On February 17, 2009, President Obama signed the American Recovery and Investment Act of 2009. The HITECH (Health Information Technology for Economic and Clinical Health) Act is part of this legislation and is designed to encourage physicians and other healthcare organizations to adopt and use (in a meaningful way) Electronic Health Records (EHR).

The HITECH Act will be administered by the Office of the National Coordinator for Health Information Technology (ONC) and appropriates .2 Billion dollars, most of which will be used as incentive money for hospitals and physicians who adopt Electronic Health Records. The incentive payments are structured in a way that rewards early adopters and ultimately penalizes those physicians who have not implemented an EHR by reducing their Medicare payments beginning in 2015.

Incentive funds will be distributed through both Medicare and Medicaid to physicians and hospitals who are “meaningful EHR users.” Physicians will be able to choose program participation through either Medicare or Medicaid but can participate in only one of the programs, not both.

According to the CMS website, the criteria for incentives are still under development but the HITECH Act specifically states that the following conditions for meaningful use must be met:

1. The EHR must use certified technology;
2. The EHR must include ePrescribing;
3. The EHR must allow for the “electronic exchange of health information to improve the quality of health care”;
4. The EHR must be able to submit clinical quality measures to HHS.

The Medicare Program:

• The Recovery Act established financial incentives beginning in January 2011 for eligible professionals who are meaningful EHR users;
• The incentive payment is equal to 75 percent of Medicare allowable charges for covered services furnished by the physician in a year subject to maximum payments each year as follows:

First year - ,000

Second year - ,000

Third year - ,000

Fourth year - ,000

Fifth year - ,000

• For early adopters whose first payment year is 2011 or 2012, the maximum payment is ,000 the first year. What this means is that only early adopters are eligible to receive the maximum per physician incentive total of ,000. Those physicians who show meaningful use beginning in 2013 are eligible for a maximum of ,000 per physicians; those who show meaningful use in 2014 are eligible for a maximum of ,000 per physician; and those who show meaningful use beginning in 2015 or later will not be eligible for incentive payments.
• Providers who do not show “meaningful use” of an EHR by 2014 will see a reduction in their Medicare payments beginning in 2015 as follows:

2015 – 1% reduction

2016 – 2 % reduction

2017 – 3% reduction

Subsequent years – 3 to 5 percent

The Medicaid Program:

• To be eligible to receive incentive payments from Medicaid, eligible professionals must demonstrate that a minimum of 30 percent (20 percent for pediatricians) of their patients are covered by Medicaid.
• Since Medicaid is administered by the states, the criteria will vary among states. However, the requirements must be acceptable to the Secretary of HHS and aligned with the ones used by Medicare.
• Eligible professionals can receive up to 85 percent of the net average allowable costs for certified EHR technology, including training and support up to a total of ,000 in payments over 5 years. First year costs are applied to the purchase, installation and training of the certified EHR system.
• Incentive payments are available as follows:

First Year - ,000

Second Year - ,000

Third Year - ,000

Fourth Year - ,000

Fifth Year - ,000

• Unlike Medicare, payments for adoption do not decrease based on the year the EHR is initially adopted. Therefore, an eligible professional who adopts by 2015 will be eligible for the same yearly incentive payments as outlined above for a maximum of ,000.
• There is no Medicaid reimbursement penalty for not adopting an EHR after 2016.

 You will note in the descriptions of each of the programs above, the words “eligible,” “maximum,” and “up to” are used frequently. Physician practices must factor those words into their decision-making process in terms of how much of an incentive these programs actually are and how much incentive money for which they might actually be eligible.

