Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HITECH / HIPAA Newsletter January 2013

HITECH Act Compliance is a Team Sport:  Is your team HITECH ready?

 January 2013 Issue No. 37
In this Issue
Products now available in the HSG Store
HITECH/HIPAA: Protecting Mobile Devices & Supporting BYOD
HITECH Switch OnProducts now available in the HSG Store. 

HIPAA Breach Notification Framework 

Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.


 Buy Now...  



Business Associate Agreement: a HITECH Ready Model Contract

Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract. 

Buy Now...

The Security Rule Under HITECH:
a Business Associate Perspective
First Edition

The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.

Buy Now...

HIPAA Core Training Combo

This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH  Training Module and the HITECH and HIPAA Compliant  Training Module all in one Combo Package.  Buy all 4 for a little more than than the price of 3

 Buy Now...
Quick Links
HIPAA Survival Guide Videos
Join Our Mailing List
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.

Other Resources

HIPAA Cloud, Social Media, and Mobile Checklist
HIPAA Cloud, Social Media, and Mobile Checklist
Business Associate Agreement
Business Associate Agreement
HITECH / HIPAA Core Training Modules Overview
HITECH / HIPAA Core Training Modules Overview

HIPAA Privacy Rule Checklist Product Overview
HIPAA Privacy Rule Checklist Product Overview

HITECH Breach Notification Framework Overview
HITECH Breach Notification Framework Overview

HSG Logo 
Dear Carlos,

Welcome to our January 2013 HITECH / HIPAA Compliance Newsletter.  


The featured article this month is entitled: HITECH/HIPAA: Protecting Mobile Devices & Supporting BYOD.  The next few years are going continue to be full of headlines in healthcare journals on the explosion of Mobile Device usage among clinical professionals and the role that these devices continue to play in major PHI data breaches.


CSMMFrontCoverThumbNail The HIPAA Survival Guide is pleased to announce that our Cloud, Social Media and Mobile Checklist is now available on the HSG Store HITECH / HIPAA Newsletter 
HSG Announcements
Webtones PointerIn addition to our commercial-off-the-shelf training products, we now offer training customized for your organization through our partnership with the Digital Business Law Group. We recognize that some organizations, including business associates, have a need for HIPAA / HITECH training tailored to their specific needs (click here or on the image below to get more information).
HIPAA Training  


Our EHR Library remains one of our most popular downloads. Here you will find content that will help you select the right EHR package for your practice or facility and other useful EHR collateral.
HITECH Switch On  


Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape. 

Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below.  If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.  

Become a Fan
Follow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos.

Advertising Opportunities
HSG is now welcoming advertisers to help support one of the most comprehensive and usable HITECH / HIPAA sites on the Internet. Our audience continues to grow as healthcare providers and business associates, both large and small, return to HSG again and again.
Main_Article HITECH/HIPAA: Protecting Mobile Devices & Supporting BYOD.
Webtones Pointer The next few years are going continue to be full of headlines in healthcare journals on the explosion of Mobile Device usage among clinical professionals and the role that these devices continue to play in major PHI data breaches. The money quote from one of the most respected CIOs in healthcare follows:


CIOs: it's time to tell your CFO to expect an unplanned 6 figure expense to protect institutional data...embracing the mobile devices that enhance productivity and user satisfaction.

Granted, for mid-size and smaller providers this hypothetical dollar amount may be pure hyperbole-nonetheless, the ubiquity of mobile computing in healthcare means that covered entities and business associates of all sizes are going to have to pay attention.  Attention is required for a number of reasons, not the least of which is that most data breaches occur as a result of lost and/or stolen Mobile Devices.

The mobile healthcare horse has long since left the barn. The iPad, iPhone and similar competitive consumer devices are one of the biggest disruptive forces in healthcare; an army of concerned CIOs (and lawyers) are not going to stop it. Compliance is going to have to occur within this new reality and will certainly require people, process and platform components in order to make Mobile healthcare both effective and safe.

Mobile will 
remain at the forefront of point of care anywhere solutions and will continue to provide the flexibility that allows clinicians to deliver real-time information 24/7 365. In short, the healthcare industry is simply not going to return to a client-server, fixed infrastructure dominated computing model, but rather will continue to push the envelope with Cloud, Social Media, and a panoply of healthcare enabled Mobile Devices accessing provider resources over wireless networks. 


HITECH / HIPAA NewsletterWhat's the so what of BYOD?


BYOD is an acronym that stands for "Bring Your Own Device." Mobile Devices have now become much more than communications and computing tools-they have rapidly become lifestyle accessories. As such, users grow quite attached to these devices and rely on them daily for work, family and play. There is more than just an emotional attachment to a "hip" product at work here. 
How we perform certain basic functions on our devices become second nature to us. The learning curve of having to adapt to a new device is not trivial, and the angst caused by not being able to do what one could formerly do with ease is beyond frustrating, it can be downright debilitating, both personally and professionally.
Key Contract Sections One of the principal challenges of BYOD requires acknowledging the ramifications of the obvious: these are not devices owned by the organization. Despite the fact that the organization does not own these devices, they inevitably over time accumulate both personal and business data. The organization does own the latter, but in the case of some Mobile Devices (e.g. phones and pads) not the device that contains them. Dealing with business data stored on Mobile Devices as these devices are recycled and/or employees and other trusted stakeholders no longer work with the organization poses a significant problem, one that is not easily solved today without people and process intervention. 
About Us
HITECH Puzzles3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.

We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.

Carlos Leyva, CEO
3Lions Publishing, Inc.
(800) 516-7903

Contact us today