Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HITECH / HIPAA Newsletter May 2012

HITECH Act Compliance is a Team Sport:  Is your team HITECH ready?

 May  2012 Issue No. 29
In this Issue
Products now available in the HSG Store
Healthcare and the Cloud Revisited: it's your data, how do you protect it?
News from our Partner

FHC Logo

HIMSS: Reform Repeal would Slow Health IT Quality Initiatives


By Ken Terry | FierceHealthIT


If the Supreme Court knocks down the entire Affordable Care Act (ACA), it could have repercussions on health IT quality initiatives: quality reporting, quality measure development, the availability of Medicare data for performance measurement, enrollment in government programs and HIPAA transaction standards. That was the gist of a presentation by attorney James Wieland at a webinar sponsored by the Healthcare Information and Management Systems Society (HIMSS).


Wieland, a member of the HIMSS legal task force, focused his presentation on ACA provisions that reflect the government's involvement in quality reporting and benchmarking.


To continue reading, please

click here.

HITECH Switch OnProducts now available in the HSG Store. 
We are also pleased to announce our Combo Package which includes:  
  1. Business Associate Agreement: HITECH Ready Model Contract 
  2. Breach Notification Framework 
  3. Breach Notification Policy 
  4. The Security Rule Under HITECH: a Business Associate's Perspective 
Save over $100.00 off the retail price. 

Buy Now...  

HIPAA Breach Notification Framework 

Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.


 Buy Now...  


Our HIPAA Breach Notification Policy 

This policy implements section 13402 of the HITECH Act which requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured protected health information. The policy was derived from our HIPAA Breach Notification Framework and is included as a FREE gift that product


Buy Now...  

Business Associate Agreement: a HITECH Ready Model Contract

Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract. 

Buy Now...

The Security Rule Under HITECH:
a Business Associate Perspective
First Edition

The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.

Buy Now...

HIPAA Survival Guide Third Edition

The Third Edition of the HIPAA Survival Guide updates various substantive text of the first two editions and adds completely new material. The HITECH Act has indeed proven to be transformational. In order to deal more effectively with its changing regulatory landscape we have decided to release an updated version available here and on Amazon's Kindle platform.

Buy Now...

HIPAA Core Training Combo

This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH  Training Module and the HITECH and HIPAA Compliant  Training Module all in one Combo Package.  Buy all 4 for a little more than than the price of 3

 Buy Now...
Quick Links
HIPAA Survival Guide Videos
Join Our Mailing List
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.

Other Resources

HIPAA Survival Guide Blog Talk Radio Overview
HIPAA Survival Guide Blog Talk Radio Overview
Business Associate Agreement
Business Associate Agreement
HITECH / HIPAA Core Training Modules Overview
HITECH / HIPAA Core Training Modules Overview

HSG Logo 
Dear Carlos,

Welcome to our May 2012 HITECH / HIPAA Compliance Newsletter.  


The featured article this month is entitled  Healthcare and the Cloud Revisited: it's your data, how do you protect it?.



 PRCLFrontPage The HIPAA Survival Guide is pleased to announce the release of our HIPAA Privacy Rule Checklist under HITECH. This product is now available on the HSG Store.


Webtones PointerFREE WEBINAR: Disruption in Healthcare: why this is not your daddy's HIPAA anymore?


This webinar explores the the disruption occurring in the healthcare industry  (HITECH, EHRs, ACOs, mobile, cloud computing, social media) and why it  creates an inflection point in healthcare privacy and security compliance. It also explores why healthcare compliance literacy needs to be re-examined in a world where a half century of repressed change will be unleashed in the healthcare industry over the next five years.


As Yogi Berra famously said: "The future ain't what it use to be."



Date: May 17, 2012. 

Time: 2:00 to 3:30 EST. 

To register Click Here.  


Webtones PointerHIPAA Survival Guide Radio: Next Show


Our weekly radio show covers topics about how the HITECH Act is transforming HIPAA and: 1) exposure to industry thought leaders; 2) analysis of proposed and promulgated HHS/OCR rule making; and 3) a forum for sharing industry best practices. Here's the overview video. To participate via chat you will need to create a FREE Blog Talk Radio account. No account is necessary just to listen. Archived copies of shows will be made available.


To be reminded of upcoming radio shows Update Your Profile by selecting "HSG Radio Show Reminder." There is no show scheduled for May 4, 2012.


Date: May 11, 2012. 

Time: 3:00 to 3:30 EST. 

To listen Click Here. 


HITECH / HIPAA Newsletter 
HSG Announcements
FHC Logo
FierceHealthcare gives healthcare industry insiders must-know news, market trends, developments and insights about the industry with a special focus on critical areas such as hospital administration, compliance, policy & regulation, staffing, compensation and other leadership challenges. Sign up for our free daily email newsletter here!
Webtones Pointern addition to our commercial-off-the-shelf training products, we now offer training customized for your organization through our partnership with the Digital Business Law Group. We recognize that some organizations, including business associates, have a need for HIPAA / HITECH training tailored to their specific needs (click here or on the image below to get more information).
HIPAA Training  


Our EHR Library remains one of our most popular downloads. Here you will find content that will help you select the right EHR package for your practice or facility and other useful EHR collateral.
HITECH Switch On  


Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape. 

Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below.  If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.  

Become a Fan
Follow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos.

Advertising Opportunities
HSG is now welcoming advertisers to help support one of the most comprehensive and usable HITECH / HIPAA sites on the Internet. Our audience continues to grow as healthcare providers and business associates, both large and small, return to HSG again and again.
Main_Article Healthcare and the Cloud Revisited: it's your data, how do you protect it?
Webtones PointerOur September 2011 Issue provided a general overview of the benefits and risks of healthcare providers moving to the Cloud. We continue to believe that Cloud economics is so compelling that providers will make the move in large numbers, despite the significant risks that may be associated with the move.

The Cloud is displaying similar economies of scale for computing resources as the electric grid did for electricity. At the turn of the 20th century, many factories still generated their own electricity until the electric companies mastered the generation and distribution at such compelling price points that factories no longer needed to provide their own.  

HITECH / HIPAA NewsletterThis article explores how to protect your PHI when moving to the Cloud. It turns out that protecting your PHI on the Cloud is not only fraught with technical complexity, but with a significant amount of legal complexity as well.

We are concerned that many covered entities do not possess either the technical or legal wherewithal to adequately deal with this issue. As always, it's our mission to provide our readers "news you can use." Our objective in this article is to get you "up the curve" so that you can, at a minimum, begin to ask the right questions.  

 Key Contract Sections Before proceeding to the substance of the article we want to define some basic terms and concepts so that we are all singing from the same page. 
What is the cloud?   
The National Institute of Science and Technology ("NIST") Special Publication ("SP") 146 defines the Cloud as (paraphrasing): 
an abstraction for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. The cloud model promotes availability and is composed of ... three service models, and four deployment models.  


Let's explore the elements of this definition.




About Us
HITECH Puzzles3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.

We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.

Carlos Leyva, CEO
3Lions Publishing, Inc.
(800) 516-7903


Contact us today