 © 2009 Efficiency in Practice

By: Sue Kay

HIPAA Related Entries

• Understanding the HITECH Act
• EHR Incentive and Certification Criteria Final Rules Published in Federal Register
• OVerview of the HITEC Act for Providers

NetIQ Supplies Large Federal Agency With Unparalleled Security and Compliance Management
HOUSTON, TX--(Marketwire - 10/26/10) - NetIQ today announced its agreement to provide a large federal agency with a solution for monitoring, measuring and reporting on the effectiveness of their security controls. NetIQ will help this federal agency achieve compliance with federal regulations including the Federal Information Security Management Act ( FISMA ) and the U.S. Government ...

Read more on Marketwire via Yahoo! Finance

HIPAA Related Entries

• DocuLex Archive Studio Improves an Organization’s Business Process with Added Workflow Document Management Ability
• Safend Partnership With Biscom Provides Added Layer of Security for Organizations Sharing Sensitive Files
• HIPAA, HITECH Compliance Not Improving Health Care Data Security: Survey

HIPAA, or the Health Insurance Portability and Accountability Act of 1996, sets guidelines for medical professionals and the handling of medical records and information. In the advent of electronic medical records and online medical record databases, HIPAA compliant medical billing software program have to meet numerous security standards to meet set HIPAA guidelines.

Secure World-wide-web Server: HIPAA compliant software package utilizes SSL, or secured socket layers. Once data is protected by SSL no 1 but authorized users can access data. Details just isn't stored unless secured. Modification just isn't allowed with out authorized access and all changes are logged.

Database Encryption: Information, messages and patient files are encrypted. Encryption transforms readable words into code that cannot be decoded by someone intercepting data.

Secured Admission Controls: User IDs and passwords are set-up by an administrator and commonly allow only one password transform each 30 days. Moreover, passwords changes may be forced every 30 days to prevent entry to secure files by an individual who oversees the entering of the password.

Session Timeouts: Session timeouts are usually set from inside HIPAA compliant software. Timeouts prevent data from sitting idle over a PC screen for passersby to read. Timeouts might be set with narrow time limits of inactivity, for instance 30 seconds or less. Longer timeout sessions may be allowed in clinical settings where unauthorized users have no access.

Monitoring of Server: Secured socket layers, database encryption, secured admission controls and session timeouts are crucial towards security of patient details and files, but that doesn't stop hackers from attempting to infiltrate a medical file system. Monitoring should be usually in place to recognize attempts to break into the program or smash the system from an outside source. Security might be in place to shut down entry to medical facts if a hacker breeches any layer of security.

HIPAA Related Entries

• All You Ever Wanted To Know About HIPAA Training
• Pain Management Medical Billing With Hipaa Compliance
• 7 Hipaa Compliant Sites

New HPM Institute Report Explores how Employers can Harness Social Networking Technologies and Processes to Drive Down ...
HPM enables collaboration among patients, providers and researchers to optimize investments in wellness programs, chronic disease management and other issues that affect cost, productivity and employee health.

Read more on PRWeb via Yahoo! News

HIPAA Related Entries

• No Related Post

CORRECTING and REPLACING Rapid7’s HD Moore and Andrés Riancho to Present at SecTor 2010 Conference
BOSTON--(BUSINESS WIRE)--Headline of the release should read: Rapid7’s HD Moore and Andrés Riancho to Present at SecTor 2010 Conference (sted: Rapid7’s HD Moore and Andreas Riancho to Present at SecTor 2010 Conference) The corrected release reads: RAPID7’S HD MOORE AND ANDRÉS RIANCHO TO PRESENT AT SECTOR 2010 CONFERENCE Security Experts to Illustrate Efficient Penetration Tests and Web ...

Read more on Business Wire

HIPAA Related Entries

• Rapid7 Introduces Metasploit Pro – The World’s First Penetration Testing Solution That Achieves Unrestricted Remote …
• Rapid7 NeXpose Receives Federal Desktop Core Configuration (FDCC) Certification

to during my medical leave, went on medical leave herself but was working from home, and was able to receive and review my medical records from her home. Is this a violation of the HIPAA act?

dental hipaa privacy policy form who office is allow to speak to, hipaa violation for reporting illegal immigrant patients

HIPAA Related Entries

• Rubbermaid HIPAA document container, 16 gal
• Legal Questions : What Are My Rights Under HIPAA?
• HIPAA Violations. Is it a violation to access someone’s medical information with just cause?

