Oct
29
HIPAA Jobs – Job listings for HIPAA Administrators, Chief Privacy Officers, and other HIPAA-related positions
Filed Under HIPAA News | Comments Off
HIPAAClicks.com just added a new HIPAA jobs section. Check it out!
HIPAA Jobs
Find a HIPAA-related job such as HIPAA Administrator, HIPAA Database Engineer, HIPAA Compliance Officer, Chief Privacy Officer and more.
Go to HIPAA jobs page.
Oct
28
HIPAA Law Handcuffs Hospitals and Police
Filed Under HIPAA Enforcement, HIPAA Law | Comments Off
Police and Law Enforcement officials are often burdened, some say unnecessarily so, with medical privacy restrictions and obligations. In many instances, these officials must act fast or risk losing suspects, data, or other valuable information.
It appears this happened over the weekend when “Binghamton General Hospital staff members released a man Endicott police intended to charge with threatening to harm a child.”
Other area police agencies said the federal privacy laws have led to potentially dangerous people being released without their knowledge.
“It’s not an uncommon occurrence,” Vestal Police Capt. David Burdick said. “The reason we take people to crisis centers is because they’re a danger to themselves or others and we like to have that heads-up when they’re released.”
Burdick said people have been released in the past from either psychiatric or medical treatment, without police knowledge, before detectives were done investigating an incident or before police could warn victims. Burdick wasn’t sure how exactly how many similar incidents Vestal police have dealt with this year.
However, Burdick and other Broome County police officials agreed that hospital staff members are just following the new rules.
Click here to read the full article.
Oct
24
QuickCompliance Launches the ‘HIPAA Security Roundtable,’ a New Series of Online Seminars Aimed at Addressing HIPAA Security Compliance
Filed Under HIPAA Compliance, HIPAA News, HIPAA Security | Comments Off
QuickCompliance Launches the ‘HIPAA Security Roundtable,’ a New Series of Online Seminars Aimed at Addressing HIPAA Security Compliance
Noted industry expert, John Parmigiani, to focus on topics of most interest to
healthcare organizations preparing for the April, 2005 HIPAA Security deadlineAVON, Conn., Oct. 20 /PRNewswire/ — QuickCompliance, Inc., a leading
provider of web-based healthcare regulatory and compliance training solutions,
announced today it will launch a new series of practical and topical online
seminars designed to help healthcare organizations prepare for the HIPAA
Security compliance deadline.John Parmigiani, QuickCompliance’s Senior Vice President for Consulting
Services, will deliver 13 one-hour seminars beginning on October 27, 2004 and
ending in April, 2005.The inaugural session, entitled “Corporate Compliance: Security Aspects,”
is scheduled for Wednesday October 27, 2004 at 1 PM EDT. Mr. Parmigiani will
discuss how both regulatory requirements and good business practices dictate
due diligence and auditable governance on the part of all levels of an
organization, setting the stage for the ensuing discussions aimed at achieving
HIPAA Security compliance. For more information, go
to http://www.quickcompliance.net/hipaasecurity .During the 13-part series, Mr. Parmigiani will cover such topics as:
– Risk Analysis and Risk Assessment
– Security Aspects of Corporate Compliance
– Security Readiness Check
– Password Management
– Audit Controls
– Dealing with Vendors and Outside Business Associates“There is a lot of confusion out there about how to interpret the HIPAA
Security rules. The goal of this series is to address that confusion and help
organizations get ready to meet the deadline,” said John Parmigiani, Senior
Vice President for Consulting Services at QuickCompliance.About John Parmigiani
Mr. Parmigiani is widely acknowledged as an expert in HIPAA Security both
from his role as the federal government’s chair in the formulation of the
proposed and final HIPAA rules as well as a consultant and nationally
acclaimed speaker in HIPAA compliance. For more information about Mr.
Parmigiani, go to http://www.quickcompliance.net/hipaasecurity .About QuickCompliance
QuickCompliance is a full-service e-Learning company providing
comprehensive e-Learning, testing, tracking solutions, and consulting services
that enable organizations to address regulatory and compliance mandates.
