Web-Tones

FREE WEBINAR: Preview of HHS Omnibus Rule

2012-02-08T11:54:16-05:00

The HHS Omnibus Rule Webinar will continue our review of the proposed HHS Omnibus Rule ("OR") and discuss the marketplace impact that this comprehensive set of regulations is likely to have on the healthcare privacy and security regulatory landscape. Business associates are going to see an additional regulatory compliance burden as their subcontractors will now be treated as business associates. Covered entities can expect a number of changes including material changes to their Notice of Privacy Practices ("NOPP").

Date: February 9, 2012.

Time: 2:00 to 3:30 EST.

To register Click Here.

Looking for best of breed HIPAA Training?

To stay current on the HITECH Act and its quickly changing regulatory scheme visit the HITECH Survival Guide website and/or sign up for our free monthly compliance newsletter. Also, check out our FREE EHR Checklist.

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?

HIPAA Compliance: MN AG Brings Suit Against a Business Associate

2012-02-07T09:23:51-05:00

Minnesota attorney general brings the first formal enforcement action against a business associate, Accretive Health, Inc., for an alleged violation under HIPAA using her authority under the HITECH Act.

via www.dwt.com

We have previously written that 2012 will be the year of HITECH Act enforcement and the year that State AGs will awaken and become more aggressive in their enforcement actions. The link above is a harbinger of things to come. Most business associates (BAs) do not realize that their compliance with the HITECH Act is "good law" today.

Forget business associate audits,

breach notification is the 800 pound

gorilla of the HITECH Act, because of

the costs, fines, and lawsuits that a

breach is likely to trigger. What is the

probability that a breach will occur?

High would be an understatement!

HHS has added to the confusion by slow walking the Omnibus Rule and given a grace period (understatement) for BAs to comply. However, as indicated in the link above, there is nothing preventing a State AG or the US Department of Justice from bring an action today.

What is likely to trigger an action? Although currently there is a small probability of a BAs being audited, given the fact that HHS has announced that BAs would not be targets of the first round of audits conducted by KPMG through the end of 2012, there is a high probability that a data breach will occur. Breach Notification is the 800 pound gorilla of the HITECH Act, not only because of the costs and the fines, but because of the lawsuits a breach is likely to trigger.

Looking for best of breed HIPAA Training?

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?

HITECH / HIPAA Newsletter February 2012

2012-02-04T15:34:35-05:00

This article explores the proposed HHS Omnibus Rule. The HHS Omnibus Rule ("OR") mostly concerns sections of the HITECH Act that went into effect on February 18, 2010. There was an NPRM that was issued on July 14, 2010 that contained the changes proposed for the final rule. It is quite evident that HHS has not broken any "land speed records" in finalizing the OR, but all indications are that it will be forthcoming "soon." The full text of the OR can be found here.

To continuing reading the article subscribe to our FREE newsletter or read it in the archives.

Looking for best of breed HIPAA Training?

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?

HSG Radio: Preview of HHS Omnibus Rule Part I.

2012-02-04T08:03:27-05:00

Here's our 2/3/2012 episode.

You can follow our weekly show (and review a complete list of the archived episodes) here.

Listen to internet radio with cleyva on Blog Talk Radio

Looking for best of breed HIPAA Training?

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?

US v. EU Privacy Rights?

2012-02-02T11:40:24-05:00

On Jan. 25, 2012, the European Commission released the final version of its proposed revisions to the European Union’s data protection framework. The package of changes represents a comprehensive reform of the EU’s 1995 data protection rules.

via www.privsecblog.com

The US is never likely to have the same strong privacy rights as those favored in the EU, but the fact that the EU is moving to expand privacy rights is a pretty good indication of the trend line. The world has changed with respect to privacy and security and many industries, especially healthcare, have been slow to catch the wave. In the US, two industries guaranteed to remain heavily regulated from a privacy and security perspective is healthcare and financial services.

The US is never likely to have the

same strong privacy rights as those

favored in the EU, but the fact that

the EU is moving to expand privacy

rights is a pretty good indication of

the trend line.

The financial services industry, taken as a whole, started taking privacy and security seriously years ago. Yes there were some laggards, and not all players always implemented the latest in best practices, but as a whole the industry took significant steps to get its house in order. The same cannot be said for healthcare. Sure, the big players are on board, but there are large segments of the industry that still refuse to recognize the changing of the guard.

Looking for best of breed HIPAA Training?

If you need tools that will help with your compliance initiatives then check out the HSG Store. Do you need an Internet Lawyer with HITECH /HIPAA experience?