New Cancer Care Payment Model by UnitedHealthcare Employer & Individual to Focus on Best Treatment Practices and ...
MINNETONKA, Minn.--(BUSINESS WIRE)--UnitedHealthcare Employer & Individual's new, first-of-its-kind cancer care payment model to focus on best treatment practices and better health outcomes

Read more on Business Wire

HIPAA Related Entries

• The New Health Insurance Solution: How to Get Cheaper, Better Coverage Without a Traditional Employer Plan
• Around the Channel 3/2/2011
• Sonnenschein Experts Weigh Compensation Planning Changes of Health Care Reform in New BNA Webinar

DocuLex Archive Studio Improves an Organization’s Business Process with Added Workflow Document Management Ability
DocuLex (http://www.doculex.com), the creators of content management solutions, announces updates to the DocuLex workflow decision engine. This enhances the automated business process workflow capabilities in Archive Studio™.

Read more on PRWeb via Yahoo! News

HIPAA Related Entries

• NetIQ Supplies Large Federal Agency With Unparalleled Security and Compliance Management
• Fujitsu and Oracle Deliver Joint Palm Vein Biometric Identity Management Solution
• Alabama Awards $135 Million Medicaid Management Contract to HP

HIPAA laws can be found online. But as they are not so simple to understand, you might like to go for one of those packages where you get a HIPAA Regulatory Manual along with a CD-ROM. Periodically, new rules are introduced under HIPAA. So one must buy the latest updated versions of such manuals and CD-ROMs.

The HIPAA laws specifically mention the procedures for getting permission from patients before disclosing their private health care information. There are separate legal rules for providing patients access to their health information. All of these legal provisions may have an impact on your trading partners, also. As a result, you might have to review your contracts.

There are several expert law firms which deal with HIPAA laws. These firms could help you in deciding whether your case falls under HIPAA laws or not. And if it does so, then you can learn what you have to do comply with them.

Remember that there are stringent penalties for violating HIPAA laws, and you might overlook one of the provisions unintentionally. There are several training centers which provide updated information about any law related to HIPAA. Many of them provide tips about how to follow these laws. There are a number of online resources where you can get not only general information on this subject, but have specific queries answered.

There is also software to help ensure that you, as an employer, are following all the legal provisions made under HIPAA. This software monitors the data management processes of your organization and points out errors, which can be rectified on the spot.

article on hipaa, article on HIPPA, ARTICLES OF HIPPA, hipaa law, hippa article

HIPAA Related Entries

• 6 Delivers Hipaa Sites
• All You Ever Wanted To Know About HIPAA Training
• Let’s Get Hip About HIPAA

Capario Achieves EHNAC 5010 Readiness
SANTA ANA, Calif.--(BUSINESS WIRE)--Capario today announced it has been recognized for achieving all requirements of the EHNAC 5010 Readiness Assessment Program.

Read more on Business Wire

HIPAA Related Entries

• Rapid7 Introduces Metasploit Pro – The World’s First Penetration Testing Solution That Achieves Unrestricted Remote …
• HIPAA Compliance Business Associates Shouldering More Responsibilities
• Private Social Networks Named an Innovative Social Business Company to Watch by Leading Industry Analyst Firm

Safend Partnership With Biscom Provides Added Layer of Security for Organizations Sharing Sensitive Files
PHILADELPHIA, PA and TEL AVIV, ISRAEL and CHELMSFORD, MA--(Marketwire - 10/19/10) - Safend , a leading provider of endpoint data protection solutions, today announced a partnership with Biscom , the most trusted name in enterprise secure file transfer. Through this partnership, Safend Inspector , a product in Safend's Data Protection Suite , has been integrated with Biscom Delivery Server to ...

