HIPAA

The Auditors Are Coming, The Auditors Are Coming!!

By Matt Fisher – After waiting with bated breath for almost a year, the day when full scale HIPPA audits will start is almost here. During a keynote address the the HIPAA Security Conference co-hosted by the HHS Office for Civil Rights and the National Institute of Standards and Technology (“NIST”), OCR Director Jocelyn Samuels revealed that the day when audits will start is getting closer.


Why Non-Covered Entities Must Adopt ICD-10

The switch to ICD-10 is mandatory for organizations covered by the HHIPAA, known as “HIPAA-covered entities.” Organizations not covered by the HIPAA, or “non-covered entities,” are not required to transition to ICD-10, but are strongly encouraged to do so. Non-covered entities include property and casualty insurance carriers, including auto insurers and workers’ compensation plans.


The FTC is the New Sheriff in Town

By Mike Semel – Don’t believe “We’re from the government and we are here to help you.” After a data breach in 2006 the FTC settled with ChoicePoint for $ 10 million and a 20-year monitored compliance program. Twenty-Years! In 2012 a company that had a HIPAA data breach was forced out of the state for two years by the Minnesota Attorney General.


Debating HITECH’s Influence on EHR Use

By Steve Spearman. Earlier this summer, the Journal of the American Medical Informatics Association (JAMIA) published a paper titled Impact of the HITECH act on physicians’ adoption of electronic health records, that analyzed how well HITECH has incentivized doctors to make the leap into EHR.


HIPAA Q&A on Risk Analysis

By Steve Spearman – Performing a risk analysis is the cornerstone of HIPAA compliance, so it’s important to understand the regulations that require risk analysis, as well as how to conform to these rules. This week’s Q&A with Steve Spearman, focuses on understanding the essentials of risk analysis.


Breaches, Breaches, Everywhere

By Matt Fisher – It often seems as though a day does not go by without the report of a new breach of healthcare data. Examples of breaches include loss of unencrypted devices (whether laptops, flash drives or other devices), usage of non-secure services, inattention to paper records, employee snooping, and more.


Colorado Medicaid Mails PHI to Wrong Addresses

By Steve Spearman – This past summer, the state of Colorado’s Medicaid program, the Colorado Department of Health Care Policy and Financing (HCPF), accidentally sent letters containing PHI to the wrong addresses, affecting individuals from 1,069 households.