QuickCompliance provides a full-range of products and services including “off
the shelf courses,” custom course development, and hosting and deploying
learning management systems. QuickCompliance is training employees throughout
the country in health plans, hospitals, academic medical centers,
pharmaceutical and medical device companies, financial institutions and
federal and state government agencies. QuickCompliance’s HIPAA training
solutions have been recognized by the Gartner Group as the most frequently
cited HIPAA training solution. To learn more
visit: http://www.quickcompliance.net .SOURCE QuickCompliance, Inc.
Web Site: http://www.quickcompliance.net
http://www.quickcompliance.net/hipaasecurity
(Via PRNewsWire
Oct
22
Computer data on home care breached
Filed Under HIPAA (General), HIPAA Enforcement | Comments Off
Another potentially massive security breach. Geez. We’ll have to keep an eye on this one and see how HIPAA comes into play if they get to a prosecution for this.
sacbee.com — Medical — Computer data on home care breached
About 1.4 million computer files containing personal data on disabled and elderly people who receive home care, as well as their care workers, may have been stolen during a security breach in August, state officials warned Tuesday.
The officials urge people concerned about their records to get a free credit check.
UCDavis Health
Though investigators do not know whether the information was copied, they have determined that someone gained unauthorized access Aug. 1 to a computer containing the data that belonged to a University of California researcher.
Oct
22
British Medical Journal Interviews National Health Information Technology Coordinator David Brailer, MD, PhD
Filed Under HIPAA (General), HIPAA Privacy | Comments Off
BMJ (British Medical Journal) interviews David Brailer, the National Health Information Technology Coordinator for the United States and he touches on HIPAA regulations being sufficient protection for patient privacy when email is getting used more and more.
What do you think health care IT will look like 10 years from now?
We expect to have an information tool in the hands of every physician that has access to their patients’ data, access to knowledge and clinical rules, guidelines, etc… and communications tools with other clinicians. We expect to have a network that securely and in a patient-controlled manner connects all those electronic health records… so that if a physician is seeing a patient all that patient’s information that the patient wants the doctor to see is made available to them in real time. Patients don’t have to fill out the same forms over and over again. Patients will have access to portals or tools that will allow them to see their own data, participate in decision making, and communicate with their doctors, and we’ll be able to collect the data we need for quality monitoring, for clinical trials, for public health or bioterror surveillance directly out of the network.
What are your views of the use of email in clinical care?
I think it’s essential. Whether we support it from a policy or a financial perspective or not, patients are going to demand it and physicians are going to have to do it, so the question is are we going to develop some of the oversight mechanisms and safeguards and the financial offsets so that as it happens it’s done in a positive way and not just another thing that harms the doctor.
I think the legal infrastructure we have from HIPAA is quite adequate to be able to put in the safeguards that are needed to protect that information.
What do you think? Are HIPAA regulations sufficient to protect patient privacy? Comment below.
Oct
18
CIO Asia – Issue – The Six Secrets of Highly Secure Organisations
Filed Under HIPAA Compliance, HIPAA Security | Comments Off
How many of these “Secrets” does your organization practice?
CIO Asia – Issue – The Six Secrets of Highly Secure Organisations
WHAT WE THINK
It’s good to be confident. It’s better to have good reason to be confident. Here are six secrets that we believe will help you work your way into the Best Practices Group.The Six Secrets
1. Spend more. Globally, respondents said infosecurity accounts for less than 11 percent of their IT budgets. The Best Practices Group claimed 14 percent.
2. Separate information security from IT and then merge it with physical security. These disciplines can either exist under a single CSO or as separate entities governed by an executive security committee.
Over the course of the next year:
3. Conduct a penetration test to patch up network and application security (the Best Practices Group was 60 percent more likely to do this than the average respondent), and perform a complete security audit to identify threats to employees and intellectual property. (The Best Practices Group did this far more often than the average respondent.)
4. Create a comprehensive risk assessment process to classify and prioritise threats and vulnerabilities. (The Best Practices Group was 50 percent more likely to do this.)
5. Define your overall security architecture and plan from the previous three steps. (Two-thirds of the Best Practices Group did this as opposed to only half of the respondents overall.)
6. Establish a quarterly review process, using metrics (for example, employee compliance rates) to measure your security’s effectiveness. This will help you to use your increased resources more efficiently.
And eventually, you’ll get locked into that virtuous cycle.
