Lobbying Affiliate: MML&K Government Solutions
{ Banner Image }

Healthcare Law Blog

Comprehensive Healthcare law services.
It's kind of our bag.

Contact Us

250 Character(s) Remaining
Type the following characters: hotel, romeo, romeo, november, niner

* Indicates a required field.

Categories

McBrayer Blogs

Related Blogs

Showing 10 posts in HIPAA Risk Assessment.

Plan for the Worst, Hope for the Best: Why You Must Have a HIPAA Risk Assessment

“The single biggest and most common compliance weakness is the lack of a timely and thorough risk analysis.” More >

HIPAA and “Meaningful Use” Audits: Issues to Consider and How to Prepare

As more and more providers adopt electronic health records (“EHRs”) systems (and with new regulations concerning their required use for purposes of Medicare billing for chronic care management, their popularity can only continue to grow), a myriad of compliance issues continue to surround them. To that end, the federal government has stepped up auditing programs to ensure compliance with HIPAA/HITECH as well as making sure taxpayer money has been invested wisely through the Meaningful Use program. The bent of these audit programs is clearly along the lines that applicable covered entities and business associates should be preparing with a “when” mindset, rather than “if,” as these audits are going to happen. More >

Have You Reviewed Your Existing Business Associate Agreements?

Pursuant to the HIPAA Final Omnibus Rule (“Final Rule”), covered entities and their business associates were required to enter into new business associate agreements (“BAAs”) or modify existing BAAs by Sept. 23, 2013. However, existing BAAs that (i) were entered into on or before Jan. 25, 2013; (ii) met the requirements that were applicable prior to the promulgation of the Final Rule; and (iii) were not modified after March 26, 2013, have until Sept. 23, 2014 to be updated. That deadline is quickly approaching. More >

OCR Offers “Lessons Learned” Regarding HIPAA Compliance, Part II

On Tuesday, some of the details of OCR’s recently released Breach and Compliance Reports were discussed. In addition to detailing facts and figures from cases involving breaches in 2011 and 2012, the Breach Report includes an important “Lessons Learned” section that all covered entities and their business associates should review. Based upon reported breaches, the OCR has outlined some specific areas of concern, which include the following: More >

A New HIPAA Security Risk Assessment Tool For Your Compliance Arsenal

On Friday, the U.S. Department of Health and Human Services (HHS) announced a new security risk assessment (“SRA”) tool for small and medium size healthcare providers. The downloadable tool (available for free here) is a self-contained, independent application that is available for Windows and iOS platforms. The SRA works by asking a series of in-depth questions about the provider’s activities and facilities. The “yes” or “no” answer format for each question reveals whether corrective action is needed in a particular area. Additional resources in the SRA help providers understand the risks associated with the use, disclosure and storage of protected health information. The SRA offers providers the opportunity to generate, update and document assessment materials and corrective action plans through the SRA; documentation is especially important for audit purposes. More >

Secure Text Messaging in a HIPAA World? Part II

Earlier this week, I referred to mobile applications such as TigerText and Doc Halo which are being touted as a method of “HIPAA-compliant” texting. These apps allegedly secure protected health information (PHI) sent via text message to ensure providers’ compliance with HIPAA privacy law. Covered entities must realize, however, that the use of these apps alone is not sufficient to pass a HIPAA audit. While HHS has not banned the texting of patient information, it has made clear that an organization should approve it only after “performing a risk analysis or implementing a third-party messaging solution that incorporates measures to establish a secure communication platform that will allow texting on approved mobile devices.” More >

Secure Text Messaging in a HIPAA World?

Texting is becoming an increasingly acceptable form of communication in the business world, but can it be relied upon in the health care industry? There are numerous advantages to texting in the fast-paced world of health care. In an environment where time is of the essence, voicemails and pagers can slow down providers’ care and fail to convey adequate information. A text, on the other hand, is both immediate and can be detail-specific. In addition, texting can involve more than one sender and/or receiver in a closed-loop conversation, and, unlike through the paging system, a sender can be notified when the message has been read by the receiver(s). Text messaging can not only improve an entity’s efficiency, but it can also serve as a way to easily connect with patients, thereby improving quality of care. More >

Small Devices & Big Consequences: Why Medical Practices Need Encryption

On Tuesday, I shared information about the U.S. Health and Human Services (“HHS”) Office of Civil Rights’ (“OCR”) first settlement with a medical practice for alleged violations of the breach notification provisions of the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. The $150,000 settlement was made with Adult & Pediatric Dermatology, P.C., (“the Practice”) after the entity reported a stolen jump drive that contained PHI of approximately 2,200 patients. More >

PHI May Be In More Places Than You Think

A recent HIPAA settlement serves as an important reminder that protected health information (PHI) may be stored on “ordinary” office equipment such as printers, photocopiers, scanners and fax machines, and not just on computer hard drives.  On August 14, 2013, the Department of Health and Human Services (HHS) announced a settlement with the not-for-profit managed care plan Affinity Health Plan, Inc. (“Affinity”) for over $1.2 million in connection with HIPAA Privacy and Security breaches stemming from PHI stored on a photocopier hard drive. More >

Lexington, KYLouisville, KYFrankfort, KYFrankfort, KY: MML&K Government Solutions