HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

Get Your HIPAA House in Order

September 4, 2015

Many covered entities and business associates would like to “shoot the tube” when it comes to HIPAA compliance — ride it out and hope for the best.

As the federales have been saying for some time now, the day of reckoning is coming for more covered entities — and now for business associates, too. OCR is inching closer to conducting more HIPAA audits — including audits of business associates. We’ve seen signs of the next round of HIPAA audits brewing, and covered entities started receiving questionnaires this spring seeking in part to identify business associates.

OCR Director Jocelyn Samuels announced this week that a vendor has been selected to conduct the next round of HIPAA audits. Most will be desk audits, but some field audits will be conducted as well. An updated audit protocol will be coming out before the audits begin, which covered entities and business associates should use as a compliance tool and to prepare for a potential audit. (See the original HIPAA audit protocol.)

Other efforts coming soon from OCR highlighted by Samuels include:

  • New guidance on patient right to access data under HIPAA, especially with regard for sharing information for President Barack Obama’s Precision Medicine Initiative. “We will be issuing new guidance so we can inform individuals about their rights to access … and make sure providers know what their obligations are,” she said.
  • Guidance on use of cloud technology and HIPAA obligations that apply to cloud providers is in the works.
  • A portal developers can use to ask OCR questions about ways in which HIPAA applies to emerging technology. Samuels said OCR anticipates the portal creating a space for a public dialogue and a vehicle to better understand issues arising in the industry and prioritizing the kinds of guidance and technical assistance the office can give.

It is never too late to undertake a HIPAA compliance planning or review effort. The rules require that privacy and security policies and procedures be put in place by all covered entities and business associates. Regulation and best practices also require regular review of these policies and their implementation, risk assessments and more.

In this day and age, it is likely that most covered entities and business associates will experience breaches. Over 80% of health care organizations have experienced breaches in the past two years. The relentless move of health data to the cloud, and the exponential growth of an ecosystem of business associates providing a vast array of services to covered entities mean that the potential exposure of protected health information to breaches — whether by identity theft hackers, disgruntled employees or former employees, and even well-meaning but uninformed employees — is enormous.

The key to ensuring that a breach doesΒ not become a company-destroying event is preparedness — having a plan, documenting the plan, executing on the plan. Having a convincing compliance story to tell (and show) in the event of an government audit, a complaint or breach investigation, or even a private lawsuit, will go a long way toward mitigating the effect on your organization.

So it’s time to talk to the man with the plan. When you’re ready to talk about HIPAA compliance — for the startup, for the enterprise, for the covered entity, for the business associate — you know where to find me.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

Filed Under: Compliance, Digital Health, Ehealth, Health 2.0, Health care policy, Health Law, HIPAA, HIT, Home Health, Hospitals, Mobile health, OCR, Physicians, Privacy, Security

you might also like:

  1. HIPAA Phase 2 Audit Protocol Released; More Details Emerge

  2. HIPAA Audits: OCR Finally Announces Phase 2

  3. HIPAA Audits: The Latest Oracular Prognostications

« Accountable Care Organizations: The Show So Far
MedicineX: Patient-Centered Health Information Exchange »

Follow me on Twitter

David Harlow πŸ’‰πŸ˜· Follow 43,243 17,535

Mastodon @healthblawg@c.im #HealthCare #MedDevice #Compliance #Privacy @MyOmnipod #HIPAA #digitalhealth #HarlowOnHC #pinksocks Tweets are tweets No more no less

healthblawg
healthblawg avatar; David Harlow πŸ’‰πŸ˜· @healthblawg ·
16m 1641120626864799747

ICYMI> Osagie Ebekozien MD, Chief Medical Officer, T1D Exchange β€” Harlow on Healthcare https://healthblawg.com/2022/02/ebekozien-t1dexchange-harlowonhealthcare.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Osagie Ebekozien MD, Twitter feed image.
Reply on Twitter 1641120626864799747 Retweet on Twitter 1641120626864799747 0 Like on Twitter 1641120626864799747 0 Twitter 1641120626864799747
healthblawg avatar; David Harlow πŸ’‰πŸ˜· @healthblawg ·
3h 1641080431243042816

The latest Harlow On Health Care Daily #HarlowOnHC #digitalhealth #healthcare #innovation #privacy #hcldr Thx: @joyclee @ClimaxBetty @_timos_ #digitalhealth #healthtech

Image for twitter card

What satisfied EHR users do differently

healthcareitnews.com A new Arch Collaborative user's guide dives into what 3,000 highly satisfied electronic health reco...

paper.li

Reply on Twitter 1641080431243042816 Retweet on Twitter 1641080431243042816 0 Like on Twitter 1641080431243042816 0 Twitter 1641080431243042816
healthblawg avatar; David Harlow πŸ’‰πŸ˜· @healthblawg ·
7h 1641015055335432193

ICYMI> Paul Schrimpf, at Prophet Consulting, Driving Health Care Transformation β€” Harlow on Healthcare https://healthblawg.com/2022/12/paul-schrimpf-prophet-consulting.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Paul Schrimpf, at Twitter feed image.
Reply on Twitter 1641015055335432193 Retweet on Twitter 1641015055335432193 1 Like on Twitter 1641015055335432193 0 Twitter 1641015055335432193
Load More
Follow me on Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2023
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]