New OCR Guidelines for HIPAA Privacy in Emergency Situations

The Office of Civil Rights has just posted new Guidelines for HIPAA Privacy Rules in Emergency Situations.  We are currently updating our manual to incorporate these new rules.  In te meantime, you can read about the new guidelines below:

U.S. Department of Health and Human Services, Office for Civil Rights

BULLETIN: HIPAA Privacy in Emergency Situations



In light of the Ebola outbreak and other events, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), is providing a bulletin to ensure that HIPAA covered entities and their business associates are aware of the ways in which patient information may be shared under the HIPAA Privacy Rule in an emergency situation, and to serve as a reminder that the protections of the Privacy Rule are not set aside during an emergency.

The HIPAA Privacy Rule protects the privacy of patients' health information (protected health information) but is balanced to ensure that appropriate uses and disclosures of the information still may be made when necessary to treat a patient, to protect the nation's public health, and for other critical purposes.

OCR's bulletin on HIPAA Privacy in Emergency Situations may be found at: http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/emergency/hipaa-privacy-emergency-situations.pdf

Additional guidance on HIPAA in Emergency Situations: Preparedness, Planning, and Response can be found at: http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/emergency/index.html

Information on the Office of Civil Rights (OCR) Audit Program

The Office of Civil Rights is now planning wide-spread audit all  Covered Entities and their Business Associates.

More Information on the OCR Audit program and timeline is available HERE:

 http://www.hhs.gov/ocr/privacy/hipaa/enforcement/audit/index.html

Are you prepared?  The time to get your practice in order is before an audit happens.  With fines ranging as high as 1.5 million dollars, now is the time to prepare.






Contact Systematix today to learn more about how our HIPAA-STAT program can help protect your practice

New Security Risk - PLEASE READ

The tech wires are buzzing today with news of the "Bash Bug" - a serious security flaw with wide ranging effects and implications.  This new security flaw may allow hackers to access everything from Servers down to internet connected appliances such as disital cameras.  What makes this even more serious is that it can affect most operating systems, including Windows, Mac OS, and even Unix and Linux systems.

What you should do:

This security flaw has only just been discovered.  Many software vendors use the BASH code within their systems, and if you use software that hasn't been patched, you may be affected.  Fixing it will require software vendors repair their systems, and you will need to install the software update to secure your systems.

We strongly recommend that you contact all software vendors and hosting companies and ask A) Is their software/systems vulnerable to the BASH Bug and B) If yes, when do they anticipate them to be patched.

Be sure to document all conversations, and to stay on top of this issue until you are certain that all patchws have been supplied to you and applied to your systems.




Contact Systematix today to learn more about how our HIPAA-STAT program can help protect your practice

Meaningful Use Audits going back to 2011

We have been getting information from our clients and prospects that CMA is auditing for Meaningful Use not just from the current reporting period, but are going back as far as 2011.

Even if you have applied for and received incentive payments, it dies not mean that you are safe from audits.  You can be audited for previous reporting periods even if you were not audited at the time you received payment.  Also, if you are audited for a recent reporting period, it is very likely that you will be subject to audits for earlier periods, even if you pass the current audit.

The best strategy is to be prepared, and have all of your documentation organized and ready, including, of course, your Risk Analysis for Core Measure 15.

Can your practice pass a CMS Audit?  Can your colleagues?


If not, please contact Systematix Consulting  today to learn more about our affordable and effective
HIPAA-STAT system.

Definitive Information on Meaningful Use Audits

This is a very interesting article regarding CMS audits.  Basically, between 5% and 10% of all  physicians applying for Meaningful Use will be audited prior to receiving their incentive payments, and a similar number will be audited after receiving their incentive payment.

This translates to between 10% and 20%   of all physicians applying for Meaningful Use payments will be audited.  As we have said, those who did not meet Core Measure 15 by conducting a Risk Analysis will most likely fail their audits and not receive (or will be forced to return) their incentive payments.

It is a worthwhile read, but you may have to register prior to veiwing the article:

http://www.medscape.com/viewarticle/782181


Can your practice pass a CMS Audit?  Can your colleagues?


If not, please contact Systematix Consulting  today to learn more about our affordable and effective
HIPAA-STAT system.

