In this Issue
Advice
The dust is settling after the masses descended on Las Vegas to attend the annual HIMSS conference last week. ICD-10, Meaningful Use, and HIPAA compliance were several central themes being discussed.
The announcement from CMS that they would be delaying the transition date for ICD-10 for "select healthcare entities"
has everybody wondering - "which healthcare entities?" It's anybody's guess, but the hope is that CMS makes the decision sooner than later.
The consensus was that a delay may give some breathing room to organizations that feel they are behind, but would also increase the total cost of the transition. Delaying the pain may feel good now, but it just extends the period of time it takes to "cure" it - sort of like extending your stay in a hospital - which we all know is expensive.
There is an interesting link to HIPAA from the ICD-10 transition. We expect many more service and software providers will be engaged to help organizations figure out the transition - from gap assessments to software tools to help coders and clinicians. This means a big increase in potential business associates, since they will be exposed to PHI.
We've seen numerous inquiries from business associates looking for independent audits, risk assessments, and training as the realities of the potential damage from a breach become more apparent. Good reminder to re-examine your business associate relationships - have they provided the proof that they are complying with the regulations?
It's just good business for both parties - neither wants to deal with the fallout a poorly handled breach can cause - whether for the impacted patients or to a trusted business relationship.
HIPAA Horror Stories
First HIPAA Enforcement Action Against a BA
Laptop Loaded with PHI Stolen from Clinic
Patient Data Theft Sends IT Specialist to Jail
HIPAA Staff Education
We have the online education, risk assessments and policy templates you need to comply with all mandated regulations. Contact us today.
More Information >>>
Quick Links
|
| Covered Entities & Business Associates |
Welcome to the First Quarter 2012 edition of our HIPAA Flash Newsletter.
It's been an active year so far for those responsible for protected healthcare information. At center stage, we see concern for business associate compliance, along with the increasing breach tally reaching 19 million; in comparison that is the population of the state of New York.
Go to www.bridgefront.com to learn about our healthcare compliance education or contact us directly. Complete this form, send an email to info@bridgefront.com, or call 1-866-447-2211.
Invite a friend to sign-up for this newsletter by forwarding this link.
|
|
| Case Raises HIPAA Enforcement Issues |
|
| A recent lawsuit brought by the Attorney General (AG) of Minnesota raises significant recent enforcement issues related to the Health Insurance Portability and Accountability Act (HIPAA). This development is important to both HIPAA covered entities and, even more significantly, to business associates under the HIPAA rules.
The case-brought against a company called Accretive Health-involves a relatively common situation, a lost laptop containing patient information. |
| Full
Story >>> |
|
| Discover BridgeFront's Risk Assessment Services |
|
• Is my organization compliant with HIPAA?
• Do we qualify for EMR incentives under Meaningful Use?
• If audited by the OCR, would we pass?
• What would happen if a breach occurred?
BridgeFront tackles these questions head on by providing structured assessment techniques and methodologies to deal with each of these questions – all based on the specific needs of your organization. We can help you focus on the most critical priorities, while identifying areas that can wait.
We've helped thousands of covered entities and business associates comply with HIPAA. Our assessments will compare your organization's status against where it needs to be, based on HIPAA guidelines.
Call or email for more information:
(866) 447-2211 or sales@bridgefront.com
Download a fact sheet:
www.bridgefront.com/downloads/data_sheets/hipaa_consulting.pdf (PDF) |
| |
|
| Top 10 Trends in Healthcare Privacy and Security |
|
| Forget the hospital dramas on TV. Our top 10 list of this year's trends in healthcare privacy and security has excitement to rival any show. 2011 has been the year of the policing of the Department of Health and Human Services' (HHS) Office for Civil Rights (OCR) police, mobile technology and massive-scale data breaches. |
| Full
Story >>> |
|
| BAs Must Be HIPAA Compliant by March 2012 |
|
| While the Department of Health and Human Services (HHS) shows that business associate-related HIPAA breaches were responsible for 62 percent of the total number of patient records breached (as seen in this blog post), there has not been government legal action taken against business associates until recently. |
| Full Story >>> |
|
| Data Breach Tally Surpasses 19 Million |
|
| With the tardy addition of the Sutter Health breach, the federal "wall of shame" tally of major healthcare information breaches now includes 385 incidents affecting more than 19 million individuals since September 2009.
The Department of Health and Human Services' Office for Civil Rights recently added the Sutter Health breach to its official tally of breaches affecting 500 or more individuals. |
| Full
Story >>> |
|
| Recommended Practices for CA Breach Notice |
|
The California Office of Privacy Protection has just posted an updated version of Recommended Practices on Notice of Security Breach, which takes into account the new California law effective January 1.
This state office is directed by its enabling statute to "make recommendations to organizations for privacy policies and practices that promote and protect the interests of California consumers." |
| Full
Story >>> |
|
|
 |
The HIPAA Flash is an opt-in HIPAA newsletter. The content is for informational purposes only. Nothing herein constitutes legal advice - if you need legal advice, please consult a competent attorney.
BridgeFront is your best resource for compliance workbooks, online training, network scanning tools, backup facilities, certifications, consulting ... HIPAA from A to Z. For the most complete suite of HIPAA compliance products available, visit www.BridgeFront.com.
BridgeFront also provides training in OSHA, JCAHO, Nursing CE, Long Term Care, Revenue Cycle Management and much more. For more information, contact us by calling 866-447-2211 or send an email to info@bridgefront.com. |
