All about HIPAA compliance

all-in-one-HIPAA-Compliance

HIPAA compliance is a must for Covered Entities and their Business Associates. It is a sine qua non requirement from the Department of Health and Human Services (HHS), a US federal department that is charged with the responsibility of enhancing and protecting the wellbeing and health of all Americans. It provides the means for bringing about effective health, as well as human services. Its mission is to engender improvements and developments in the fields of public health, medicine and social services.

The HHS requires complete compliance with its laws by a Covered Entity and its Business Associate. The HHS’ Office for Civil Rights (OCR) considers Covered Entity as one that is involved in generating, storing, receiving or transmitting electronic Protected Health Information (PHI). A Business Associate is one that does all these on behalf of its affiliated CE. HIPAA compliance is mandatory because the nature of information that Business Associates carry with them –Protected Health Information –is of a highly confidential and sensitive nature. Not only that; when there is a breach of data on the part of the Business Associate or the Covered Entity, it results in huge costs by way of damages. Data breaches also carry a bigger penalty: They dent the reputation of the business, something no money can compensate.

Locating the source of data breach

Most of the patient information breaches take place at the Business Associate’s end. This makes compliance with HIPAA compliance rules by BA’s all the more important. The basic reason for which most such breaches take place is the many misconceptions that abound among healthcare organizations about the nature of the HIPAA privacy and security regulations. What these regulations are, what they mean to healthcare organizations, and the steps that the healthcare organizations, Covered Entities and their Business Associates need to do –all these are areas of considerable confusion.

It is to equip professionals from the healthcare industry with the complete knowledge needed to understand and implement HIPAA compliance that GlobalCompliancePanel, a highly popular provider of professional trainings for all the areas of regulatory compliance, will be organizing a two-day seminar.

A complete roundup of HIPAA compliance

Senior healthcare professional Jim Wener, who brings four decades of experience in the industry and has been assisting providers and payers in identifying their automation requirements and helping them select and successfully implement the ideal automation for their needs, will the Director of this seminar. To gain the benefit of the vast experience that Jim brings and to ensure total HIPAA compliance for your organization; please register for this seminar by logging on to http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900874?wordpress-SEO.

Questions, questions, questions

At this seminar, Jim will take the participants through HIPAA compliance from start to compliance. He will provide answers to all the questions that Business Associates and Covered Entities face during the process of ensuring HIPAA compliance. He will show what healthcare organizations need to do to secure their healthcare information.

Some of the questions that he will seek to answer include:

Do the HIPAA regulations apply to the organization? What risks does the organization face, and how does it mitigate these risks? What is it that the organization is required to do, and how is this done? Is there a role assigned for and expected of the organization’s computer resources in assessing and managing HIPAA compliance risks? What is the level of safety that the healthcare organization’s computer and paper patient information carry? Is there a way by which the organization determines if its computer resources provide the needed features and functions for the organization to become compliant?

Diligence can lessen the severity of penalties

These are just some of the questions for which Jim will seek to provide answers. Framing these questions and answering them is a watertight means to developing and executing a compliant plan. This in turn is critical to ensure that the organization takes the right path in ensuring HIPAA compliance. A breach is a very bad thing to happen for an organization, but diligence that the organization has showed in protecting patient information will go a long way in mitigating penalties. This is one of the prime reasons for which attendance at this seminar is necessary.

  • What is HIPAA, who is covered and what is HIPAA Compliance
  • Why the healthcare organization should be concerned about HIPAA compliance
  • How to perform a HIPAA Risk Assessment
  • How to prepare HIPAA Policies and Procedures
  • How to perform HIPAA Training
  • What is IT’s role in the healthcare organization’s HIPAA Compliance
  • How to prepare a Business Continuation/Disaster Recovery Plan
  • How to handle a potential HIPAA Breach.

https://www.hhs.gov/about/index.html

 

Breaking down the rules into steps makes HIPAA compliance less complicated

HIPAA compliance is a legal requirement for Business Associates and Covered Entities. The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 with two main intentions:

o  To enable employees to keep their insurance intact when they switched jobs or their insurance provider

o  To facilitate the payment and information process by putting in place a uniform code for these.