Russian Hackers steal over 1 Billion Passwords

• Now would be a good time to update and change all of your office and internet passwords.  While it is suspected that these hackers will not utilize these passwords directly, it is expected that they will re-sell them on the Black Market.

Read all about it HERE:

Contact Systematix today to learn more about how our HIPAA-STAT program can help protect your practice

Notice of Privacy Practices

Your Notice of Privacy Practices, which must be given to every patient, also has to be made accessible in other ways.

1 - It should be displayed in your waiting room

2 - If you have a web site, it should also be available there

For more information, please see HERE

Don'r have a current Notice of Privacy Practices?  Contact Systematix Consulting and ask about our HIPAA-STAT program

Practice Fined $800,000.00 for Privacy Violations

Many practices are still living in denial (or blissful ignorance) when it comes to safeguarding patient privacy.

The government is getting serious about patient privacy and security, and you should be as well.  As a case in point, a practice was recently fined $800,000.00 for improper disposal of patient records.

Read more about it HERE:

The sad fact is that this could have been easily avoided if only the practice staff was properly trained in Privacy and Security rules.

HIPAA guidelines for practices shouldn't be difficult to understand or implement.  A small investment in staff training and policy implementation could save yiur practice from a similarly devastating fine.


Contact Systematix today to learn more about how our HIPAA-STAT program can help protect your practice

HIPAA Fines Explained

It's often challenging to explain to practices just how devastating the fines for violating the HIPAA Laws can be.  This is due to, largely, the complicated nature of the law, and the variations in fines and penalties.

Since, as the old saying goes, "A picture is worth a thousand words", I'd like to share this link with you.  This 'infographic' presents an overview of the HIPAA laws and penalties in a clear and concise fashion.

I trust that you will find it both interesting and informative:    HIPAA Infographic

http://blog.inspiredelearning.com/free-infographic-the-high-cost-hipaa-violations/


Have you already taken the steps towards protecting your practice from HIPAA fines?  Have all of your colleagues?  If not. I urge you (or urge you to urge them!) to contact Systematix Consulting today to learn about out HIPAA-STAT system - the easy and cost effective pathway to HIPAA compliance and meeting the requirements of Meaningful Use Core Measure 15

CMS Audit Hot Spots

During our conversations with physicians across the country, we've identified several areas where it seems that CMS Meaningful Use Auditors are especially active.  These areas include:

Indiana
New Jersey
Pennsylvania
Long Island, NY

Please keep in mind that this is ad-hoc information, and we are not privy to any insider information.  It also does not mean that you do not gave to worry about audits in other areas of the US.

It is our strong belief that EVERY practice should take Healthcare Information security very seriously.

Help protect your practice by contacting Systematix Consulting today and ask about our proven, cost effective HIPAA-STAT System.

One day, you will certainly be glad that you did!

Office of Civil Rights is Now Hiring Auditors

As part of our ongoing vigilance, we monitor various US Government news feeds.  One recent feed featured a "Help Wanted" advertisement from the Office of Civil Rights, the government agency that is now responsible for enforcing the nations' HIPAA laws.  They are looking to hire senior auditors for investigating HIPAA compliance.

On a related note, a colleague who works for a large EHR Software house shared with me that CMS is planning to audit as many as 50% of all practices for the accuracy of their Meaningful Use  Attestation.  This includes, of course, having conducted and documented a Security Risk Analysis and Remediation.

Can your practice pass a CMS Audit?  Can your colleagues?


If not, please contact Systematix Consulting  today to learn more about our affordable and effective
HIPAA-STAT system.

Ask not for whom the bell tolls...

Practice Fined $150,000 for Lost Thumb Drive

We cannot stress the importance of protecting all removable backup media by encryption.  This practice learned the hard way.

What should have been the simple loss of a $10 thumb drive turned into a $150,000 fine for a HIPAA violation.  Simple encryption could have protected this practice from this catastrophic penalty.

The US Government is serious about Healthcare Security/  You should be as well.

Read More about it HERE:

Help Protect Your Practice with HIPAA-STAT from Systematix Consulting, LLC

Welcome

Welcome to the HIPAA-STAT Blog.

This blog will be used to share the latest information regarding HIPAA, the Omnibus Security Rule, and Meaningful Use criteria with our clients and prospects.

We trust that all will find this blog to be a reliable and trustworthy resource.

Your comments and suggestions are always welcome.

Enjoy!