Read more on Marketwire via Yahoo! Finance

HIPAA Related Entries

• NetIQ Supplies Large Federal Agency With Unparalleled Security and Compliance Management
• HIPAA, HITECH Compliance Not Improving Health Care Data Security: Survey
• Security tokens and government mandates ensure your privacy

Department of Health & Human Services - HIPAA
The official central governmental hub for all HIPAA issues including rules, standards and implementation guides.

Health Insurance Portability and Accountability Act - Wikipedia .
Key EDI(X12) transactions used for HIPAA compliance are: EDI Health Care Claim Transaction set (837) is used to

Practice Central
HIPAA Privacy Rule Course The most comprehensive resource available to help you comply with the HIPAA Privacy Rule.

HIPAA Hosting | HIPAA Compliant Hosting
HIPAA Compliant Web Hosting The HIPAA regulations require that patient information, PHI, be kept in utmost

Understanding HIPAA Privacy
Understanding HIPAA Privacy home page. entities implement and maintain

Is your storage management process HIPAA compliant? | TechRepublic
Feb 9, 2005 Beginning in April 2005, being compliant with the HIPAA security regulations turns into serious

HIPAA - Compliance - SecureWorks
SecureWorks HIPAA Compliance Solutions, enabling compliance with industry regulations in healthcare,

HIPAA Related Entries

• Why HIPAA Compliance Training is Required
• All You Ever Wanted To Know About HIPAA Training
• Pain Management Medical Billing With Hipaa Compliance

Michigan Physicians Group Increases ROI on Internal IT Resources
By Using SAS 70 Colocation

Press Release
Source: Online Tech

On Tuesday May 24, 2011, 6:17 am EDT

ANN ARBOR, Mich.--(BUSINESS WIRE)--
Michigan Multispecialty Physicians (MMP), a specialty group of
surgical physicians, has selected Online Tech, a premier Midwest managed
data center provider, for colocation services and
offsite data storage and backup.

As companies grow, information technology departments are faced with the
challenge of growing their data center(s) with limited budgets and IT
resources. Eventually data center operators are faced with the decision
of upgrading their existing data centers, constructing a new data
center, or simply outsourcing to a managed data center provider. This
was the case for MMP.

“We were feeling the pains of a growing company and outstripping our
data center capacity. We were facing electrical, heating and cooling
issues as well as running out of physical space,” says Erik Yochum,
Director of Information Technology for MMP.

By outsourcing their data center to Online Tech, MMP has experienced an
ROI increase on internal IT resources and the added benefit of having
access to an experienced and professional support team. Yochum states
that their IT staff costs are reduced by eliminating overtime or off
hour compensation associated with supporting a data center 24/7. MMP can
also keep up with new technology without the additional hardware
investment.

“Now the space used for the data center can be used for other productive
uses for the organization,” notes Yochum.

By outsourcing to Online Tech, MMP upgraded to a Tier 3 data center with
fully redundant power, network infrastructure and adequate heating and
cooling. MMP chose Online Tech’s high availability power architecture
with no single point of failure in power delivery – assuring a high
level of server uptime. Online Tech also delivers HIPAA
compliant hosting with all of the physical and network security
features required to assure that a medical health organization can
comply with the HIPAA privacy requirements.

To watch Erik Yochum discuss the challenges of increasing data center
capacity and HIPAA compliance, please visit onlinetech.com.

About Online Tech

Online Tech (www.OnlineTech.com),
the Midwest’s premier managed data center operator, serves a growing
demand for data and computing capacity in small and mid-size businesses.
Through its high
availability SAS
70 data centers, Online Tech delivers a range of hosting services
including colocation,managed
dedicated servers, private
cloud hosting, and disaster
recovery. Online Tech’s Michigan
data centers operate under SSAE 16 compliance, allowing its clients
to meet all of their PCI
compliant hosting, HIPAA
compliant hosting, and SOX
compliant hosting needs. For more information call (877) 740-5028.