From its start, up to 2013, HIPAA has undergone a few changes, such as:

o  The privacy regulation additions of 2003;

o  The insertion of the HIPAA Security Rule in 2005;

o  The passage of the HITECH Act in 2009, and

o  The addition of the Omnibus Rule in 2013, with the intention of extending liability to Business Associates

With the insertion of these additions, HIPAA compliance has become more and more demanding and complex, or at least that is what most entities who are required to comply with it feel. Most Business Associates and Covered Entities have issues with the following areas of HIPAA compliance:

–       The 18 identifiers that Protected Health Information (PHI) consists of; with the name, full face photos, e-mail address, and date of birth of the patients being some of their constituents

–       The requirement of designation, by every organization or practice, of a privacy officer, who has to carry out a risk analysis

–       The requirement, as part of HIPAA compliance, of covered health care providers and health plans, of developing and distributing a notice, in which the privacy rights and practices relating to patients’ personal health information have to be clearly explained.

Despite these requirements, HIPAA compliance is not as difficult as it seems

The reality, however, is different. HIPAA compliance is not as complicated and difficult as it is thought to be. At first glance, these requirements may appear to be intimidating. Yet, when it comes to practical application, HIPAA compliance is not really all that cumbersome or difficult. All that is needed is a clear-cut understanding and explanation of the major sections on compliance.

This clear-cut understanding of the major sections on which many Covered Entities and their Business Associates face difficulties is the intention of a seminar that is being organized by GlobalCompliancePanel, a leading provider of professional trainings for the areas of regulatory compliance.

At this detailed two-day seminar, Paul Hales, an attorney at law in St. Louis, Missouri who specializes in HIPAA Privacy and Security Rules, will be the Director. All that is needed to gain a thorough understanding of the perspectives Paul will offer on HIPAA compliance is to register for this seminar by visiting http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900798?linkedin-SEO .

What makes this seminar a valuable learning session is that Paul will explain, in simple and plain language, the contents of HIPAA compliance. He will demystify the tricky areas of HIPAA compliance and offer clarity of understanding of these, and will crystallize them into six easy steps.

Paul will drive home the point that HIPAA compliance becomes easier when its seemingly difficult requirements are broken down into steps. He will suggest six steps that organizations can take to make HIPAA compliance easier.

He will pack the seminar with visual presentations, interactive discussions and stimulating questions and answer sessions. He will also show how to find the right rule with the six step-by-step procedures he will lay down.

Takeaways at this important seminar on HIPAA compliance

Paul will offer these following key takeaways at this highly valuable seminar:

·        Thorough Understanding of HIPAA Rules

  • What they are
  • How they work together
  • Why and How they were made
  • How they are changing and what to expect next

·        HIPAA Risk Analysis – Risk Management for Your Organization

  • A Practical Guided Exercise done in class on your computer to take home

·        Privacy and Security Rules – Permitted and Required Uses and Disclosures

  • What information must be protected
  • Administrative, Technical and Physical Safeguards
  • Social Media, Texting and Emailing Patients

·        The inter-connected, inter-dependent relationship of Covered Entities and Business Associates

·        What is, and what is not a Reportable Breach of Unsecured PHI

http://www.fertilitybridge.com/blog/hipaaandsocialmediawithpaulhales

HIPAA Security Rule Principles

Though short in length,HIPAA Security Rule principles are well defined in some areas, but vague in some others, making implementation of these areas difficult.

HIPAA Security Rules are an offshoot of the Privacy Rule. While Privacy Rule concerns itself with Protected Health Information (PHI) in general, the HIPAA Security Rule (SR) concerns itself specifically with electronic Protected Health Information (ePHI). Since it particularly focuses on an element of the Privacy Rule; it is considered a subset of the HIPAA Privacy Rule.