And later in the article, an interesting result reported about real-world HIPAA compliance:
Why Uncle Sam Makes a Poor CISO
The US government has taken on information security. It has sought to influence security practices through regulation—the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act, and others—and the Department of Homeland Security’s colour-coding system, which defines how private-sector security professionals should respond to a given level of risk. But the “2004 Global Information Security Survey” indicated that either the regulations were poorly conceived or written, or that our respondents had a slovenly attitude toward compliance. Or both.
…
In any case, something’s gone awry. (See “What Do You Do When We Go to Orange?”)
Only half of all U.S. respondents claimed to be in compliance with HIPAA, and less than that (41 percent) reported that they comply with Sarbanes-Oxley. Of course, not every respondent needs to comply with HIPAA. But if we look at those respondents in the industries that do%u2014health care, pharmaceutical, and biotech at 71 percent, 45 percent and 40 percent compliance, respectively — the story doesn’t change all that much.Security professionals are dubious about the impact of both current and potential future regulation. “No regulation is preferable to bad regulation,” says the CISO of a major electronics company. “On the other hand, if we don’t regulate, we’re heading to a bad event with critical infrastructure, and then you’ll end up with regulation passed in reaction to the bad event. It would be the worst of both worlds.”
Oct
18
PRESS RELEASE: $99 HIPAA Compliance Automated Software Product Introduced by 3DGrid
Filed Under HIPAA Compliance, HIPAA Compliant Software, HIPAA News, HIPAA Technology | Comments Off
Looks like there is a free trial download for this product. Might be worth checking out if you’re a small operation in need of a low-cost solution. We haven’t tried this or evaluated it, so this is just a heads-up — another company advertising solutions for HIPAA compliance, this time with potentially a pretty reasonable price tag.
PRESS RELEASE: $99 HIPAA Compliance Automated Software Product Introduced by 3DGrid
$99 HIPAA Compliance Automated Software Product Introduced by 3DGrid
HIPAA Checkup Essentials — Low Cost product created by the leading HIPAA compliance solution provider for small and medium sized practices.
SEATTLE (PRWEB) October 18, 2004 — 3DGrid, Inc., the leading provider of HIPAA compliance solutions for small and medium sized healthcare practices, today announced the launch of HIPAA Checkup Essentials, a tool that provides essential HIPAA compliance resources for $99.
The tool is a sophisticated primer designed to help practices begin to meet their HIPAA Security compliance requirements. HIPAA Checkup Essentials is designed for practices that are unsure of how much or how little they might need to do for the forthcoming HIPAA Security Rule, but are willing to do some of the basics to get started. The product can be upgraded to the full HIPAA Checkup Suite with minimal effort and cost.
“We built HIPAA Checkup Essentials for the small practice that is unsure of its obligation under the HIPAA Security Rule, but wants to make sure to cover the basics. If the practice comes to understand the value of a fully automated compliance solution, we will upgrade them to the HIPAA Checkup Suite in a seamless fashion.” said Tobin Arthur President and CEO of 3DGrid.
HIPAA Checkup Essentials is now the premier HIPAA compliance product on the market under $100. The product was developed in response to requests by some practices that just wanted the essential form and policy templates needed to get their HIPAA documentation underway.
About 3DGrid Healthcare Solutions
3DGrid Healthcare Solutions is a Seattle-based software development firm dedicated to cost-effectively delivering Fortune 500-quality technologies to the small and medium sized healthcare practice environment. The 3DGrid team is focused on reducing practice risk while giving providers more time %u2026 time to generate more revenue or time to live life to the fullest. HIPAA Checkup does this by helping doctors and administrators of small to medium sized practices achieve compliance quickly, with relative ease and minimal expense. For more information, please contact 3DGrid at telephone 866-3DGrid-1 or visit us online at www.3DGrid.com.Contact:
3DGrid
1952 1st Ave. South #3
Seattle, WA 98134
Tel (206) 568.3434
Fax (206) 464.9993
Web www.3dgrid.com
Oct
17
Is Microsoft Small Business Server 2003 HIPAA Compliant?
Filed Under HIPAA Compliant Software, HIPAA Technology | Comments Off
Someone at Microsoft got a phone call about whether or not Microsoft Small Business Server 2003 is HIPAA compliant because it has two network cards.