About Michigan Multispecialty Physicians

Michigan Multispecialty Physicians is a surgical group of physicians
specializing in neurology, general and vascular surgery, cardiovascular
and thoracic surgery, urology, pathology and laboratory management, and
pulmonary and critical care. MMP has offices in Ann Arbor, Canton,
Howell, Saline, Brighton, Chelsea, Plymouth, and Ypsilanti. For more
information, visit http://www.mmphealthcare.com.

Follow Yahoo! Finance on ; become a fan on Facebook.

Read the Michigan Multispecialty Physicians Outsources HIPAA Compliant Data Center to Online Tech full post.

Tags: professional support team, information technology departments, information, Compliant, Data

HIPAA Related Entries

• HIPAA Compliance Requires Healthcare Organization a Data Back-up System
• HIPAA Compliant, Secure and Automatic Remote Data Files Backup and Offsite Data Files Storage
• NAID Information Destruction Training Program.mov

Zix Corporation Delivers HIPAA Compliant Email Encryption to Sten-Tel
Nov 12, 2009 Business associate from the medical transcription industry turns to ZixCorp for HIPAA compliance.

HIPAA - U.S. Department of Health and Human Services
Section 264(d) of HIPAA specifically requires the Secretary to .. in which the provider delivers health

eGestalt Delivers HIPAA/HITECH Compliance as a Service | Landing .
For businesses,health care practitioners in particular, that are subject to stringent regulatory policies such as

Zix Corporation Delivers HIPAA Compliant Email Encryption to Sten .
ZixCorp delivers HIPAA compliant email encryption services for seamless external communication with Sten-Tel members

HIPAAClicks.com - Daily HIPAA News, HIPAA RSS Feeds, HIPAA Information
HIPAAClicks.com delivers up-to-date news regarding HIPAA compliance. It's easy to subscribe any of the HIPAA RSS

IT Infrastructure Management Services Provider Dinoct Delivers HIPAA
May 26, 2011 hCentive, a leading healthcare technology provider, selects Dinoct to design, provision and manage

HIPAA Related Entries

• 7 Hipaa Compliant Sites
• Why HIPAA Compliance Training is Required
• HIPAA Laws

Herndon, VA (PRWEB) May 26, 2011

hCentive, a leading healthcare technology provider, selects Dinoct ( http://www.dinoct.com/ ) to design, provision and manage the cloud infrastructure needed to support their web-based health insurance portal for a major U.S. health insurance company.

The health insurance company’s millions of customers across the USA are using the hosted portal to compare, purchase and manage their health insurance plans. This requires a secure, scalable and 99.99% availability infrastructure, as well as regulatory compliance with the Health Insurance Portability and Accountability Act (HIPAA) Security Rules.

According to Murali Mooliyil, co-founder and CEO of Dinoct, “After careful analysis of hCentive’s requirements, AWS (Amazon Web Services) cloud solution was selected using a combination of EC2, ELB and S3 services to ensure scalability, redundancy and reliability.”

“One of the major requirements of HIPAA is the ability to ensure secure handling of sensitive customer healthcare data.” Murali explains. “Our greatest challenge was the need to supplement AWS with 3rd party solutions to deliver a fully compliant infrastructure.”

The failover and redundant architecture utilizes multiple servers across three different AWS availability zones with elastic IPs, ELB and HTTPS that provides the load balancing needed for a robust, scalable and secure infrastructure. All EC2 and S3 data is stored and transmitted using AES-256 encryption, and uses SSL certificates for data replication between master and slaves to comply with HIPAA security rules.

Rackspace was selected for off-site storage to avoid vendor lock-in and ensure business continuity in the unlikely event that all AWS availability zones were lost.

