 Products now available in the HSG Store. |
HIPAA Breach Notification Framework
Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.
Buy Now...
Business Associate Agreement: a HITECH Ready Model Contract
Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract.
Buy Now...
The Security Rule Under HITECH:
a Business Associate Perspective
First Edition
The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.
Buy Now...
HIPAA Core Training Combo
This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH Training Module and the HITECH and HIPAA Compliant Training Module all in one Combo Package. Buy all 4 for a little more than than the price of 3
Buy Now...
|
| Join Our Mailing List |
|
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.
|
 |
| HIPAA Cloud, Social Media, and Mobile Checklist |
 |
| Business Associate Agreement |
 |
HITECH / HIPAA Core Training Modules Overview
 |
| HIPAA Privacy Rule Checklist Product Overview |
 |
| HITECH Breach Notification Framework Overview |
|
|
|
Dear Carlos,
Welcome to our May 2013 HITECH / HIPAA Compliance Newsletter.
Our article this month is entitled: A Business Associate Just Notified You of a Serious Breach: What now?
This article provides guidance regarding on what to expect, and what you should do, once a Business Associate has notified you of a breach. By now, you should already have a plan in place that helps you respond to this dreaded predicament. However, we know from experience that many of you don't, and even if you do, read on, you may learn something new.
 We are pleased to announce Release 1.0 of our Subscription Service which is available for purchase in our new HIPAA Survival Guide Store along with our suite of Omnibus Rule Ready™ products. Our product suite has been updated to reflect Omnibus Rule modifications.
Our Subscription Service and products ("Products") provide policies, processes, and tracking mechanisms to help covered entities and business associates deliver visible, demonstrable evidence of HIPAA compliance. The HIPAA Rules tell you what is required in order to comply; our Products provide best practice step-by-step guidance that helps you meet your compliance objectives.
|
| HSG Announcements |
|
Our EHR Library remains one of our most popular downloads. Here you will find content that will help you select the right EHR package for your practice or facility and other useful EHR collateral.
Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape.
Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below. If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.  Become a FanFollow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos. Advertising OpportunitiesHSG is now welcoming advertisers to help support one of the most comprehensive and usable HITECH / HIPAA sites on the Internet. Our audience continues to grow as healthcare providers and business associates, both large and small, return to HSG again and again.
|
 A Business Associate Just Notified You of a Serious Breach: What now? |
 This article provides guidance regarding on to expect, and what you should do, once a Business Associate has notified you of a breach. By now, you should already have a plan in place that helps you respond to this dreaded predicament. However, we know from experience that many of you don't, and even if you do, read on, you may learn something new.
The approach we take in the article is to use the breach notification process as a backdrop to point out a number of "holes" you may have in your HIPAA/HITECH compliance initiative, ones that you are likely not even aware of.
 Tracking Security Incidents?
The term "security incident" means the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system. An attempt qualifies as an incident.
If you are not rigorously tracking incidents, then you can't possibly know when you have a breach. One of the first questions that an HHS auditor is going ask is "show me the system (i.e. the policies, processes and tracking mechanism) your organization uses to track security incident?" If you can't adequately answer this most basic of questions, you may be in willful neglect land five minutes into the audit.
Ok, so let's assume that for the purpose of this article you, as the covered entity, have a state of the art security incident tracking system in place. What we really want to know is "What kind of tracking system does your business associate have in place?" If the answer is "we don't have a clue," then may the HIPAA gods help you if it turns out that in fact, despite "catching" this incident, there is no business associate system in place at all.
 How Do You Know It's a Breach?
In order to determine whether Breach Notification is triggered you need to follow a methodology that is mandated by the Breach Notification Rule ("Rule"). Although the Rule contains a basic methodology that is inherent in its text, it is not presented as such in the regulations. HIPAA/HITECH remain descriptive as opposed to prescriptive. That is, the regulations inform you as to what is required, but have very little (mostly nothing) to say about how you should go about complying.
The methodology consists of a three part analytical framework which we turn our attention to next. Although the framework only consists of three parts, it is significantly more complex than it first appears.
|
| About Us |
 3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.
We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.
Carlos Leyva, CEO
3Lions Publishing, Inc.
(800) 516-7903
|
|
|
