200+ followers. WOWWWWWW…

followed- 200

Hello Everyone,

Today we have the pleasure of celebrating the fact that we have reached the milestone of 200+ followers on WordPress. Since we started this blog, we have had such a great time connecting with everyone.  we never expected to actually to connect with other people in the blogging community.

we are so incredibly thankful for each and every one of you who follows and comments on my blog posts. Please know that!

we would continue our blogging in these areas FDA Regulation, Medical Devices, Drugs and Biologics, Healthcare Compliance, Biotechnology, Clinical Research, Laboratory Compliance, Quality Management ,HIPAA Compliance ,OSHA Compliance, Risk Management, Trade and Logistics Compliance ,Banking and Financial Services, Auditing/Accounting & Tax, Packaging and Labeling, SOX Compliance, Environmental Compliance, Microsoft Excel Spreadsheet, Geology and Mining, Human Resources Compliance, Food Safety Compliance and etc.

Get more articlehttps://www.globalcompliancepanel.com/freeresources/resource-directory

Please follow us on

Facebook – https://www.facebook.com/TrainingsAtGlobalCompliancePanel

Twitter – https://twitter.com/gcpanel

LinkedIn – https://www.linkedin.com/company/10519587/admin/updates/

Internal Audit Checklist for HIPAA

Internal Audit Checklist for HIPAA.jpg

The internal audit checklist for HIPAA is one of the primary elements of HIPAA implementation. The passage of the Health Insurance Portability and Accountability Act (HIPAA) by the U.S. Congress in 1996 was aimed at regulating the way and process by which healthcare institutions across the country reveal the medical information of their patients.

The Department of Health and Human Services (HHS) is tasked with monitoring the compliance aspect of the law, i.e., it monitors how medical organizations comply with the provisions of HIPAA. In order to ensure that medical organization stay compliant with the provisions of HIPAA; auditors measure these compliance aspects with a checklist when testing companies’ medical data recording processes.

The internal audit checklist for HIPAA, like any other checklist, is a list of do’s and don’ts that a healthcare organization has to look to see if it is complying with its processes relating to medical data sharing and recording. These are the core areas against which auditors prepare and monitor the internal audit checklist for HIPAA:

Analysis and assessment of risk

Internal Audit Checklist for HIPAA3

One of the foremost aspects of the internal audit checklist for HIPAA is the organization’s analysis and assessment of the risk involved in disclosing medical information. Medical organizations of the designated types have to carry these out at regular, periodic intervals in ensuring that they don’t give opportunities for causing data breaches. Since healthcare organizations are involved in collecting, keeping and transferring of medical information; it is necessary for them to keep analyzing and assessing the risk involved in data breaches.

Gap analysis

In this category of internal audit checklist for HIPAA; auditors compare regulatory guidelines to security systems in the corporate sector. The idea is to help the medical organization outline its security requirements vis-a-vis its security infrastructure

Remediation

Internal Audit Checklist for HIPAA4

In this internal audit checklist for HIPAA; the healthcare organization relies on a number of technologies and steps to prevent any breach of data, and to also offset the damage done when a breach happens. The primary tools used in this internal audit checklist for HIPAA include software used for tracking defects, for process reengineering, CRM and a few ERP applications.

Planning for contingencies

An internal audit checklist for HIPAA also includes a set of plans that the healthcare organization has to have to be able to plan for contingencies. A healthcare organization can expect emergencies or disasters from any source, and these can be of any kind. An internal audit checklist for HIPAA should include plans for anticipating and dealing with these.

Personnel policies

biostatistics56

The policy a healthcare organization puts in place for its personnel is an important point in the internal audit checklist for HIPAA. It has to decide what kinds of trainings its staff members receive for implementing HIPAA compliance.

 

 

 

click to continue reading

Drug dissolution testing and establishing plasma drug levels in humans

Drug dissolution testing and establishing plasma drug levels in humans5

Dissolution testing is a very important tool that determines and help understand the performance and effectiveness of oral solid dosage forms. It is significant for the field of medicine because if a drug has to be effective, it must be released first from the product form, and it should then be allowed to get dissolved in the gastrointestinal fluids. This is the first step that leads to the next important phase, that of the dosage’s absorption into the bloodstream. This points to the fact that dissolution from the dosage form is a major determinant of the rate and extent to which the drug gets absorbed by the body.

