News from our Partner
|

Prime hospital cited for repeated patient privacy breaches
By Ken Terry | FierceHealthIT
The California public health department issued citations against Shasta Regional Medical Center, the hospital under Prime Healthcare Services, where two top executives released a patient's medical records to the media, California Watch reported. Shasta Regional faces five deficiencies for repeated instances of patient privacy breaches.
To continue reading, please
click here.
|
Products now available in the HSG Store. |
We are also pleased to announce our Combo Package which includes:
- Business Associate Agreement: HITECH Ready Model Contract
- Breach Notification Framework
- Breach Notification Policy
- The Security Rule Under HITECH: a Business Associate's Perspective
Save over $100.00 off the retail price.
Buy Now...
HIPAA Breach Notification Framework
Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.
Buy Now...
Our HIPAA Breach Notification Policy
This policy implements section 13402 of the HITECH Act which requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. The policy was derived from our HIPAA Breach Notification Framework and is included as a FREE gift that product.
Buy Now...
Business Associate Agreement: a HITECH Ready Model Contract
Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract.
Buy Now...
The Security Rule Under HITECH: a Business Associate Perspective First Edition
The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.
Buy Now...
HIPAA Survival Guide Third Edition
The Third Edition of the HIPAA Survival Guide updates various substantive text of the first two editions and adds completely new material. The HITECH Act has indeed proven to be transformational. In order to deal more effectively with its changing regulatory landscape we have decided to release an updated version available here and on Amazon's Kindle platform.
Buy Now...
HIPAA Core Training Combo
This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH Training Module and the HITECH and HIPAA Compliant Training Module all in one Combo Package. Buy all 4 for a little more than than the price of 3
Buy Now...
|
Join Our Mailing List |
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.
|
 |
HIPAA Survival Guide Blog Talk Radio Overview |
 |
Business Associate Agreement |
 |
HITECH / HIPAA Core Training Modules Overview
 |
HIPAA Privacy Rule Checklist Product Overview |
 |
HITECH Breach Notification Framework Overview |
|
|
|
Dear Carlos,
Welcome to our June 2012 HITECH / HIPAA Compliance Newsletter.
The featured article this month is entitled HIPAA Compliance: what to expect from an OCR audit?. Under section 13411 the of HITECH Act, the Secretary "shall provide for periodic audits" to ensure compliance with the Act. It is the Office of Civil Rights ("OCR") that has the actual authority (under the Secretary) for HIPAA audits and enforcement actions. In 2011, OCR contracted with KPMG to develop an audit methodology and to conduct 150 audits. These audits are well underway. This article discusses what you should expect from an OCR audit.
The HIPAA Survival Guide is pleased to announce the release of our HIPAA Privacy Rule Checklist under HITECH. This product is now available on the HSG Store.
FREE WEBINAR: HIPAA Compliance: what to expect from an OCR audit?
This webinar explores the same subject matter as this month's news article. The next several HIPAA Survival Guide Radio Shows will do likewise. Obviously this is a topic that has gotten the attention of the industry. Our objective is to demystify what you can expect from an audit by clearly exposing what a HITECH / HIPAA audit must be based on, according to the relevant statutes and regulations.
Date: June 21, 2012.
Time: 2:00 to 3:00 EST.
To register Click Here.
HIPAA Survival Guide Radio: Next Show
Our weekly radio show covers topics about how the HITECH Act is transforming HIPAA and: 1) exposure to industry thought leaders; 2) analysis of proposed and promulgated HHS/OCR rule making; and 3) a forum for sharing industry best practices. Here's the overview video. To participate via chat you will need to create a FREE Blog Talk Radio account. No account is necessary just to listen. Archived copies of shows will be made available.
To be reminded of upcoming radio shows Update Your Profile by selecting "HSG Radio Show Reminder." There is no show scheduled for May 4, 2012.
Date: June 1, 2012.
Time: 3:00 to 3:45 EST.
To listen Click Here.
|
HSG Announcements |
There's an easy way for busy hospital executives to stay up-to-date on the latest relevant news - subscribe to FierceHealthcare. The journalists at FierceHealthcare scour industry news wires, association websites, and government documents to find the day's top news stories. They also provide context and analysis and serve it up in a brief, easy-to-read daily newsletter. Readers often say that FierceHealthcare has become an essential part of their day. Make it part of yours, for free! Click here to sign up for FierceHealthcare to stay current on the news that impacts your organization.
Our EHR Library remains one of our most popular downloads. Here you will find content that will help you select the right EHR package for your practice or facility and other useful EHR collateral.
Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape.
Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below. If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs. Become a FanFollow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos. Advertising OpportunitiesHSG is now welcoming advertisers to help support one of the most comprehensive and usable HITECH / HIPAA sites on the Internet. Our audience continues to grow as healthcare providers and business associates, both large and small, return to HSG again and again.
|
HIPAA Compliance: what to expect from an OCR audit? |
The featured article this month is entitled HIPAA Compliance: what to expect from an OCR audit? Under Section 13411 of the HITECH Act, the Secretary "shall provide for periodic audits" to ensure compliance with the Act. It is the Office of Civil Rights ("OCR") that has the actual authority (under the Secretary) for HIPAA audits and enforcement actions. In 2011, OCR contracted with KPMG to develop an audit methodology and to conduct 150 audits. These audits are well underway. This article discusses what you should expect from an OCR audit.
The principal premise of this article is that determining what OCR will audit does not require a "crystal ball gazing" exercise similar to what occurred in the pre-HITECH days with the 42 Questions expose. How can we purport to eliminate the uncertainty? The answer to this question is relatively straightforward and something that all auditors of government regulations clearly understand: an OCR audit can only (by law) be based on the requirements of the relevant statutes and regulations under review.
 We use the Checklist Items from our HIPAA Privacy Rule Checklist under HITECH to walkthrough the auditable sections of the HIPAA Privacy Rule. We will also review the HIPAA Security Rule standards to illustrate obvious audit points. Finally, we will use our forthcoming Cloud, Social Media, and Mobile ("CSMM") checklist to illustrate more esoteric audit points which are nonetheless grounded in the foundational requirements.
Read more...
|
About Us |
3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.
We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.
Carlos Leyva, CEO 3Lions Publishing, Inc.
(800) 516-7903
|
|
|