HIPAA Training is an ongoing process

Top 7 HIPAA Audit Items

As you know, the OCR began their first round of desk audits on July 11, 2016. Even if you were not chosen this time around, there are some lessons to be learned from the covered entities that were chosen. Out of the 176 potential audit items that could be requested during the audit, the following 7 items were chosen…. A …

Medical Device Security

Medical Device Security

You have taken every precaution, have installed the best cyber security around, and yet discover that you still were hacked. How can this be? The fact is that more and more cyber criminals are learning that there are vulnerabilities in medical devices, and this is their backdoor to your network. Medical device security is often overlooked when doing risk assessments …

HIPAA Minimum Necessary Standard

HIPAA Minimum Necessary Standard

Do you understand what the minimum necessary standard entails for your business? If you answered no, you are not alone. Recent studies have shown that more than 41% of covered entities do not have policies and procedures in place relating to the minimum standard, and of those that do, they are still unsure if the definition they have is accurate. …

Simple Tips to Keep Your Staff Compliant

Simple Tips to Keep Your Staff Compliant

Both covered entities and business associates struggle with keeping their staff compliant. It is important that everyone understand the fundamentals of HIPAA and compliance, but many find it difficult to know where to start. As so many businesses turn to outside companies for help in their training, there are some simple practices you can implement into your business to help …

Your HIPAA Compliance Checklist

Your HIPAA Compliance Checklist

Whether you are a covered entity or a business associate, you know that you must be compliant with HIPAA. But where do you start? Many businesses struggle with how to even begin becoming compliant, as there are so many HIPAA Privacy and Security Rules. Ignoring the rules is not an option any longer – fines and penalties will be knocking …

Is Texting Ok?

Is Texting Ok?

Not so long ago, email was the preferred communication method of most. While email is still popular, texting has become the new communication method preferred by the majority of the population. But, how does texting fit into the healthcare field, and can you use texting to communicate between staff and with patients? Is it HIPAA compliant? All excellent questions – …

Planning Your Annual Compliance Training

Planning Your Annual Compliance Training

One of the most important components of your HIPAA compliance plan is the training of your staff. Annual compliance training is the perfect time to educate, review laws and regulations, and review company policies and procedures. This training will help your staff with their day-to-day responsibilities and in detecting and avoiding violations. There is no right or wrong way to …

How do you define your compliance program?

How do you define your compliance program?

  When covered entities are asked to define their company’s compliance program, they often have varied answers. While HIPAA is not the only compliance component many businesses must content with today, it does seem to be the most troublesome. Cove red entities struggle daily with trying to maintain HIPAA compliance. Compliance is often defined as having these five elements: leadership, …

Business Associate Due Diligence

Business Associate Due Diligence

Whether you are a covered entity or a business associate, you know that business associates are now required to comply with HIPAA compliance. A business associate is an individual or an entity that creates, receives, maintains, or transmits PHI. If you are a covered entity, it is your responsibility to do your due diligence and make sure that your business …

Are you HIPAA Compliant?

Required Elements of Patient Authorization to Disclose PHI

From time to time, you will receive a request from a patient to disclose some of their health information. While you may have an authorization form in place for such requests, it is important as part of your overall HIPAA compliance program that it contain several required elements. Failure to have these elements may cause your form to be non-compliant. …

Two-Factor Authentication

Two-Factor Authentication

Many covered entities and business associates are confused about the requirement of access control and access management. The question, “is two-factor authentication required under HIPAA,” is often asked. The short answer to this question, is no, it is not required, however, it is strongly recommended. You might be asking, what is two-factor authentication? It is a two-step process or verification, …

Are you HIPAA Compliant?

Are you HIPAA Compliant?

Thousands of covered entities and business associates ask this question every day – are we HIPAA compliant? Will we pass an OCR audit? Now that the OCR has ramped up their audit efforts, many covered entities and business associates are concerned if they have “done enough” to be compliant with the HIPAA rules and guidelines. While 2016 was the initiation …

Anatomy of a Ransomware Attack

Anatomy of a Ransomware Attack

You have heard the countless news stories and reports, telling about another healthcare entity getting attacked by ransomware. Ransomware is everywhere these days, which means you need to be cautious. The most common ransomware showing up today are CryptoLocker and CryptoWall. While CryptoLocker was taken down by law enforcement just a couple of years ago, it has resurfaced, stronger than …

Access Control

Access Control

As part of the HIPAA Security Rule and the Technical Safeguards, access control is standard that every covered entity and business associate must understand and implement into their practice. In accordance with the standard: A covered entity or business associates must, implement technical policies and procedures for electronic information systems that maintain ePHI to allow access only to those persons …

A Look Ahead to 2017

A Look Ahead to 2017

Now that we are half way through 2016 and have started to see the results of the OCR’s crack down on compliance, what can we expect to see in 2017? As many covered entities and business associates frantically scrambled around in the early part of 2016, hoping to not be chosen for an audit, many are still not ready and …