 Products now available in the HSG Store. |
HIPAA Breach Notification Framework
Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.
Buy Now...
Business Associate Agreement: a HITECH Ready Model Contract
Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract.
Buy Now...
The Security Rule Under HITECH:
a Business Associate Perspective
First Edition
The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.
Buy Now...
HIPAA Core Training Combo
This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH Training Module and the HITECH and HIPAA Compliant Training Module all in one Combo Package. Buy all 4 for a little more than than the price of 3
Buy Now... |
| Join Our Mailing List |
|
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.
|
 |
| HIPAA Survival Guide Subscription Plan |
 |
| Cloud, Social Media, and Mobile Checklist Product Overview |
 |
| Business Associate Agreement Product Overview |
 |
| HIPAA / HITECH Core Training Product Overview |
 |
| Privacy Rule Checklist Product Overview |
 |
| Breach Notification Framework Product Overview |
|
|
Dear Carlos,
Welcome to our April 2014 HIPAA Compliance Newsletter.
Our article this month is entitled: Who is enforcing PHI laws?
Recent enforcement actions by the FTC and Secret Service have called into question which government agencies, including state agencies, are responsible for enforcing laws related to protected health information ("PHI"). Certainly, from a federal government perspective, the Department of Health and Human Services ("HHS") has long been recognized as the enforcer of the HIPAA Regulations. The FTC, on the other hand, has long had the responsibility for enforcing laws related to personally identifiable information ("PII") under the Federal Trade Commission Act of 1914, and its corresponding regulations, which are focused on protection of consumer data. The Secret Service has a dual role as it states on its website:
The mission of the United States Secret Service is to safeguard the nation's financial infrastructure and payment systems to preserve the integrity of the economy, and to protect national leaders, visiting heads of state and government, designated sites and National Special Security Events.
ANNOUNCEMENTS
This module gets you up to speed on the mandatory HIPAA Risk Management Program required by the HIPAA Security Rule, but it also encompasses the HIPAA Privacy Rule and the HITECH Breach Notification Rule. A Risk Management Program is required to comply with the HIPAA Security Rule and also to ensure that Risk Assessments are not a one time event, but rather an important part of a comprehensive initiative.
WEBINAR: Exploding HITECH/HIPAA Myths, Urban Legends, & Other "Snake Oil."
Date/Time
Thursday April 17, 2014 2:00 PM - 3:30 PM EDT
Get this event on your calendar!
Registration
Click here to register.
|
| HIPAA Survival Guide Subscription Plan |
|
|
|
| HSG Announcements |
|
Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape.
Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below. If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.  Become a FanFollow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos.
|
Who is enforcing PHI laws?
|
 Recent enforcement actions by the FTC and Secret Service have called into question which government agencies, including state agencies, are responsible for enforcing laws related to protected health information ("PHI"). Certainly, from a federal government perspective, the Department of Health and Human Services ("HHS") has long been recognized as the enforcer of the HIPAA Regulations. The FTC, on the other hand, has long had the responsibility for enforcing laws related to personally identifiable information ("PII") under the Federal Trade Commission Act of 1914, and its corresponding regulations, which are focused on protection of consumer data. The Secret Service has a dual role as it states on its website:
The mission of the United States Secret Service is to safeguard the nation's financial infrastructure and payment systems to preserve the integrity of the economy, and to protect national leaders, visiting heads of state and government, designated sites and National Special Security Events.
Based on their mission statement, one would not think that the Secret Service would have any jurisdiction regarding PHI, but apparently the part of its mission that requires it to "safeguard the nation's financial infrastructure and payment systems" is broad enough to encompass PHI.
The mission of the respective state agencies can be represented, in broad terms, by using the mission statement on the Massachusetts Attorney General's website.
Attorney General Martha Coakley is the chief lawyer and law enforcement officer of the Commonwealth of Massachusetts. In addition, her office is an advocate and resource for the Commonwealth and its residents in many areas, including consumer protection, combating fraud and corruption, protecting civil rights, and promoting meaningful economic recovery.
Including the States, it is clear that there are well over 50 agencies that might have an interest in enforcement actions related to PHI. For example, the HITECH Act, section 13410(e), specifically gives State Attorney Generals the authority to bring an action under HIPAA.
 FTC Enforcement?
The FTC holds the view that it can go after PHI data breaches under its purview of protecting consumers from unfair business processes. This is the same jurisdiction that enables the FTC to go after website owners such as Google and Facebook for privacy violations. In these cases it is not so much that the FTC is the "Privacy Police" but rather when companies violate privacy policies, the FTC views it as "unfair and deceptive business practices." Apparently, this is what happened in the Accretive Health and LabMD cases, where the FTC used its broad jurisdiction to go after PHI abuses.
 Secret Service in on the Act?
Not to be out done, and obviously having "extra bandwidth" from protecting the POTUS, his family, and other high ranking government officials, the Secret Service has ventured into the PHI enforcement business.
Read More...
|
| About Us |
 3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.
We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.
Carlos Leyva, CEO
3Lions Publishing, Inc.
(800) 516-7903
|
|
|
