Products now available in the HSG Store. |
HIPAA Breach Notification Framework
Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.
Buy Now...
Business Associate Agreement: a HITECH Ready Model Contract
Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract.
Buy Now...
The Security Rule Under HITECH: a Business Associate Perspective First Edition
The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.
Buy Now...
HIPAA Core Training Combo
This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH Training Module and the HITECH and HIPAA Compliant Training Module all in one Combo Package. Buy all 4 for a little more than than the price of 3
Buy Now...
|
Join Our Mailing List |
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.
|
 |
HIPAA Survival Guide Store Overview |
 |
Cloud, Social Media, and Mobile Checklist Product Overview |
 |
Business Associate Agreement Product Overview |
 |
HIPAA / HITECH Core Training Product Overview |
 |
Privacy Rule Checklist Product Overview |
 |
Breach Notification Framework Product Overview |
|
|
Dear Carlos,
Welcome to our July 2013 HITECH / HIPAA Compliance Newsletter.
Our article this month is entitled: Cyberwar: The Real Reason This is Not Your Daddy's HIPAA.
This article provides insight as to why HIPAA has grown in importance for a host of reasons that are not directly linked to the HITECH Act. Yes, the HITECH Act was (and is) a transformative piece of legislation, and four years out the healthcare industry is still struggling to comply. The latter condition has more to do with compliance budgets lacking the wherewithal to get the job done than any inherent complexity in the new statute and regulations. Although, to be sure, there is no shortage of complexity.
However, the real reason that HIPAA is now more important than ever is that the healthcare industry, taken as a whole, represents critical U.S. infrastructure, and almost certainly would be a target for a cyber attack should a full scale Cyberwar commence. There have already been many attacks on critical infrastructure around the world; some that the U.S., in collaboration with its allies (e.g. Israel) have launched preemptively in order to send an unequivocal message: "don't even think about coming after us, we will retaliate with far more fire power then you have available;" a kind of cyber "shock and awe" threat.
We are pleased to announce Release 1.0 of our Subscription Service which is available for purchase in our new HIPAA Survival Guide Store along with our suite of Omnibus Rule Ready™ products. Our product suite has been updated to reflect Omnibus Rule modifications.
Our Subscription Service and products ("Products") provide policies, processes, and tracking mechanisms to help covered entities and business associates deliver visible, demonstrable evidence of HIPAA compliance. The HIPAA Rules tell you what is required in order to comply; our Products provide best practice step-by-step guidance to help you meet your compliance objectives.
|
HSG Announcements |
Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape.
Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below. If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs. Become a FanFollow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos.
|
Cyberwar: The Real Reason This is Not Your Daddy's HIPAA. |
This article provides insight as to why HIPAA has grown in importance for a host of reasons that are not directly linked to the HITECH Act. Yes, the HITECH Act was (and is) a transformative piece of legislation, and four years out the healthcare industry is still struggling to comply. The latter condition has more to do with compliance budgets lacking the wherewithal to get the job done than any inherent complexity in the new statute and regulations. Although, to be sure, there is no shortage of complexity.
However, the real reason that HIPAA is now more important than ever is that the healthcare industry, taken as a whole, represents critical U.S. infrastructure, and
almost certainly would be a target for a cyber attack should a full scale Cyberwar commence. There have already been many attacks on critical infrastructure around the world; some that the U.S., in collaboration with its allies (e.g. Israel) have launched preemptively in order to send an unequivocal message: "don't even think about coming after us, we will retaliate with far more fire power then you have available;" a kind of cyber "shock and awe" threat.
What is Hagel Sweating ?
The Secretary of Defense Chuck Hagel recently warned that cyber threats posed a "quiet, stealthy, insidious" danger." Hagel continued "Cyber threats are real, they're terribly dangerous... They're probably as insidious and real a threat (as there is) to the United States, as well as China, by the way, and every nation." This is NOT idle talk on the part of the Secretary of Defense. Anyone paying attention at all to the cybersecurity dialog (and pending legislation) going on in Washingtom knows that the intensity of the conversation has increased dramatically.
OK, we get that, but what does that have to do with HIPAA and why should we care? Although normally not included as critical a "piece" of infrastructure as our electric grid or defense systems, the healthcare industry, by any measure, represents a cyberwar national security threat and infrastructure that must be protected.
In our opinion, neither HIPAA (as originally promulgated) nor the HITECH Act, had national security in mind first and foremost (if at all). HIPAA was intended as "Administrative Simplification" for a set of electronic transactions with privacy and security thrown in for good measure. HITECH focused more on privacy and security because of the move to EHRs. Yes, both were a recognition that as a nation we were at an "electronic inflection point," and that the rising voice of privacy groups needed to be heeded, and at the very least could not be ignored.
However, we don't believe that hacking threats from China or digitally enabled organized crime was the driving force of the legislation. But things have changed rapidly and the pace of change, and related risks, in our global communications systems are increasing dramatically. HIPAA/HITECH are now tools that the U.S. government can use to encourage (or coerce) the healthcare industry to step up to the challenge.
Healthcare Stepping up to the Challenge?
It won't come as a surprise to readers of this newsletter that we believe that the healthcare industry is woefully behind the curve when it comes to privacy and security, especially when compared to other regulated industries such as financial services. For a number of reasons this status quo will become increasingly more difficult to maintain, the national security interest of the U.S. being at or near the top of the list that will drive change.
Read More...
|
About Us |
3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.
We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.
Carlos Leyva, CEO 3Lions Publishing, Inc.
(800) 516-7903
|
|
|