Products now available in the HSG Store. |
We are also pleased to announce our Combo Package which includes:
- Business Associate Agreement: HITECH Ready Model Contract
- Breach Notification Framework
- Breach Notification Policy
- The Security Rule Under HITECH: a Business Associate's Perspective
Save over $100.00 off the retail price.
Buy Now...
HIPAA Breach Notification Framework
Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.
Buy Now...
Our HIPAA Breach Notification Policy
This policy implements section 13402 of the HITECH Act which requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. The policy was derived from our HIPAA Breach Notification Framework and is included as a FREE gift that product.
Buy Now...
Business Associate Agreement: a HITECH Ready Model Contract
Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract.
Buy Now...
The Security Rule Under HITECH: a Business Associate Perspective First Edition
The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.
Buy Now...
HIPAA Survival Guide Third Edition
The Third Edition of the HIPAA Survival Guide updates various substantive text of the first two editions and adds completely new material. The HITECH Act has indeed proven to be transformational. In order to deal more effectively with its changing regulatory landscape we have decided to release an updated version available here and on Amazon's Kindle platform.
Buy Now...
HIPAA Core Training Combo
This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH Training Module and the HITECH and HIPAA Compliant Training Module all in one Combo Package. Buy all 4 for a little more than than the price of 3
Buy Now...
|
Join Our Mailing List |
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.
|
 |
HIPAA Survival Guide Blog Talk Radio Overview |
 |
Business Associate Agreement |
 |
HITECH / HIPAA Core Training Modules Overview
 |
HIPAA Privacy Rule Checklist Product Overview |
 |
HITECH Breach Notification Framework Overview |
|
|
|
Dear Carlos,
Welcome to our July 2012 HITECH / HIPAA Compliance Newsletter.
The featured article this month is entitled: Small Providers: Avoiding a Breach Calamity!This is a guest article written by Tom Warley, CSO of Colorado Hi-Tech Solutions, a firm that specializes in helping small providers meet the challenges of implementing the HIPAA Security Rule.
The HIPAA Survival Guide is pleased to announce the release of our HIPAA Privacy Rule Checklist under HITECH. This product is now available on the HSG Store.
|
HSG Announcements |
Our EHR Library remains one of our most popular downloads. Here you will find content that will help you select the right EHR package for your practice or facility and other useful EHR collateral.
Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape.
Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below. If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs. Become a FanFollow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos. Advertising OpportunitiesHSG is now welcoming advertisers to help support one of the most comprehensive and usable HITECH / HIPAA sites on the Internet. Our audience continues to grow as healthcare providers and business associates, both large and small, return to HSG again and again.
|
Small Providers: Avoiding a Breach Calamity! |
The Reality
The challenges of securing PHI for small providers in today's regulatory environment can be significant. There are budget constraints, personnel constraints and, for many, a fog of confusion surrounding the HIPAA Security Rule. Even though providers are familiar with HIPAA privacy few understand the true importance of data security, much less how to attain it. Doctors are still under the illusion that HIPAA is a paper tiger, toothless. Old-school doctors in particular are often unswayable in this regard. Some office managers are aware of the Security Rule but consider it a mere formality believing that policies alone suffice for compliance or that "it's the IT guy's job". Many small providers fail to address data security at all, ignoring basic security safeguards altogether. They do so at their peril. The small provider must make the protection of PHI the single most important thing they do other than patient care itself.
Technology's Curse
The challenge for security professionals is to provide, in effect, a wakeup call to the small provider while not sounding like Chicken Little. We must convince small providers to adopt security strategies that are most effective given limited budgets while working methodically toward HIPAA compliance. Which security safeguards provide the most protection? Would money be best spent on a set of security policies? After all, documentation is a cornerstone of HIPAA compliance. Perhaps we should first discuss the contingency plan as the restoration of backups is critical. With the daily barrage of hacking events maybe an investment in a better firewall, more effective anti-virus software or even intrusion detection would be warranted. Ideally, we should consider all of the above. However, one task stands out above all others as a critical first step: find out where your PHI really is.
It's all about the magic (or the curse) of technology. How many patient records can a typical backup tape hold? 1000? 5000? What about a portable hard drive? A thumb drive? An entire practice's database can fit on one these devices or on a single workstation or laptop for that matter. Storage is cheap and huge amounts of PHI can fit into the palm of your hand. Today, due to stepped up enforcement of HITECH, the loss of one of these unencrypted devices will likely result in significant expenses, possibly more than the practice can absorb. Why? Because the breach of 500 individual's records requires immediate notification to HHS, the patients themselves and prominent local media. The estimate of such a breach calamity is estimated to be approximately $200 per record, or $100,000 minimum. And that's before any fines are tacked on. In addition, your state Attorney General has the authority to file suit on behalf of a patient. In fact if the patient is a resident of another state, THAT Attorney General can file suit as well. For a breach that affects a very large number of patients a class action suit is even possible, maybe likely. This is why security professionals are so worried and why small providers should be as well.
PHI Moves Like Water
To avoid a breach calamity you first have to know where the PHI is stored and how it moves. It sounds simple and obvious; after all a small provider has a relatively simple setup. But PHI is ubiquitous, often flows like water and it's not always apparent how it travels or where it will end up.
Read more...
|
About Us |
3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.
We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.
Carlos Leyva, CEO 3Lions Publishing, Inc.
(800) 516-7903
|
|
|