Monetary Fines under HIPAA Omnibus Rule

January 22, 2013  |  by benw  |  Blog, News

  There are 4 categories of HIPAA violations that reflect increasing levels of culpability and negligence.  These levels correspond to corresponding tiers of penalties amounts.  The Table below shows these penalties amounts.   More fines Leon Rodriguez has said as much, but there’s going to be more fines under the HIPAA Omnibus Rule.  The very …

Read More

Business Associates under the HIPAA Omnibus Rule

January 18, 2013  |  by benw  |  Blog, News

Who’s a Business Associate under the HIPAA Omnibus Rule? The Definition of Business Associate has been slightly changed to explicitly designate more persons and organizations as business associates. Patient Safety Activities will be added to the list of function that a person can take on behalf of a covered entity that give rise to a …

Read More

HIPAA Omnibus Rule Basic FAQ

January 18, 2013  |  by benw  |  Blog, News

HIPAA Omnibus Rule Basic FAQ: Q: When do I have to start complying with the HIPAA Omnibus Rule? A: The rule is effective on March 26th, 2013.  Covered Entities, their Business Associates, and their respective subcontractors must comply with the new rules by September 23rd 2013.  (page 2 at 15)  Note that this gives you …

Read More

EMRSoap’s HIPAA Omnibus Guide

January 18, 2013  |  by benw  |  Blog, News

HHS just released yesterday the new HIPAA Omnibus rule.  This rule was made to formally include the modifications required from the HITECH act, PSQIA, GINA, and others into HIPAA. The Omnibus rule is intended to make HIPAA compliance clearer.  Somewhat paradoxically, this clarity is coming initially in the form of a 563 page document. Part …

Read More

Initial Summary of Newly Released HIPAA Omnibus Rule

January 17, 2013  |  by benw  |  Blog, News

Well, I’ll be up pretty late tonight going over the just released 563 page HIPAA Omnibus Rule, but here are the initial takeaways from their Summary page – Make business associates of covered entities directly liable for compliance with certain of the HIPAA Privacy and Security Rules’ requirements.  Which requirements?  We’ll have to see. Strengthen …

Read More

3 Lessons from the Historic Hospice of North Idaho Breach

January 2, 2013  |  by benw  |  Blog, News

Big news in the Health IT world out today – The Hospice of North Idaho is facing a $50,000 fine for an ePHI breach involving 441 patients. To outsiders, that may not seem like a big deal. But for those up to date on HIPAA compliance news, this is important. Below are a few key …

Read More

Small Physician Health IT Security in 2012 and 2013

December 17, 2012  |  by benw  |  Blog, News

At EMRSoap, we think that 2012 and 2013 will be regarded as a key changing year for Small Provider Health IT Security.  There’s been significant events and studies and are leading to a future where Small Providers take IT Security seriously. To condense and clarify what we mean, we’ll base this blog around things that …

Read More

Beware Fraudulent MU Attesters: OIG calls for Randomized Pre-Payment Audits

November 29, 2012  |  by benw  |  Blog, News

The Department of Health and Human Services’ Office of Inspector General released a report today.  It says that CMS hasn’t done a very good job ensuring that Practitioners have completed all the things they attested to for Meaningful Use.  The OIG states, “CMS has not implemented strong payment safeguards, and its ability to safeguard incentive …

Read More

Tonic Health Interview – Boris Glants

November 12, 2012  |  by benw  |  Blog

I had a really good conversation with Boris Glants, CTO of Tonic Health, last week.  We chatted about the origin of his company, the future of Health IT, their vision for growth, the current landscape in healthcare, and several other (minorly tangential) topics. We’ve already done a review of Tonic on EMRSoap – we like …

Read More

VA needs to hire some Healthcare IT Consultants

October 22, 2012  |  by benw  |  Blog, News

Lesson of the day: don’t run your practice’s IT like the VA does.  Whatever your opinions on the healthcare it provides to our veterans, the way it manages its’ data is definitively subpar. In 2006, an unencrypted hard drive with data on 26 million veterans was stolen from a VA employee’s home.  The ensuing notification …

Read More

Complementary One Hour Health IT Risk Discovery Session

Not sure how to start making your practice smarter through Health IT? Not sure if your business needs to be HIPAA compliant? Schedule an complementary one hour Health IT discovery meeting with one of our consultants, and we'll help you determine what your practice needs in order to be secure and competitive in today's business environment.