Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HITECH / HIPAA Newsletter February 2012

HITECH Act Compliance is a Team Sport:  Is your team HITECH ready?

 February 2012 Issue No. 26
In This Issue
Products now available in the HSG Store
HIPAA Compliance: Preview of the HHS Omnibus Rule?
In the News

OIG continues to announce fraud  enforcement actions at what appearsto be an alarming rate.



January 10, 2012

U.S. Attorney; Eastern District of Pennsylvania

Ambulance Company Worker Pleads Guilty to Fraud Scheme


State Enforcement Actions Updated 





January 5-6, 2012 


U.S. Department of Justice 


Home Health Agency Owner Pleads Guilty in Connection with Detroit Fraud Scheme 
Office Manager for Miami Home Health Company Sentenced to 78 Months in Prison for Role in $25 Million Health Care Fraud Scheme  


Miami-Area Patient Recruiter Sentenced to 57 Months in Prison for Participating in Medicare Fraud Kickback Scheme

U.S. Attorney; Western District of Texas

Former Texas Pain Management Physician and Psychiatrist Sentenced To Federal Prison on Health Care Fraud Charges

Attorney for the Middle District of Florida

Sarasota County Woman Sentenced for Health Care Fraud 


State Enforcement Actions Updated 


HITECH Switch OnProducts now available in the HSG Store. 
We are also pleased to announce our Combo Package which includes:  
  1. Business Associate Agreement: HITECH Ready Model Contract 
  2. Breach Notification Framework 
  3. Breach Notification Policy 
  4. The Security Rule Under HITECH: a Business Associate's Perspective 
Save over $100.00 off the retail price. 

Buy Now...  

HIPAA Breach Notification Framework 

Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.


 Buy Now...  


Our HIPAA Breach Notification Policy 

This policy implements section 13402 of the HITECH Act which requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. The policy was derived from our HIPAA Breach Notification Framework and is included as a FREE gift that product


Buy Now...  

Business Associate Agreement: a HITECH Ready Model Contract

Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract. 

Buy Now...

The Security Rule Under HITECH:
a Business Associate Perspective
First Edition

The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.

Buy Now...

HIPAA Survival Guide Third Edition

The Third Edition of the HIPAA Survival Guide updates various substantive text of the first two editions and adds completely new material. The HITECH Act has indeed proven to be transformational. In order to deal more effectively with its changing regulatory landscape we have decided to release an updated version available here and on Amazon's Kindle platform.

Buy Now...

HIPAA Core Training Combo

This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH  Training Module and the HITECH and HIPAA Compliant  Training Module all in one Combo Package.  Buy all 4 for a little more than than the price of 3

 Buy Now...
Quick Links
HIPAA Survival Guide Videos
Join Our Mailing List
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.

Other Resources

HSG Logo 
Dear Carlos,

Welcome to the February 2012 HITECH / HIPAA Compliance Newsletter.  


The featured article this month is entitled HIPAA Compliance: Preview of the HHS Omnibus Rule?


This article explores the proposed HHS Omnibus Rule. The HHS Omnibus Rule ("OR") mostly concerns sections of the HITECH Act that went into effect on February 18, 2010. There was an NPRM that was issued on July 14, 2010 that contained the changes proposed for the final rule. It is quite evident that HHS has not broken any "land speed records" in finalizing the OR, but all indications are that it will be forthcoming "soon." The full text of the OR can be found here. 


Webtones PointerFREE WEBINAR: HHS Proposed Omnibus Rule Discussion 


The HHS Omnibus Rule Webinar will continue our review of the proposed HHS Omnibus Rule ("OR") and discuss the marketplace impact that this comprehensive set of regulations is likely to have on the healthcare privacy and security regulatory landscape. Business associates are going to see an additional regulatory compliance burden as their subcontractors will now be treated as business associates. Covered entities can expect a number of changes including material changes to their Notice of Privacy Practices ("NOPP").


Date: February 9, 2012. 

Time: 2:00 to 3:30 EST. 

To register Click Here.  


