Help Me With Hipaa

In the first episode in our Disaster Recovery series that we will be doing this year we are discussing planning disaster recovery plans for flooding.  This episode is an interview with Ginger McCleish who experienced a real world disaster recovery flooding in the St. Louis, MO area in December 2015. Hear more at HelpMeWithHIPAA.com/48

The latest HIPAA buzz is about things like Interoperability, Data Governance, Patient Access Rights, and, of course, OCR random audits.  Donna attended HIMSS and the National HIPAA Summit recently.  In this episode we discuss what kinds of things are happening in the industry relating to HIPAA. For more details visit our website at helpmewithhipaa.com/47

So far in 2016, we have seen four HIPAA enforcement cases resolved by OCR.  One involved only the second Civil Money Penalty ever assessed. The three others were resolution agreements.  Add those cases to what was done in 2015 and you have the most active 12 month period of HIPAA enforcement ever.  Certainly, the first quarter of 2016 has been the most active quarter ever when it comes to HIPAA enforcement announcements.   In this episode we discuss the cases resolved so far in 2016 and more thoughts on what is coming up for 2016.     Read more at our website HelpMeWithHIPAA.com/46

Many times people ask: Why do we need HIPAA?  Is HIPAA really necessary?  The short answer is yes, we do need HIPAA and the reason is without it there is no baseline for protecting patient privacy.   Learn more at http://helpmewithhipaa.com/45

Social media can be the source of many issues if you don't have a clear policy for use.  HIPAA social media policies requires some serious thought and commitment from your management staff.  What things are good use of social media and what things should be avoided through policy enforcement?   Read more about HIPAA Social Media Policies at our website: helpmewithhipaa.com/44

It is clear that HIPAA disaster recovery and business continuity plans should include some level of ransomware response planning after the attack that shut down Hollywood Presbyterian Hospital.  What kinds of issues should you expect and how can you mitigate the damage from a ransomware attack? Read more about our ransomware attack planning discussion on our website at helpmewithhipaa.com/43

To be certain you are protecting the health information in your organization you must identify where it lives and moves about around the network and workforce.  A risk analysis can't be done properly without making that list first. Where should you look for PHI?  If you don't store it do you store access TO it?  Get more information for this podcast at HelpMeWithHIPAA.com/42

Trust but verify is the new standard when it comes to Business Associate relationships today.  Yes, they must sign a BAA but you really need to ask some questions to confirm those BAs understand and are doing the things they have agreed to do for you. Covered Entities (CEs) haven't really worried about the details of the contracts too much as along as the vendors would sign them.  Many vendors have signed, and continue to sign, BAAs without any concerns at all for what the contract actually says they are going to do in their business.  For so many years a BAA was just something you had to sign in order to do the work in healthcare.  It didn't matter at all if you did anything with it other than put it in the file with other ones you had signed.  The new world of HIPAA compliance, huge data breaches, and civil fines and penalties means neither side of the contract can function that way any longer.  It is imperative that HIPAA compliant vendors are vetted in some manner to confirm you really are protecting your

Get all the details at HelpMeWithHIPAA.com/40

More notes and links on the website at HelpMeWithHIPAA.com/39

More details on our website  Also at the Atlanta's Most Trusted Advisors page: 

 Brittney Wilson, The Nerdy Nurse, joins us to discuss the clinical staff's HIPAA perspectives.   More details at helpmewithhipaa.com/38

More details at helpmewithhipaa.com/37

HIPAA may show up in areas you haven't seen before.  If you are assessed by any other organization or for any other reason, HIPAA questions may start showing up. We have heard about it being brought up in many areas: Insurance Policy Applications Partnership Negotiations Funding discussions URAC accredidation (formerly known as the Utilization Review Accreditation Commission) This episode is a discussion on why it is showing up in other places and why we expect that trend to continue. More details at helpmewithhipaa.com/36

ID Experts is in the business of dealing with privacy breaches.  They have a variety of incident response services and tools. We discuss breach topics with Jeremy Henley, Director of Breach Services, ID Experts in today's episode.   Detailed notes from the show can be found on our website at helpmewithhipaa.com/35

New Years Resolutions can be simple commitments to yourself and your compliance program effectiveness.  When you have so many job responsibilities compliance often gets set to the side or "on the front left corner of my desk".  These tiny changes can help you keep things moving forward without forcing you to spend a day or two a week.   Detailed notes on the show can be found on our website at helpmewithhipaa.com/36

Since this episodes is being released on a holiday for all of us at Help Me With HIPAA, we are sharing a special blooper episode our audio editor Bojan Sabioncello created specially for us.  When you hear our recordings from his perspective, you will see what a great job he does making us sound so professional.

Compliance officers need all kinds of help to get their jobs done.  We came up with a list of ideas for gifts to help them out this holiday season. More details at helpmewithhipaa.com/32

Enforcement of HIPAA is changing There are many indicators that make us believe that we will see a distinct uptick in OCR enforcement activity.  The last two OIG reports say OCR isn't doing enough, the news points out issues with enforcement, and even Congress is getting in the mix. In this episode, we discuss why this makes us think you don't want to wait around to see IF OCR starts doing anything differently. More details at helpmewithhipaa.com/31

The HIPAA legislation itself does not include the option for individual patients to sue any CE or BA that may violate their privacy protections included in the law. HITECH added the ability for the States Attorney General offices to file a cased on behalf of their constituents, however.   The biggest change, however, is the ruling by several State Supreme Courts that allows a complaint to use HIPAA as a legal standard of care.  That opens the door for all kinds of options.   More details at helpmewithhipaa.com/30