under HITECH: a Business Associate's Perspective
Save over $100.00 off the retail price.
Buy Now...
HIPAA Breach Notification Framework
Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.
Buy Now...
Our HIPAA Breach Notification Policy
This policy implements section 13402 of the HITECH Act which requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. The policy was derived from our HIPAA Breach Notification Framework and is included as a FREE gift that product.
Buy Now...
Business Associate Agreement: a HITECH Ready Model Contract
Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract.
Buy Now...
The Security Rule Under HITECH: a Business Associate Perspective First Edition
The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.
Buy Now...
HIPAA Survival Guide Third Edition
The Third Edition of the HIPAA Survival Guide updates various substantive text of the first two editions and adds completely new material. The HITECH Act has indeed proven to be transformational. In order to deal more effectively with its changing regulatory landscape we have decided to release an updated version available here and on Amazon's Kindle platform.
Buy Now...
HIPAA Core Training Combo
This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH Training Module and the HITECH and HIPAA Compliant Training Module all in one Combo Package. Buy all 4 for a little more than than the price of 3
Buy Now...
|
Join Our Mailing List |
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.
|
 |
HIPAA Survival Guide Blog Talk Radio Overview |
 |
Business Associate Agreement |
 |
HITECH / HIPAA Core Training Modules Overview |
|
|
Dear Carlos,
Welcome to our April 2012 HITECH / HIPAA Compliance Newsletter.
The featured article this month is entitled Dispelling the Top Ten (10) Myths of HIPAA/HITECH Compliance.
The HIPAA Survival Guide is pleased to announce the release of our HIPAA Privacy Rule Checklist under HITECH. This product is now available on the HSG Store.
FREE WEBINAR: HIPAA Compliance: The Intersection of Privacy, Security, Mobile and Social Media?
This webinar explores the use of social media and mobile devices in the healthcare industry and the potential risks associated with such rampant use. It is not a question of whether or not covered entities ("CEs") should engage in this type of use, the fact of the matter is that CEs are already doing so in large numbers. This phenomenon is not about to stop anytime soon, nor should it. Social media and mobile devices provide CEs with a way to engage their patients in a manner that allows CEs to differentiate their offerings in an increasingly more competitive healthcare marketplace. This webinar focuses on mobile and social media best practices within the context of the HIPAA Privacy and Security Rules.
Date: April 19, 2012.
Time: 2:00 to 3:30 EST.
To register Click here.
HIPAA Survival Guide Radio: Next Show
Our weekly radio show covers topics about how the HITECH Act is transforming HIPAA and: 1) exposure to industry thought leaders; 2) analysis of proposed and promulgated HHS/OCR rule making; and 3) a forum for sharing industry best practices. Here's the overview video. To participate via chat you will need to create a FREE Blog Talk Radio account. No account is necessary just to listen. Archived copies of shows will be made available.
To be reminded of upcoming radio shows Update Your Profile by selecting "HSG Radio Show Reminder."
Date: March 30, 2012.
Time: 3:00 to 3:30 EST.
To listen Click Here.
|
HSG Announcements |
Our EHR Library remains one of our most popular downloads. Here you will find content that will help you select the right EHR package for your practice or facility and other useful EHR collateral.
Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape.
Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below. If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs. Become a FanFollow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos. Advertising OpportunitiesHSG is now welcoming advertisers to help support one of the most comprehensive and usable HITECH / HIPAA sites on the Internet. Our audience continues to grow as healthcare providers and business associates, both large and small, return to HSG again and again.
|
 Dispelling the Top Ten (10) Myths of HIPAA/HITECH Compliance |
This month's article is by guest author John 'J' Trinckes Jr., CISO/EVP/Founding Partner CISSP, CISM, CRISC, C-EH, NSA-IAM/IEM Mulholland Information Security, LLC.
The following are the top ten reasons (or myths) regarding HIPAA/HITECH compliance that we have heard in the healthcare industry over the past couple of years. There is no specific order in which these appear; however, I do attempt to explain the fallacy of these thought processes.
1. My EMR/EHR software is HIPAA Compliant so that makes me HIPAA Compliant.
Although the software you utilize to process, store, or transmit your patient information and/or other electronically protected health information is certified HIPAA Compliant, this doesn't necessarily mean that the covered entity (as a whole) is compliant. The HIPAA Privacy and Security Rules cover the entire entity and software is just a minor subset of the standards. These rules cover administrative, physical, and technical safeguards that need to be implemented to satisfy the regulations and to put the covered entity into compliance.
2. My Business Associate handles my security and makes me HIPAA Compliant.
A business associate, such as a managed IT service provider or other contractor, may be hired to assist the covered entity in managing their network and other IT related services. This; however, does not, by itself, qualify a covered entity to claim that they are compliant with HIPAA regulations. The responsibility (and liability) still falls back on the covered entity to validate and ensure compliance with the HIPAA Privacy and Security Rules. A covered entity must perform their own due diligence in an effort to validate compliance and the business associate themselves also needs to ensure their own compliance under their business associate agreement in regards to complying with the regulations. It should also be noted that there is a conflict of interest to have an IT service test or validate their configurations and security level. Assessors should be completely independent to allow for a more objective review of compliance. It has been my experience that sometimes vendors are not completing work or providing the best possible services as initially thought. Although you need to trust your vendors, you also need to verify what they are saying and doing. Ultimately, you, as the covered entity, are responsible for their actions (or lack of action).
3. I have policies/procedures in place, now I'm HIPAA Compliant.
Having policies and procedures in place is just the first step on the path to compliance. These policies/procedures need to be fully approved, implemented, and validated. Approval of these policies/procedures need to come from the top executives and disseminated to all workforce members. All workforce members need to fully adhere to these policies/procedures at all times or be subject to sanctions that are enforced. Assessments need to be performed to validate that all workforce members are following the policies/procedures as approved and adjustments need to take place to correct any deficiencies accordingly. Only after demonstrated proof that these steps are occurring within the covered entity on an ongoing basis can compliance be achieved.
Read more...
|
About Us |
3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.
We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.
Carlos Leyva, CEO 3Lions Publishing, Inc.
(800) 516-7903
|
|
|