Drug dissolution testing is very important during the development of drugs and drug formulations. It helps to determine if the right concentration of the drug reaches the desired or expected locus of action. This makes the investigation of the factors which affect drug absorption into the human blood flow when a drug product is taken orally important.

The usual method of measurement of drug absorption is in vivo, or, the body of a living being such as a human or animal. Time blood plasma concentration profiles of drugs after oral administration constitute an important in vivo parameter. In-vitro investigations are carried out for identifying the parameters involved in drug absorption. These are investigations that are conducted in a controlled and simulated environment that resembles biological conditions closely.

Thorough learning of drug dissolution

Drug dissolution testing and establishing plasma drug levels in humans

An important seminar from GlobalCompliancePanel, a leading provider of professional trainings for all the areas of regulatory compliance, will offer valuable learning on all the aspects of drug dissolution testing and explain the ways of establishing plasma drug levels in humans.

At this two-day seminar, Dr. Saeed Qureshi, who has worked as a research scientist with Health Canada and is an internationally known expert on the subject whose expertise spans the areas of drug dissolution testing, pharmacokinetics, biopharmaceutics and analytical chemistry as related to animal and human studies for developing and evaluating pharmaceutical products; will be the Director.

In order to gain the benefit of learning from this world-renowned expert, please enroll for this seminar by visiting Drug dissolution testing and establishing plasma drug levels in humans. This course has been pre-approved by RAPS as eligible for up to 12 credits towards a participant’s RAC recertification upon full completion.

All aspects of drug dissolution and establishing plasma drug levels

Drug dissolution testing and establishing plasma drug levels in humans1

This seminar will provide its participants a unique opportunity to learn scientifically valid drug dissolution testing and establishing plasma drug levels. Lab personnel take several approaches to conduct dissolution testing using different apparatuses and methods. This makes section of an appropriate apparatus and method confusing and challenging. Dr. Qureshi will offer relevant pharmacokinetics and physiological background that is aimed at making this choice easier and intuitive. He will use simple and clear language in helping participants understand how to select or develop a dissolution method. He will describe the theoretical aspect of the drug dissolution testing, including method development, in detail. He will explain the pros and cons of different approaches.

Another important area that Dr. Qureshi will address is in vitro-in vivo correlation (IVIVC). He will address the particular issue of the use of the concepts of convolution/deconvolution and IVIVC in providing an estimate/prediction of expected drug levels in humans through drug dissolution testing. This approach has met with limited success. Dr. Qureshi will explain the reasons for this and suggest alternative approaches and will offer an explanation of the underlying scientific principles involved in convolution, deconvolution and IVIVC techniques with simple practical examples. He will describe a unique and simple approach based on convolution technique using spreadsheet software.

He will show in vitro drug dissolution testing and convolution/deconvolution techniques for predicting plasma drug levels using the principles of pharmacokinetics and physiology. Dr. Qureshi will cover the following main areas at this seminar, with its relevant subtopics:

Personnel who work in various levels of the areas of Pharmaceutical Development, setting up analytical methods (pharmacopeial, regulatory or in-house developed), R & D (both analytical and formulation), Project Management, Quality Control, Quality Assurance, and Regulatory Affairs will benefit enormously from this learning.

To join us for more information, get in touch

 

HR Tech: President of First U.S. Firm to Microchip Employees Will Speak in Dallas on Workplace Wearables

Patrick McMullan will speak on how the microchip technology has impacted the employee experience and workplace productivity at Three Market Square — and address concerns about privacy, GPS tracking, and worker satisfaction.

HR Technology concept

What if your employer asked you to implant a microchip under your skin to help them keep track of you?

Three Square Market took that step, and made headlines last summer amid debate concerning invasions of privacy. It was the first company in the U.S. to offer to microchip its workforce — on a strictly voluntary basis, according to media reports.

Three Square Market President Patrick McMullan will share the experience at the upcoming 2017 Human Resources Technology Exchange in Dallas, which will take place Dec. 10-12.