The HIPAA Security Rule seeks to fortify individually identifiable health information with reasonably high levels of technical, administrative and physical safeguards so that these attributes are protected and unauthorized or inappropriate access, use, or disclosure prevented:

  • Confidentiality
  • Integrity, and
  • Availability.

To enable this, the HIPAA Security Rule codifies a few standards and best practices in information technology. In a general sense, the HIPAA Security Rule requires computer systems containing patient health implementation to implement these three safeguards:

  • Administrative,
  • Physical, and
  • Technical.

It has clear definitions of each component relating to its specifications. Some of the terms on which the HIPAA Security Rule is unambiguously clear are:

Challenges associated with implementing HIPAA Security Rule

Despite the clarity of definitions of a few terms as stated above; the HIPAA security rule is considered complicated by practitioners and participants in the Rule. Although not a very painfully long document in that it runs into only eight pages; because of the high technical nature of its text, it is considered quite complex.

A major requirement that the HIPAA Security Rule imposes is a set of additional organizational requirements, apart from documenting processes that are in tune with the HIPAA Privacy Rule. This is easier said than done, especially for small time providers that have limited technical bandwidth and capabilities, for whom implementing the Privacy Rule itself can be challenging. The solution is to make Health information technology (HIT) resources available for this kind of providers.

Further, this Rule has some ambiguities. For instance, its fundamental requirement is implementation of “necessary safeguards”. There is no unanimity about what this means.

Want to know more : http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900739SEMINAR?wordpress-SEO

Validation of Pharmaceutical Water Systems

validation-of-pharmaceutical-water-systems1

Thorough and proper validation of pharmaceutical water systems is highly essential for ensuring that the pharmaceutical unit uses the right quality of water. This is very important, because water is not only the source of life for humans; it enjoys the same importance in pharmaceuticals.

A very important reason for which validation of pharmaceutical water systems is necessary is that water is not only the most widely used raw material or substance in pharmaceuticals; it is also put to a number of uses in the pharmaceutical industry, such as Quality Control, process, production and formulation. Further, water comes with its own set of unique chemical properties that are obtained because of the hydrogen bonds present in it and its polarity. This makes water versatile, since it allows the dissolution, absorption, adsorption or suspension of various different compounds.

Process for pharmaceutical water systems validationvalidation-of-pharmaceutical-water-systems

Validation of pharmaceutical water systems is carried out in three phases:

Phase I, which is the investigational phase

Phase II, the short term control phase, and

Phase III, which is the long-term control phase

Pharmaceutical water systems are validated through these three steps or stages to demonstrate and ensure that the facility using pharmaceutical water systems has water under its control and is on the right track for production of the right quality and quantity of water in the short, medium and long terms.

Validation through commissioning and qualificationPharmaceutical water systems validation is carried out through two important steps, namely commissioning and qualification. Commissioning is about putting the validation of pharmaceutical water systems through the required phases using the prerequisite methods of documentation. This documentation is a core part of pharmaceutical water systems validation because it allows for different personnel in the organization to not only keep track of the processes involved, but also make changes when necessary.

Qualification as part of pharmaceutical water systems validationQualification is the next important stage of pharmaceutical water systems validation. Here, before a pharmaceutical water systems validation process is started, the pharmaceutical facility should implement the following important steps:

  • Design qualification (DQ)
  • Installation qualification (IQ) and
  • Operational qualification (OQ)

Phase I:In Phase I, the pharmaceuticals facility samples and tests water sampling for anywhere between two and four weeks for monitoring the water system. If the water system is free of failure during this phase, it is considered a successful phase of pharmaceutical water systems validation.

Phase II:In this phase of pharmaceutical water systems validation too, the water system sample is tested intensively for two to four weeks, during which the water sample should show that it is producing the right quantity of water under conditions of stated SOP.

Phase III:Phase III of pharmaceutical water systems validation is the longest and most arduous period, running to one year after completion of Phase I and Phase II. When the water sample passes through this phase, it is said to have completed the process of pharmaceutical water systems validation and is considered fit for pharmaceutical use.