Webtones PointerHIPAA Survival Guide Radio: Next Show


Our weekly radio show will cover topics about how the HITECH Act is transforming HIPAA and: 1) provide exposure to industry thought leaders; 2) provide analysis of proposed and promulgated HHS/OCR rule making; and 3) provide a forum for sharing of industry best practices. Here's the overview video. To participate via chat you will need to create a FREE Blog Talk Radio account. No account is necessary just to listen. Archived copies of shows will be made available.


Date: February 3, 2012. 

Time: 3:00 to 3:30 EST. 

To listen Click Here


HITECH / HIPAA Newsletter 
HSG Announcements
HSG LogoIn addition to our commercial-off-the-shelf training products, we now offer training customized for your organization through our partnership with the Digital Business Law Group. We recognize that some organizations, including business associates, have a need for HIPAA / HITECH training tailored to their specific needs (click here or on the image below to get more information).
HIPAA Training  


Our EHR Library remains one of our most popular downloads. Here you will find content that will help you select the right EHR package for your practice or facility and other useful EHR collateral.
HITECH Switch On  


Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape. 

Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below.  If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.  

Become a Fan
Follow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos.

Advertising Opportunities
HSG is now welcoming advertisers to help support one of the most comprehensive and usable HITECH / HIPAA sites on the Internet. Our audience continues to grow as healthcare providers and business associates, both large and small, return to HSG again and again.
HIPAA Compliance: Preview of the HHS Omnibus Rule?
Webtones PointerThis article explores the proposed HHS Omnibus Rule. The HHS Omnibus Rule ("OR") mostly concerns sections of the HITECH Act that went into effect on February 18, 2010. There was an NPRM that was issued on July 14, 2010 that contained the changes proposed for the final rule. It is quite evident that HHS has not broken any "land speed records" in finalizing the OR, but all indications are that it will be forthcoming "soon." The full text of the OR can be found here. 

The Scope  of the Omnibus Rule ("OR") is Comprehensive    
HITECH / HIPAA NewsletterThe OR will be comprehensive in scope. Here's the money quote from the NPRM regarding its contents:   
While passage of the HITECH Act necessitates much of the rulemaking below, it does not account for all of the proposed changes to the HIPAA Privacy, Security, and Enforcement Rules encompassed in this rulemaking. The Department is taking this opportunity to improve the workability and effectiveness of all three sets of HIPAA Rules. The Privacy Rule has not been amended since 2002, and the Security Rule has not been amended since 2003. While the Enforcement Rule was amended in the October 30, 2009, interim final rule to incorporate the enforcement-related HITECH statutory changes that are already effective, it has not been otherwise substantively amended since 2006. In the intervening years, HHS has accumulated a wealth of experience with these rules, both from public contact in various forums and through the process of enforcing the rules. In addition, we have identified a number of needed technical corrections to the rules. Accordingly, we propose a number of modifications that we believe will eliminate ambiguities in the rules and/or make them more workable and effective. Further, we propose a few modifications to conform the HIPAA Privacy Rule to provisions in the Patient Safety and Quality Improvement Act of 2005 (PSQIA).

In other words, the OR is going to be a "big deal" because it is likely to set the tone for the HIPAA Rules for at least the next three years (i.e. major revisions like this simply do not occur all that often). According to HHS, once the OR is finalized covered entities (CEs) and business associates (BAs) will get 180 days to comply. HHS also plans to update the HIPAA Rules to make the 180 days a "general rule" with respect to when compliance by stakeholders is effective after a rule change.


Business Associates Everywhere?

Key Contract SectionsThere are lots of detailed changes in the OR. We will summarize these into various categories so as not to lose sight of the forest for the trees. One big change is that business associates will be everywhere under the OR, because subcontractors of traditional BAs will themselves be treated as full fledged BAs. This change alone is big enough to shake up the existing compliance status quo and is a harbinger of things to come.




About Us
HITECH Puzzles3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.

We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.

Carlos Leyva, CEO
3Lions Publishing, Inc.
(800) 516-7903

Contact us today