Using ITIL-aligned standards and methodologies, Dinoct’s team configured the servers and deployed the infrastructure, followed by extensive functional, performance and load testing to certify the system.

Working from their state-of-the-art facilities in the U.S. and India, the Dinoct team established a 24x7 Service Desk for end-user support using a web-based ticketing system, email, and online communication system.

Tarun Upadhyay, hCentive’s CTO, sums it all up by saying “Working within very limited time constraints, Dinoct’s hard working team implemented the complete cloud infrastructure and support services within 2 months, enabling us to deliver a scalable, highly-available and HIPAA security rules compliant hosted portal conforming to our client’s most demanding requirements.“

Case study of the HIPAA security rule compliant AWS cloud infrastructure is available at http://blog.dinoct.com/wp-content/uploads/2011/05/hCentive_CS_Final.pdf

About Dinoct

Based in Herndon, Virginia, Dinoct ( http://www.dinoct.com/ ) provides Cloud, Virtual and Physical infrastructure management services to SMBs throughout the U.S. and Europe. Dinoct services help business increase uptime, availability, and performance of business-critical systems, by providing high-quality customized and cost-effective IT infrastructure services. With operational units in U.S. and India, these services are delivered 24x7 across time-zones and geographic locations.

Industry verticals include HealthcareIT, online Ad network, online media publishing, with extensive experience in e-commerce and SaaS solutions. Dinoct also provides professional services in the areas of cloud adoption, cloud migration, cloud integration, hosting strategies, network design and data modelling.

Further Information

Contact Dinoct at 1-888-677-6879 or sales(at)Dinoct(dot)com for more information on their complete set of infrastructure services.

About hCentive

hCentive (http://www.hcentive.com/) is in the business of simplifying the complex world of health insurance. hCentive provides technology solutions for health insurers, state health insurance agencies and health care software companies. These solutions help them reduce cost and administrative complexity, while enhancing relationships with their customers.

The hCentive WebInsure Consumer and WebInsure Group platform help health insurers cost effectively acquire individual and small business customers. The hCentive WebInsure State platform helps states comply with health insurance exchange requirements of the Patient Protection and Affordable Care Act of 2010.

Further Information

For more information on hCentive’s Healthcare IT solutions, contact them at 1-800-984-7952 or sales(at)hcentive(dot)com.

###

Read the IT Infrastructure Management Services Provider Dinoct Delivers HIPAA Security Rules Compliant Cloud Infrastructure For ... full post.

HIPAA Related Entries

• 6 Delivers Hipaa Sites
• HIPAA Compliant Physician Billing Services
• medical billing services

Secure service gives parents 24-hour access to comprehensive picture of child’s medical and health history for emergencies; also great time-saver

New York, NY (PRWEB) May 24, 2011

MotherKnows today launched their online platform at TechCrunch Disrupt, giving parents a way to instantly and securely access their children’s health records any time – from life-threatening emergencies to routine school, daycare and camp registrations – from a smartphone or easy-to-use website.

MotherKnows.com gives parents 24-hour access to their child’s medical records. The site and accompanying mobile app (free with subscription) provide a simple, secure, and comprehensive online Personal Health Record (PHR) for children, where parents can see critical information like past and upcoming immunizations, allergies and medical conditions, and a full record of all doctor visits – as well as growth charts, medications, and milestones. All the information on MotherKnows can be accessed directly by doctors or any other caregiver if authorized by parents.

Parents don’t have to do anything except sign a release form and confirm information as it is processed.

MotherKnows’ founders feel the site is a long overdue tool for parents to access their children’s full health records – for emergency situations, but also to make life easier for overwhelmed parents coping with demands for those same records by schools, camps, sports, and even daycare as a precondition to registering.