Learn more on this topic by visiting : http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900882SEMINAR?wordpress-SEO

HIPAA survival needs intimate knowledge of the nuances of the law

HIPAA survival is one of the great challenges for a healthcare entity. HIPAA audits are complex, and they need understanding of the jargon and the semantics of the words mentioned in the document to survive. Both the Covered Entity and the Business Associate need to know exactly what to do in order to pass a HIPAA audit. This is all the more important and necessary considering that the federal budget has plans of raising the budget for the OCR in 2017 by about 10% over 2016, reflecting just how serious the OCR is about HIPAA audits.

When one considers that Phase 2 of HIPAA requires compliance with something like 180 areas and allows just 10 days for response; it goes without saying that HIPAA survival is a high priority for Covered Entities and their Business Associates. Moreover, the OCR’s audit protocol clearly states that those entities that are being audited have to furnish the exact documents required and not offer broad references to policy documents.

Being even slightly lax in being prepared for Phase 2 HIPAA audits can lead to difficulties at the audit. So, HIPAA survival entails having to be one’s toes all the time and having all the edges covered and leaving nothing to chance. HIPAA survival is about putting a process in place and overseeing and implementing it with utmost diligence and attentiveness all the time.

Covered Entities and Business Associates are the target of HIPAA audits

So, where do all these place Covered Entities and Business Associates that are the target of HIPAA audits? There is simply no room for complacence. They have to be absolutely on their guard when facing HIPAA audits. HIPAA survival has to be cultivated as a means for this. The more they hard-wire the art of HIPAA survival into their practice, the better.

The ways by which Covered Entities and Business Associates deal with HIPAA survival is the subject of a two-day seminar that GlobalCompliancePanel, a highly popular provider of professional trainings for the areas of regulatory compliance, will be organizing. To enroll for this highly useful and important session on HIPAA survival, jus log on to http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900780SEMINAR?HIPAA-survival-Chicago-IL.

At this seminar, Brian L Tuttle, a senior Compliance Consultant & IT Manager at InGauge Healthcare Solutions, will educate regulatory compliance professionals about how practice managers need to prepare for HIPAA audits. This seminar will address major changes under the Omnibus Rule and any other applicable updates for 2017. Brian will also cover other related, critical areas such as:

o  Texting

o  Email

o  Encryption

o  Medical messaging

o  Voice data, and

o  Risk factors as they relate to IT.

Brian will dispel many of the myths covering this convoluted law. He will discuss the do’s and don’ts of HIPAA survival, and will also cover the critical area of the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using state laws to sue for wrongful disclosures.

During the course of this seminar, Brian will cover the following areas:

o  History of HIPAA

o  HITECH

o  HIPAA Omnibus Rule

o  How to perform a HIPAA Security Risk Assessment

o  What is involved in a Federal audit and how is it conducted

o  Risk factors for a federal audit

o  EHR and HIPAA

o  Business Continuity/Disaster Recovery Planning

o  Business Associates and HIPAA

o  In depth discussions on IT down to the nuts and bolts

o  BYOD

o  Risk factors that can cause an audit (low hanging fruit)

o  New rules which grant states ability to sue citing HIPAA on behalf of a patient

o  New funding measures

https://www.onr.com/blog/hipaa-audits-increase-2016-2017/

HIPAA Security Rule

Though short in length,HIPAA Security Rule principles are well defined in some areas, but vague in some others, making implementation of these areas difficult.

HIPAA Security Rules are an offshoot of the Privacy Rule. While Privacy Rule concerns itself with Protected Health Information (PHI) in general, the HIPAA Security Rule (SR) concerns itself specifically with electronic Protected Health Information (ePHI). Since it particularly focuses on an element of the Privacy Rule; it is considered a subset of the HIPAA Privacy Rule.

The HIPAA Security Rule seeks to fortify individually identifiable health information with reasonably high levels of technical, administrative and physical safeguards so that these attributes are protected and unauthorized or inappropriate access, use, or disclosure prevented:

  • Confidentiality
  • Integrity, and
  • Availability.