“The international marketplace is wide open, and we believe that the future trajectory of total market share is going to be driven by whoever captures this arena first.”

Patrick McMullan

The Wisconsin-based provider of self-service breakroom vending machines had a “chip party” in July, during which 50 out of the company’s 85 employees agreed to trade in their employee IDs and passwords for a chip to be inserted in between their forefinger and thumb. The chipped employees can enter the building, sign into their computers, and pay for snacks, all with just a wave of the hand.

The decision to chip was driven by an aim to get ahead of the growing wearable technology trend, according to a release. By 2020, 75 million devices are predicted to be voluntarily in use.

“The international marketplace is wide open, and we believe that the future trajectory of total market share is going to be driven by whoever captures this arena first,” McMullan said in a BBC article from last summer.

Read More: http://snip.ly/4lnun#https://dallasinnovates.com/hr-tech-president-of-first-u-s-firm-to-microchip-employees-will-speak-in-dallas-on-workplace-wearables/

Las Vegas hospitals must follow regular HIPAA privacy rule

Las Vegas hospita.jpg

After natural disasters, HHS sometimes waives certain HIPAA privacy rule requirements. That’s not usually the case after man-made disasters, such as Sunday night’s massacre in Las Vegas, where more than 50 were killed and hundreds were wounded after a gunman opened fire at a music festival.

Because the HIPAA privacy rule already allows information disclosure in certain cases, such as when public safety is threatened, and because there has been no declaration of a public health emergency, HIPAA waivers have not been necessary in this case.

Local hospitals will have to be careful, especially with so many requests for information from families, friends, and the media, said Mark Swearingen, a Hall Render attorney focused on health information privacy and security.

“Hospitals are going to have to be very careful about vetting and authenticating the individuals who might be calling in to make sure that they’re the type of person they can be sharing information with,” he said.

After Hurricane Harvey struck Texas in August, HHS Secretary Dr. Tom Price waived certain HIPAA penalties, which can range from $100 to $50,000 per violation. Providers would not be penalized for failing to giving out notices of privacy practices, for instance, nor would they be hit for not granting a patient the right to request privacy restrictions.

Meanwhile, other provisions of the HIPAA privacy rule were still in effect, including those that allow providers to disclose protected health information to patients’ families or others involved in their care. Other provisions allow providers to give out protected health information—including to law enforcement—if doing so would lessen a threat to those patients or to the public.

Given those rules, “when you have a shooting, the department has taken the position that a waiver isn’t necessary,” said Marcy Wilder, a privacy and cybersecurity lawyer with Hogan and Lovells, noting that no penalties were waived after the 2016 mass shooting that killed 49 people and injured 58 at Orlando’s Pulse nightclub. “The department wants to be careful here, because if you issue a waiver, that becomes a suggestion that without a waiver, these types of disclosures aren’t permitted,” she added.

Swearingen warns that Las Vegas hospitals therefore need to be cautious. “The hospital, I would hope, in this circumstance is going to be fairly guarded.”

Read More: http://snip.ly/8u7xj#http://www.modernhealthcare.com/article/20171002/NEWS/171009996/las-vegas-hospitals-must-follow-regular-hipaa-privacy-rule

 

What should Entities do to avoid HIPAA fines and penalties?

What should Entities do to avoid HIPAA fines and penalties.jpg

A look at the nature and numbers of HIPAA breaches over just the couple of years makes stark reading: On the one hand, in terms of numbers; 2016, with about 16 million records breached was a pretty good year compared to the previous year, in which about seven times that number, more than 113 million, were breached. But the bad news is that 2016 saw more Covered Entities reporting breaches than in any other year since the Office of Civil Rights (OCR) started publishing its data on healthcare record breaches.

These huge numbers show that not only is there a big demand for these records in the black market -they are in greater demand than even social security and credit cards -Covered Entities and Business Associates need to all that it takes to avoid HIPAA fines and penalties.

