Hayes' Healthcare Blog

Who’s Next? The 3 M’s of HIPAA Compliance Audits

Posted by Corliss Collins on February 3, 2016 at 9:00 AM

Minimize Liability, Mitigate Risk and Maximize Safeguards

Corliss Collins, RHIT, CCA, CBCS, Senior Healthcare Consultant, AHIMA Approved ICD-10 Trainer /Ambassador

HIPAA compliance audits pose significant challenges for hospitals, healthcare providers, health plan administrators and business associates.  The Office of Civil Rights, (OCR) Phase II Audits will begin early this year and, will focus on organizational privacy, security, and breach notification policies, procedures and practices.

Healthcare organizations need to be prepared to undergo greater scrutiny in three key areas, including written policies, procedures and practices that address HIPAA compliance risks, and vulnerabilities. Are HIPAA compliance audits and risk assessments being performed regularly? How is documentation of HIPAA breach incidents within your organization responded to?

Read More

Topics: compliance, HIPAA, Audits

What Closing the HIPAA Gaps Means for the Future of Healthcare Privacy, Kirk J. Nahra

Posted by Kirk J. Nahra on July 29, 2015 at 9:00 AM

 

What Closing the HIPAA Gaps Means for the Future of Healthcare Privacy

By Kirk J Nahra, Partner and Chair of Privacy and Data Security Practice at Wiley Rein, LLP.

By now, most people have felt the effects of the HIPAA Privacy Rule (from the Health Insurance Portability and Accountability Act). HIPAA has set the primary standard for the privacy of healthcare information in the United States since the rule went into effect in 2003. It’s an important rule that creates significant baseline privacy protections for healthcare information across the country.

Yet, from the beginning, important gaps have existed in HIPAA – the most significant involving its “scope.” The rule was driven by congressional decisions having little to do with privacy, but focused more on the portability of health insurance coverage and the transmission of standardized electronic transactions.

Because of the way the HIPAA law was crafted, the U.S. Department of Health and Human Services (HHS) could only write a privacy rule focused on HIPAA “covered entities” like healthcare providers and health insurers. This left certain segments of related industries that regularly use or create healthcare information—such as life insurers or workers compensation carriers— beyond the reach of the HIPAA rules. Therefore, the HIPAA has always had a limited scope that did not provide full protection for all medical privacy.

So why do we care about this now?

Read More

Topics: HIPAA, healthcare privacy and security, healthcare leaders, electronic healthcare information, insurance, Hayes Thought Leadership Blog Series

Want more from Hayes?

5 Cool Things in Healthcare

Sign up for our weekly 5 Cool Things in Healthcare newsletter.  Every Friday we give you five stories of innovation, disruption, and - you guessed it - coolness. 

Here's how:

Subscribe to Email Updates

Posts by Topic

see all