To enable this, the HIPAA Security Rule codifies a few standards and best practices in information technology. In a general sense, the HIPAA Security Rule requires computer systems containing patient health implementation to implement these three safeguards:

  • Administrative,
  • Physical, and
  • Technical.

It has clear definitions of each component relating to its specifications. Some of the terms on which the HIPAA Security Rule is unambiguously clear are:

Challenges associated with implementing HIPAA Security Rule:

Despite the clarity of definitions of a few terms as stated above; the HIPAA security rule is considered complicated by practitioners and participants in the Rule. Although not a very painfully long document in that it runs into only eight pages; because of the high technical nature of its text, it is considered quite complex.

A major requirement that the HIPAA Security Rule imposes is a set of additional organizational requirements, apart from documenting processes that are in tune with the HIPAA Privacy Rule. This is easier said than done, especially for small time providers that have limited technical bandwidth and capabilities, for whom implementing the Privacy Rule itself can be challenging. The solution is to make Health information technology (HIT) resources available for this kind of providers.

Further, this Rule has some ambiguities. For instance, its fundamental requirement is implementation of “necessary safeguards”. There is no unanimity about what this means.

Read More Information

An understanding of HIPAA upcoming changes for 2016

Professionals at various levels of the healthcare industry need to have a grasp of the HIPAA Security/Privacy Rule and the way it relates to their practice or business. A two-day, in person, live seminar being organized by GlobalCompliancePanel, a leading provider of professional trainings for the regulatory compliance areas, will offer this very important understanding.

hippa

Brian Tuttle, a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), and Certified Business Resilience Auditor (CBRA) , who brings over 15 years’ experience in Health IT and Compliance Consulting, will be the speaker at this seminar. Please log on to http://www.globalcompliancepanel.com/control/globalseminars/~product_id=900727SEMINAR to enroll for this highly educative session.

A host of areas relating to HIPAA and changes for 2016

Among the areas that Brian will take up are the changes under the Omnibus Rule and any other applicable updates for HIPAA for 2016. There are an enormous amount of issues and risks that Covered Entities and Business Associates these days. He will also dwell upon other aspects of HIPAA, such as:

  • The history of HIPAA
  • Privacy vs. security,
  • Business Associates,
  • Changes for 2016
  • Audit process
  • Paper-based PHI
  • HIPAA and suing
  • Texting
  • Email
  • Encryption
  • Medical messaging
  • Voice data, and lots more.

Myths vs. realities of HIPAA

Essentially, Brian will explain myths versus reality as it relates to this very enigmatic law, and this clarification will be based on over 1000 risk assessments he has performed during the many years of experience he gained in dealing directly with the Office of Civil Rights HIPAA auditors during his career.

Understanding the risk factors for being sued for wrongful disclosures

He will also speak of real life audits conducted by the Federal government and help participants understand what their highest risks are for being fined. He will discuss the highest risk factors for being sued for wrongful disclosures of PHI and the manner in which patients are now using State laws to sue for wrongful disclosures.

hipaa-2

He will offer an explanation of the multiple litigated cases that he has been a part of involving HIPAA situations. He will also thoroughly explain how patients are now able to get cash remedies for wrongful disclosures of private health information and demonstrate how to limit those risks by simply taking proactive steps and utilizing best practices.

Brian will cover the following areas at this seminar:

  • History of HIPAA
  • HITECH
  • HIPAA Omnibus Rule
  • How to perform a HIPAA Security Risk Assessment
  • What is involved in a Federal audit and how is it conducted
  • Risk factors for a federal audit
  • EHR and HIPAA
  • Business Continuity/Disaster Recovery Planning
  • Business Associates and HIPAA
  • In depth discussions on IT down to the nuts and bolts
  • BYOD
  • Risk factors that can cause an audit (low hanging fruit)
  • New rules which grant states ability to sue citing HIPAA on behalf of a patient
  • New funding measures.