“We had to do it” said MotherKnows co-founder Hesky Kutscher. “There’s so much information that can be accessed ‘easily and instantly’ these days, but medical information hasn’t been among that. But now, we’re giving parents the ability to pull up their child’s entire medical history whenever they want, which is sure to make for much more efficient doctor’s visits, emergency care, insurance conversations – and yes, those dreaded registrations.”

Co-founder Greg Goff added that MotherKnows worked with a Medical Advisory panel to insure the data was medically appropriate. Also the site development followed state of the art security implementation to ensure that all data was “double secure”, consistent with the guidelines of the Federal HIPAA and HITECH acts.

Main Benefits

The MotherKnows Personal Health Record (PHR) provides parents with a comprehensive view of their child’s medical records, including access to:

• Immunization records (given and upcoming –MotherKnows sends reminders)
• Growth charts, height, weight
• Current prescriptions
• Diagnosed medical conditions
• Allergies and long-term conditions
• Growth and development milestones
• PDF’s and images of all documents on file

The information shown in each record is collected directly from medical providers after each visit, and is the same as that on file in the doctor’s physical records. All information is sent to parents first, to help insure accuracy. Also, the user’s personally identifiable health data is encrypted, and protected (i.e. never shared with third parties), and subscribers can control who has access to their children’s health records from MotherKnows.

While the service will open to the public this summer, the web site is accepting signups from interested parents. Those that sign up now gain the opportunity for early access.

###

Merredith Branscombe
Leap Public Relations
(720) 235-7363
Email Information

HIPAA Related Entries

• Is your spouse allowed access to your medical records under the hipaa laws without written consent?
• How can I apply with HIPAA, to have a medical misdiagnosis changed, on my medical records?
• HIPAA Compliant Medical Billing Software – Protecting a Patient’s Rights

Being regulatory-compliant
does not necessarily reduce the chances of a data breach, at least for the
health care industry, according to a new study. Even more worrisome,
organizations appear to be focusing more on compliance and less on security.

About 56 percent of IT
security professionals in the health care industry said they spend the majority
of their time addressing compliance requirements, according to the results of a
GlobalSign survey released May 26. Even so, 34 percent of the health care
industry IT security professionals polled said their organizations experienced
a patient-records data breach within the past two years.

The survey “validates” the
fact that health care organizations are putting in the effort to comply with
HIPAA (the Health Insurance Portability and Accountability Act), the HITECH
(Health Information Technology for Economic and Clinical Health) Act, and other
state and federal regulations, according to Lila Kee, chief product officer at
GlobalSign. However, it also demonstrated that “checking the boxes on
compliance audits” will not ensure security or privacy when it comes to
sensitive data, Kee said.

Organizations that pay more
attention to HIPAA don’t fare any better. Even though more than half the
respondents reported devoting more time to ensure they met HIPAA compliance
procedures over other regulations, 47 percent said they had experienced a
patient-records data breach in the past two years. In an April study by
Ipswitch, 40 percent of network administrators said HIPAA was the most
challenging security regulation to implement.

About 37 percent of IT
security professionals in the survey admitted to spending less than a quarter
of their time on improving security or protecting patient privacy.

GlobalSign surveyed 107
health care industry IT security professionals, including administrators,
managers and C-level executives, for this report. A little over half the health
care organizations included had 5,000 employees or more.

The findings for the health care
industry did not mirror a similar report from the Ponemon
Institute that examined how efforts to comply with PCI-DSS (Payment Card
Industry-Data Security Standard) affected an organization’s security.
PCI-compliant organizations suffered fewer or no data breaches in 2009 and
2010, compared with previous years, the Ponemon Institute found. In comparison,
only 38 percent of organizations that were not PCI-compliant were able to make
the same claim.

“At the end of the day, we
believe that PCI-DSS is one of the most effective data-security regulations
today and can significantly help companies improve their data-security
posture,” says Amichai Shulman, co-founder and CTO of Imperva.