What should Entities do to avoid HIPAA fines and penalties4

The federal government has not been lax on this aspect. It is being extremely vigilant about protecting healthcare records. It has been consistently urging the HHS to take a serious view of the increased incidence of cyberattacks that has resulted in medical records theft and has suggested many measures towards ensuring this. The fact that there has been a steady increase in the global spending on cybersecurity-related hardware, software, and services and could reach $100 billion in 2020, according to estimates by the International Data Corporation (IDC), suggests the seriousness with which this issue is being viewed not just in the US, but all over the world.

One of the primary requirements that Business Associates need to comply with is adherence to HIPAA mandates regarding the handling and use of health information. This is spelt out in the HITECH Act, a recent update made to overall HIPAA regulations. It is mandatory for a Business Associate to comply with a wide range of regulatory obligations, which include certain privacy obligations, security standards, and breach notification requirements.

What should Entities do to avoid HIPAA fines and penalties2

However, there is a lot of confusion and misunderstanding among Business Associates about their roles and requirements. They must be completely knowledgeable about all the aspects of their roles, functions and requirements before they enter into agreements of contracts with subcontractors and vendors for their services

Learning about ways of avoiding HIPAA fines and penalties

Jay Hodes, who is President and Founder, Colington Security Consulting, LLC, will be providing thorough understanding of the roles and requirements of a Business Associate and Covered Entities in HIPAA enforcement at a webinar that is being organized by MentorHealth, a leading provider of professional trainings for the healthcare industry. Please visit What should Entities do to avoid HIPAA fines and penalties? to get complete clarity of the ways of avoiding HIPAA fines and penalties.

Clarity on how to avoid HIPAA fines and penalties

What should Entities do to avoid HIPAA fines and penalties1

The aim of this learning session is to help businesses understand what it means to be a Business Associate and know what required safeguards, policies and procedures must be in place or make sure that their current compliance program is adequate and can withstand government scrutiny.

Jay will highlight the importance of being compliant with the HIPAA requirements for an organization if it has to avoid HIPAA fines and penalties. The ways by which a Business Associate or Covered Entity can provide the appropriate patient rights and controls on its uses and disclosures of Protected Health Information (PHI) and what all it has to have in place for doing so, will all be explained.

He will cover the following areas at this session:

  • Why was HIPAA created?
  • Who Must Comply with HIPAA Requirements?
  • What are the HIPAA Security and Privacy Rules?
  • What are the Consequences of being a Business Associate
  • What is a HIPAA Compliance Program for a Business Associate?
  • What is a HIPAA Risk Management Plan?
  • What is a HIPAA Risk Assessment?
  • What is the Role of the HIPAA Security Official?
  • What are HIPAA training requirements?
  • What is a HIPAA data breach and what happens if it occurs?
  • What are the penalties and fines for non-compliance and how to avoid them
  • Case Examples of HIPAA Data Breaches
  • Creating a Culture of Compliance
  • Q&A.

 

 

Hurricane Harvey HIPAA Reminder

Disasters, which can ultimately lead to a data breach, come in various forms – natural, man-made and technical. HIPAA, the HITECH Act, the Federal Trade Commission and the Securities and Exchange Commission are just a handful of entities requiring that the confidentiality, integrity and availability of the sensitive information (e.g., protected health information (PHI) and personally identifiable information (PII)) remain intact. Although federal HIPAA has distinct categories (e.g., covered entity, business associate, and subcontractor), other state or federal government entities use “covered entity” to mean any person that creates, receives, maintains or transmits PHI or PII.

HIPAA sets forth three main categories of safeguards: administrative, physical, and technical safeguards. Often times, these categories overlap. For example, the administrative requirement of a sanction policy compliments the physical requirement of two-factor identification for building access.

Below are a couple of select sections from the Code of Federal Regulations (CFR), which organizations should be particularly vigilant about in relation to disasters.

•45 CFR §164.310 (Physical) – requires that policies and procedures for facility access in order to restore lost data under the disaster recovery and emergency access plan.

•45 CFR §164.308 (Administrative Safeguards) – multiple requirements are set forth under this particular section of the CFR. For example:

•Security management process

•Annual risk analysis

•Information activity review

•Workforce clearance procedure

•Security awareness training

•Contingency plan

 

Read More: http://snip.ly/duepz#http://www.diagnosticimaging.com/blog/hurricane-harvey-hipaa-reminder