Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HITECH / HIPAA Newsletter December 2012

HITECH Act Compliance is a Team Sport:  Is your team HITECH ready?

 December  2012 Issue No. 36
In this Issue
Products now available in the HSG Store
HITECH/HIPAA: The Rise of the Engaged Patient
HITECH Switch OnProducts now available in the HSG Store. 
We are also pleased to announce our Combo Package which includes:  
  1. Business Associate Agreement: HITECH Ready Model Contract 
  2. Breach Notification Framework 
  3. Breach Notification Policy 
  4. The Security Rule Under HITECH: a Business Associate's Perspective 
Save over $100.00 off the retail price. 

Buy Now...  

HIPAA Breach Notification Framework 

Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.


 Buy Now...  


Our HIPAA Breach Notification Policy 

This policy implements section 13402 of the HITECH Act which requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. The policy was derived from our HIPAA Breach Notification Framework and is included as a FREE gift that product


Buy Now...  

Business Associate Agreement: a HITECH Ready Model Contract

Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract. 

Buy Now...

The Security Rule Under HITECH:
a Business Associate Perspective
First Edition

The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.

Buy Now...

HIPAA Survival Guide Third Edition

The Third Edition of the HIPAA Survival Guide updates various substantive text of the first two editions and adds completely new material. The HITECH Act has indeed proven to be transformational. In order to deal more effectively with its changing regulatory landscape we have decided to release an updated version available here and on Amazon's Kindle platform.

Buy Now...

HIPAA Core Training Combo

This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH  Training Module and the HITECH and HIPAA Compliant  Training Module all in one Combo Package.  Buy all 4 for a little more than than the price of 3

 Buy Now...
Quick Links
HIPAA Survival Guide Videos
Join Our Mailing List
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.

Other Resources

Business Associate Agreement
Business Associate Agreement
HITECH / HIPAA Core Training Modules Overview
HITECH / HIPAA Core Training Modules Overview

HIPAA Privacy Rule Checklist Product Overview
HIPAA Privacy Rule Checklist Product Overview

HITECH Breach Notification Framework Overview
HITECH Breach Notification Framework Overview

HSG Logo 
Dear Carlos,

Welcome to our December 2012 HITECH / HIPAA Compliance Newsletter.  


The featured article this month is entitled: HITECH/HIPAA: The Rise of the Engaged Patient.  Patients have always had the right to access their PHI (post HIPAA), we wrote about the Privacy Rule sections that provide for this access in our Patient's Bill of Rights post. The HITECH Act expands this access under Section 13405 now allowing for treatment, payment and operations (TPO) usages to be disclosed for the past three years as well (i.e. provided that an EHR is in use). 



PRCLFrontPage The HIPAA Survival Guide is pleased to announce that our HIPAA Training Combo Package continues to deliver significant training value based on sales volume and customer feedback. 


HITECH / HIPAA Newsletter 
HSG Announcements
Webtones PointerIn addition to our commercial-off-the-shelf training products, we now offer training customized for your organization through our partnership with the Digital Business Law Group. We recognize that some organizations, including business associates, have a need for HIPAA / HITECH training tailored to their specific needs (click here or on the image below to get more information).
HIPAA Training  


Our EHR Library remains one of our most popular downloads. Here you will find content that will help you select the right EHR package for your practice or facility and other useful EHR collateral.
HITECH Switch On  


Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape. 

Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below.  If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.  

Become a Fan
Follow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos.

Advertising Opportunities
HSG is now welcoming advertisers to help support one of the most comprehensive and usable HITECH / HIPAA sites on the Internet. Our audience continues to grow as healthcare providers and business associates, both large and small, return to HSG again and again.
Main_Article HITECH/HIPAA: The Rise of the Engaged Patient.
Webtones Pointer Patients have always had the right to access their PHI (post HIPAA). We wrote about the Privacy Rule sections that provide for this access in our Patient's Bill of Rights post. The HITECH Act expands this access under Section 13405, now allowing for treatment, payment and operations (TPO) usages to be disclosed for the past three years as well (i.e. provided that an EHR is in use).    

Covered entities and business associates are well advised to have a well defined set of processes in place for providing this access, or they could quickly find themselves in "willful neglect" land. The engaged patient, one that is likely to significantly increase the demand for access, is not going away any time soon. As we discuss in this article, with the boomers retiring en masse you can be sure that this trend is likely to grow significantly. 


HITECH / HIPAA NewsletterWhat's the so what?


Most covered entities and business associates (where applicable) are not prepared to handle this deluge of requests because their Privacy Rule compliance initiative lacks certain key processes:
  1. Managing requests for restrictions under §164.522.
  2. Managing access to PHI under §164.524.
  3. Managing amendments to PHI to under §164.526.
  4. Managing accounting for disclosures under §164.528.
It's not that these are new sections of the  Privacy Rule, or aspects of the Rule that we modified by the  HITECH Act, but rather these sections represent parts of the  Privacy Rule that have not proven challenging heretofore, mostly because patients were either uninformed or otherwise not inclined to take advantage of them.
However, starting in 2008, 79 million baby boomers began retiring. The vast majority of these boomers are far more computer literate than their parents. By 2008 the Internet was well integrated into the daily life of the nation, therefore it would not be surprising to find that most boomers use it once a day, or at a minimum several times a week. 
Also, it has been estimated that a significant percentage of boomers will suffer a chronic illness during retirement. This is not surprising given the volume of chronic illness that exists in the U.S. today, across all age groups. However, a computer literate, aging, and ill population, with more time than money to spare, is guaranteed to access the Internet en masse to look for remedies and the ability to maintain wellness.
Key Contract Sections Clearly it is not only boomers that will be advocating on their own behalf. Their tech savvy children will also be weighing in on behalf of their parents. Couple this with the rise of the Patient Advocacy Profession and you have the foundation for an inflection point as it pertains to access to PHI. 
Patients, as consumers, have historically played a non-existent role in their own healthcare. Patients have lacked the data required to make informed selections of preferred providers and, for the most part, have not paid for the services delivered. The healthcare system has been, and remains, a highly dysfunctional marketplace with little or no price or quality transparency. It has been effectively seized and controlled by a few large players, namely the insurance companies and the U.S. Government (the so called "payers").
The Government, in the form of the Affordable Care Act (aka "ObamaCare"), has decided that a more functional healthcare marketplace, one focused on reimbursement for outcomes instead of reimbursement for services rendered (the so called "fee for service" model) is required to "bend the cost curve;" that is, to simultaneously improve patient outcomes while reducing costs. 
It's a huge bet, one that will take decades to collect on, assuming that the bet pays off. There are obviously no guarantees that it will. But what is guaranteed, no matter what direction the healthcare industry heads in, is that patients will be more engaged in their own healthcare and that privacy and security will remain "top of mind" issues going forward.
About Us
HITECH Puzzles3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.

We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.

Carlos Leyva, CEO
3Lions Publishing, Inc.
(800) 516-7903

Contact us today