Considering that PCI-DSS
seems to be doing its job of making an organization more secure, perhaps health
care regulations should be modified to consider security from the outside.
“HIPAA is considering using PCI” as a skeleton framework for auditors to ensure
proper security for medical records, Rob Rachwald, director of security
strategy at Imperva, told eWEEK.

A majority of the
respondents, 79 percent, said finding effective tools to deploy and manage both
security measures and compliance requirements, is the biggest challenge facing
the IT department. Organizations need to thoroughly evaluate technologies
before deployment to ensure they can address both auditor requirements and
actually protect data and patient privacy, Kee said.

GlobalSign said its new
Biowrap identity-based service will allow health care organizations to improve
security while maintaining compliance. Biowrap allows the user to decide which
pieces of information to encrypt before transmitting the data electronically.
The individual employee has to first log in to the service before encrypting
any data. With Biowrap, IT departments don’t need to roll out public key
infrastructure certificates for individual users.

Read the HIPAA, HITECH Compliance Not Improving Health Care Data Security: Survey full post.

HIPAA Related Entries

• Security tokens and government mandates ensure your privacy
• Bateman Group Expands Security Practice with Addition of Data Security Innovator Protegrity USA, Inc.
• CERIAS Security: Privacy Policies in Web-based Healthcare 4/5

I live in washington State and I requested my medical records from the institution I was treated at and have not obtained the records yet. I have also not been told a date as to when I might to expet them. To my knowledge, I believe that thereis a 15 day period that medical institutions had to provide me, or inform me as to when I might receive my medical recrds. Is this grounds for a lawsuit?

Here's the section of WA state law pertaining to patient's examination and copying of records:http://apps.leg.wa.gov/rcw/default.aspx?cite=70.02.080Here's the section of WA state law that deals with civil remedies if a provider fails to comply:http://apps.leg.wa.gov/rcw/default.aspx?cite=70.02.170So, yes, it is grounds for a lawsuit, but I would be patient (no pun intended) and give them an brief opportunity to produce the records.

free hipaa compliance training video, free hipaa privacy video, free hippa video, funny hipaa videos, HIPAA laws videos, hipaa training dvds free, hipaa training videos free

HIPAA Related Entries

• MotherKnows Launches at TechCrunch Disrupt
• What age dose hipaa work for people unber 18?
• If HIPAA rules are stricker than state law, which standard should you follow and why?

Rapid7 Introduces Metasploit Pro - The World’s First Penetration Testing Solution That Achieves Unrestricted Remote ...
BOSTON--(BUSINESS WIRE)--Rapid7®, the leading provider of unified vulnerability management and penetration testing solutions, today announced the availability of Metasploit Pro™, the new software for security professionals in enterprises, government agencies and consulting firms who need to make network security testing more efficient to reduce costs. Unlike alternative products, Metasploit Pro ...

Read more on Business Wire

HIPAA Related Entries

• CORRECTING and REPLACING Rapid7’s HD Moore and Andrés Riancho to Present at SecTor 2010 Conference
• Capario Achieves EHNAC 5010 Readiness
• Emdeon Achieves CAQH CORE Phase II Compliance

Maine Medical Center Tissue Bank Joins the BioServe Network
BELTSVILLE, MD and PORTLAND, ME--(Marketwire - 10/19/10) - BioServe and the Maine Medical Center (MMC) today announced that MMC's Tissue Bank is joining the BioServe Network, which is fast becoming the richest resource of high-quality biomaterial in the world. Members of The BioServe Network today include Fox Chase Cancer Center, The Fairbanks Institute for Health Communities, the University of ...

Read more on Marketwire via Yahoo! Finance

HIPAA Related Entries

• Hipaa Medical Transcription Services
• Powerful Pharmaceutical Sales: Complete Guide to Sales Procedures and Techniques for Pharmaceutical Sales Representatives in the Hospital and in Medical … HIPAA, Sexual Harassment, and Compliance
• Digital Medical Records Sensible Idea