Posts Tagged ‘HITECH’

« Older Entries
Newer Entries »

Designated Record Sets: Know What They Are! (AD NPRM Discussion #1)

Thursday, June 2nd, 2011

My last blog post provided a preliminary overview of the Accounting of Disclosures Notice of Proposed Rulemaking (AD  NPRM).  I got a lot of questions as a result directly, in addition to the blog comments. When trying to understand regulations, and how to put them into practice within an organization, I’ve found it is best to break them down into bite-sized chunks, starting from the basics and building from there.  Today I want to spend a little time looking at what makes up a “designated record set,” or DRS, since the access report requirement is specific to accesses to DRS’s… (more…)

Tags:, , , , , , , , , , , , , , , , , , , ,
Posted in BA, CE, healthcare, HIPAA, HITECH, Laws & Regulations, Privacy and Compliance | 1 Comment »

Preliminary Thoughts about the HIPAA Accounting of Disclosures NPRM

Tuesday, May 31st, 2011

On Friday, May 27, 2011, the Department of Health and Human Services (HHS) published the HIPAA Privacy Rule Accounting of Disclosures under the Health Information Technology for Economic and Clinical Health Act Notice of Proposed Rule Making (NPRM).  I’m still going through it but here are my preliminary thoughts… (more…)

Tags:, , , , , , , , , , , , , , ,
Posted in BA, CE, HIPAA, HITECH, Laws & Regulations, privacy, Privacy and Compliance | 10 Comments »

Physician Learns A Hard PHI Lesson

Tuesday, April 19th, 2011

News broke  yesterday about a physician in Rhode Island, at the Westerly Hospital, who was sanctioned for posting protected health information (PHI) on her Facebook page: (more…)

Tags:, , , , , , , , , , , , , , ,
Posted in BA, CE, healthcare, HIPAA, privacy, Privacy and Compliance, Social Media | 1 Comment »

Health Net Incident Impacting 1.9 Million: Lessons Learned

Wednesday, April 6th, 2011

Yesterday I provided some thoughts to Howard Anderson at HealthinfoSecurity.com about the recent Health Net incident for his article Here are some expanded thoughts for his questions…

(more…)

Tags:, , , , , , , , , , , , ,
Posted in HIPAA, HITECH | No Comments »

Legal Requirements for Information Security and Privacy Awareness and Training

Wednesday, March 30th, 2011

Earlier today following my online seminar, “Effective Training and Awareness: The Key to Information Security Success”  (http://gocsi.com/Training2011/OD/Awareness), I received the following question: 

 Where might I locate a summary breakdown of training regulations by industry? i.e. Pharma 

(more…)

Tags:, , , , , , , , , , , , , , , , , , ,
Posted in HIPAA, HITECH, Information Security, Laws & Regulations, privacy, Training & awareness | 3 Comments »

Yes, Automating Compliance Activities Can Improve Security…If Done Correctly!

Tuesday, March 8th, 2011

I participate in the Focus network and tried to answer the following question from “Caty” on their discussion board:

“How can compliance automation help secure my organization’s IT infrastructure?” Please describe the benefits of compliance automation and discuss how it can be used to secure an organization’s IT infrastructure.

However, after trying to submit my response in around half a dozen ways, I was told my answer was too long.  Instead of shaving off some of my content, I decided to post here to my blog, and then point to here from there.  Perhaps my other blog readers will be interested in my thoughts on this topic as well.

So, here is my answer… (more…)

Tags:, , , , , , ,
Posted in HIPAA, HITECH, Information Security, privacy, Privacy and Compliance | 2 Comments »

HIPAA Compliance Investigations And The Insider Threat

Wednesday, February 2nd, 2011

I’ve been getting a lot more questions about HIPAA and HITECH lately from folks I’ve never met, but who have concerns about the security and privacy of their health information (“protected health information” or “PHI” as referenced within HIPAA/HITECH), businesses that are trying to understand how to protect PHI according to the regulatory requirements, and a growing number who express frustration with the unsecure ways in which clients, customers, patients and business partners are sharing information with them.  There just are not enough hours in the day to answer them all, but  I decided I’d start sharing some of the questions, and my corresponding answers, that seem to be topics that a wide range of readers may be interested in.

I was recently contacted by someone who had a question about a recent HIPAA complaint against Rowan Regional Medical Center (more…)

Tags:, , , , , , , , , , , , ,
Posted in healthcare, HIPAA, HITECH, Information Security, Laws & Regulations, privacy, Privacy and Compliance, Privacy Incidents, Training & awareness | 2 Comments »

HIPAA/HITECH Final Rule Set To Be Published in March

Tuesday, January 4th, 2011

On December 20, 2010, the U.S. federal government published “Part II: Regulatory Information Service Center: Introduction to The Regulatory Plan and the Unified Agenda of Federal Regulatory and Deregulatory Actions.”  If you are a healthcare Covered Entity (CE), Business Associate (BA) or BA subcontractor, as defined under HIPAA and HITECH, this should be of interest to you.  Why?  Because within it is the long-awaited Department of Health and Human Services (HHS) timeline for when they would publish the final rule of the Notice of Proposed Rule Making (NPRM) that came out in July, 2010.  The date?  Well, (more…)

Tags:, , , , , , , , , ,
Posted in HIPAA, HITECH, Information Security, Laws & Regulations, privacy, Privacy and Compliance | 3 Comments »

2011 Information Security, Privacy and Compliance Soothsaying

Monday, December 20th, 2010

Looking ahead to what will happen in the coming year is always an interesting exercise.  Just like within a great novel, foreshadowing occurs every day in our lives to drop the hints of things that are likely to come.  The trick is to separate out the valuable hints from the extraneous breadcrumbs that are dropped by dozens of other inconsequential sources that mislead us and cause us to fail in our predictions.   We shall see at the end of the year how close I am with the following predictions… (more…)

Tags:, , , , , , , , , , , , ,
Posted in GLBA, Information Security, Laws & Regulations, privacy, Privacy and Compliance, Social Media, Training & awareness | 2 Comments »

HIPAA And Surveillance In Hospitals

Thursday, November 5th, 2009

Over the years there have been many…too many…instances where doctors have performed the wrong types of surgeries on patients, and even the wrong surgeries on completely wrong patients…

(more…)

Tags:, , , , , , , , , , , , , , ,
Posted in Information Security, Laws & Regulations, Privacy and Compliance | No Comments »

« Older Entries
Newer Entries »