So today I get asked if there is anything in HIPAA….
So I’m on the phone today and get asked if there is anything in HIPAA that says that ISA server/SBS 2003 is not HIPAA compliant because it has two Network cards.
The final answer to the question was:
Where’s your weak spots? That’s where you need to be focusing your time and budget on.
Counting network cards is not the way to more security.
Amen, sister. :)
Oct
17
SC Magazine – Biometrics get the thumbs up
Filed Under HIPAA Technology | Comments Off
The need to properly secure protected patient data means that we’ll be seeing a lot more about bioinformatics as we move forward.
The appeal of biometrics is growing, as more and more organizations are noting the many benefits it offers. Illena Armstrong explains why trends are now changing
Cost-savings, convenience and security benefits, along with the need to abide by legislation such as HIPAA, GLBA and Sarbanes Oxley are spurring a range of organizations to consider deploying biometric defenses to their systems.
…
Mehl says calls to the company helpdesk have dropped dramatically, and the system is more secure, convenient and easier to audit. “We went through all the different authentication schemes. We looked at smartcards and tokens, we looked at certificates, we thought about dual user names and passwords and then we thought of biometrics,” he says. “We ended up not going with smartcards, tokens, certificates or dual passwords because they all have one thing in common — they do not authenticate who is using it. They authenticate the password, or that they have the token.”
Oct
16
CMS NAMED TO ENFORCE HIPAA TRANSACTION AND CODE SET STANDARDS
Filed Under HIPAA Enforcement, HIPAA Law | Comments Off
This is from way back in 2002, but the CMS hasn’t put out a whole lot more on the topic of HIPAA enforcement since then. We’ll keep you posted on any other HIPAA enforcement news.
2002.10.15: CMS NAMED TO ENFORCE HIPAA TRANSACTION AND CODE SET STANDARDS
News Release
FOR IMMEDIATE RELEASE
October 15, 2002Contact: CMS Press Office
(202) 690-6145
CMS NAMED TO ENFORCE HIPAA TRANSACTION AND CODE SET STANDARDS
HHS Office for Civil Rights To Continue To Enforce Privacy StandardsHHS Secretary Tommy G. Thompson announced today that the Centers for Medicare & Medicaid Services (CMS) will be responsible for enforcing the transaction and code set standards that are part of the administrative simplification provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
“HIPAA administrative simplification is going to streamline and standardize the electronic filing and processing of health insurance claims, save money and provide better service for providers, insurers and patients,” Thompson said.
“To accomplish this will require an enforcement operation that will assure compliance and provide support for those who file and process health care claims and other transactions,” Thompson said. “CMS is the agency best able to do this.”
CMS will continue to enforce the insurance portability requirements of HIPAA. The HHS Office for Civil Rights (OCR) will enforce the HIPAA privacy standards. CMS and OCR will work together on outreach and enforcement and on issues that touch on the responsibilities of both organizations – such as application of security standards or exception determinations.
Ruben J. King-Shaw Jr., CMS deputy administrator and chief operating officer, said CMS will create a new office to bring together its responsibilities under HIPAA, including enforcement.
“Concentrating these CMS responsibilities in a new office with a single mission will give us the most efficient operation possible, while providing strong support for all our partners in the health care community,” King-Shaw said.
The new CMS office will establish and operate enforcement processes and develop regulations related to the HIPAA standards for which CMS is responsible. These standards include transactions and code sets, security, and identifiers for providers, insurers and employers for use in electronic transactions. The office will report directly to the deputy administrator.
The office also will conduct outreach activities to HIPAA covered entities such as health care providers and insurers to make sure they are aware of the requirements and to help them comply.
Federal law requires most health plans, clearing houses, and those providers that conduct certain transactions electronically to be compliant with the HIPAA transactions standards by Oct. 16, 2002, unless they file on or before Oct. 15 for a one-year extension. Those who are not compliant and have not filed for the extension may be subject to statutory penalties. (The law gives certain small health plans until Oct. 16, 2003 to comply).
Enforcement activities will focus on obtaining voluntary compliance through technical assistance. The process will be primarily complaint driven and will consist of progressive steps that will provide opportunities to demonstrate compliance or submit a corrective action plan.
A fact sheet summarizing the administrative simplification standards required by HIPAA is available at www.hhs.gov/news/press/2002pres/hipaa.html. More detailed information about the standards is available at www.cms.hhs.gov/hipaa.
###
Note: All HHS press releases, fact sheets and other press materials are available at www.hhs.gov/news.
Oct
16
Medical records go online
Filed Under HIPAA Compliance, HIPAA Compliant Software | Comments Off
More and more, companies are developing HIPAA compliant software that allow doctors and patients to access their medical records while still protecting privacy.
InteGreat has developed five modules so far. Doctors can process prescriptions electronically, track orders and document their encounters with patients.
Building its Web-based products from scratch and building them in modules sets InteGreat apart, Koeller said.
While the idea of electronic medical records has been around for more than 25 years, Koeller blames the failures of early products for the slow adoption rate.
“More failed than were successful because they required physicians to change the way they practice,” he said. “Today, systems adapt to the way the physician practices.”
Besides patients driving demand for online service, government agencies and health insurers also are pushing for medical records to go electronic, say Koeller and Mark Anderson, chief executive officer of the AC Group Inc. research firm in Texas.
Excluding hospitals, the market for EMR software is expected to grow from $500 million this year to $5 billion in 2008, Anderson said. But with 270 companies selling EMR software, most of them small players like InteGreat, there will have to be shakeouts in the years ahead, he said.
InteGreat is well positioned, though, Anderson said. Doctors want products that are easy to use, and the ability of InteGreat’s products to share information across a patient’s community of doctors sets it apart, he said.
(Via Jeff’s HIPPA Blog)
Oct
13
The HIPAA Critic’s Oaths
Filed Under HIPAA (General) | Comments Off
Blogger takes to task some of the regulatory oddities and annoyances that have been created by HIPAA:
The golden rule of medical insurance claims: First, do no thing.
Insurance companies claim to dislike HIPAA (Health Insurance Payment Anti-Acceleration) because of all the bureaucratical red taping it demands, but we know better.
A case in point: my Large, Well-Known Medical Insurance Company has a claim pending since April of aught-three involving a routine medical matter for Gladys. Total charge: $86 (American). Our coverage was new and we didn’t have the insurance card, so we paid the full amount and filed the claim shortly thereafter.
A number of moons go by…
I send in a photocopy with “SECOND REQUEST” on it.
A number of other moons go by and the claim has celebrated its first birthday, so I call up LWKMIC’s Claim Persistance Line and – after some lovely taped ads for them, plus a disclaimer that my call may be recorded to be replayed in the supervisors’ lounge as an employee benefit – get an American (in America) on the line…
Click here to read the rest of the post
Oct
12
EnCase keep tabs on compliance complexity
Filed Under HIPAA Compliance, HIPAA Compliant Software | Comments Off
Guidance Software describes EnCase as a “network-enabled forensics, incident response, and security analysis tool.” Not only capable of ensuring your systems are properly patched, EnCase is fed by your intrusion detection system to closely track attacks and record them with snapshots for later review. Further, EnCase is an excellent tool for automating compliance testing for stringent regulations such as HIPAA. Companies can quickly search through servers and workstations from a single console for sensitive documents and images, then determine how files have been distributed through the enterprise and by whom.
Read the full article here.
Oct
7
JS Online: New law limits details on injured troops
Filed Under HIPAA Compliance | Comments Off
This article points out another consequence of HIPAA – reporting battlefield casualites and injuries about specific soldiers is covered under HIPAA.
JS Online: New law limits details on injured troops
Implemented about a year ago, HIPAA prohibits hospitals and other health care providers from releasing information about a patient without consent from the patient or next of kin. It also is intended to give people more control over their health records.
But the law’s far-reaching implications have, in some cases, prompted public health officials to withhold information about communicable disease outbreaks, hospitals to refuse clergy information about ailing parishioners, and nurses to hesitate to leave information on a patient’s telephone answering machine.
Now, military officials are citing the law in refusing to identify soldiers wounded in Iraq or disclose details about their injuries.
…
“In an effort to protect everyone’s privacy, we’re pseudo-censoring what information we put out,” he said. “It definitely seems that it’s having effects that the people who created it didn’t intend.”
(Via the other HIPAA Blog.)