Healthcare compliances training and discussion blog

Posts tagged ‘HIPAA Compliance Training’

Does the cloud provide an easier route to HIPAA compliance?


A lot of confusion has been raised regarding the compliance of cloud to the HIPAA. On the contrary, the healthcare community itself is not very sure of it and is looking at it as a double edged sword. The cloud presents you a shimmering picture of cost-effective option. It provides you a solution due to which analyzing massive data and the ability to store will become affordable. But the other side seems be bleaker as there are many who are yet to come to terms with this new rule-set of HIPAA, especially those that are now part of the recently published HIPPA omnibus rule. It is better to dig deeper on this to understand instead of merely speculating on the fringes whether to migrate or not to the cloud?

The omnibus rule that was put forth in the last month has further tightened the grip of HIPAA on those who are entrusted with responsibility of protecting the health information.The rule also has increased penalty on the business associates and covered entities, who fail to comply with the HIPAA. At present, there a lot of misconceptions as well as fear regarding use of the cloud. As a result many healthcare organizations and health service providers are shying away from switching over to the cloud. Not taking rescue under the in the latest cloud technology umbrella might result in loss a good deal in terms of both compliance and finances for organizations that wish to play safe.

Can Cloud Computing Really Rescue Health Care And Make It HIPAA Compliant?

Recent times has revealed to the health care sector the various weird and amazing ways in which data breaches can occur and do occur. Many times it occurs due to infrastructure loss, physical theft, or due to sheer negligence (when someone forgets a laptop or forgets to shutdown their PC).

The above scenario of data exploitation and data theft is easily manageable through use of cloud technology. Cloud computing can be more helpful in such cases because herein you can stop the breaches by using services of physical security policies such as the Amazon wherein all the things that can be carried out with the data can be published. Cloud technology is most certainly is far more efficient than what a single group running its infrastructure can accomplish after a lot of personal investment. Of course, reduction in the amount of health data breach is the first benefit of cloud computing.

Deft monitoring of security and the privacy of the infrastructure through automation is the second benefit of cloud. Basically, when the infrastructure program is being written, the infrastructure is coded and thousands of tests are conducted on various levels. Such through levels of tested programs provide a secure base that everything is done in order to automate the expected results and that the infrastructure automatically works the way in which you want it to. Hence, when things start showing changes in the infrastructure code you immediately smell smoke and try to find out the reason for it. Trying to search for the reason for changes in your infrastructure ultimately makes you provide more security to your data.

HIPAA omnibus rule has placed great emphasis on the factors that can risk the health data and the breach notifications. The cloud services developers provide you with the documentations that carry highly detailed processing systems due to which remaining HIPAA compliant as well as cost-efficient does not seem as uphill task. All the instructions that are part of the cloud computing program are written in plain and simple readable English which can be easily defined by anybody in the health business. This gives the HIPAA operators full knowledge about the compliance and non-compliance and related decision. It also helps even the non-technical staff to gain an insight into overall work pertaining to the HIPAA compliance owing to which the overall efficiency of an organization is certain to elevate.

Only six months are left for the covered entities and the partners to become HIPAA compliant and hence it is important that they take steps to understand these benefits of the new cloud computing.

Data breaches in health sector have been damaging the credibility of many health institutions and many times the culprits were left untracked as they were much smarter than the security system of the institutions. Shifting to the cloud is a major decision, which can be taken by the entities only when they thoroughly understand its contribution in lessening the burden of finance as well as maintaining to the strict rules of the HIPAA compliance.

One wonders, what is keeping these people at the fences when one way or the other they are not left with any other alternative than to migrate to the cloud!

About emPower
emPower  is a leading provider of comprehensive Healthcare Compliance Solutions through Learning Management System (LMS). Its mission is to provide innovative security solutions to enable compliance with applicable laws and regulations and maximize business performance. empower provides range of courses to manage compliance required by regulatory bodies such as OSHA, HIPAA, Joint commission and Red Flag Rule etc. Apart from this emPower also offers custom demos and tutorials for your website, business process management and software implementation.

Its Learning Management system (LMS) allows students to retrieve all the courses 24/7/365 by accessing the portal. emPower e-learning training program is an interactive mode of learning that guides students to progress at their own pace.

For additional information, please visit http://www.empowerbpo.com.

Media Contact (emPower)
Jason Gaya
marketing@empowerbpo.com

$1.5M Fine Marks A New Era In HITECH Enforcement


Data breach at BlueCross BlueShield of Tennessee and subsequent penalty stands an example of the financial fallout from poor healthcare IT security practices

By Ericka Chickowski, Dark Reading
Contributing Writer

Enforcement actions from the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) just reached a new level of reality last week when the department announced a $1.5 million settlement with BlueCross BlueShield of Tennessee over a 2010 data breach, making the organization the first pay out penalties since the Health Information Technology for Economic and Clinical Health Act (HITECH) went live in 2009. The question now is whether such tangible examples of financial fallout will convince healthcare IT to invest in better security measures.”It’s certainly a warning shot for the healthcare industry,” says John Nicholson, counsel for the global sourcing practice at Washington, D.C.-based law firm Pillsbury Winthrop Shaw Pittman LLP. “But is that a sufficient amount to act as a deterrent? It’s hard to tell at this point. It’s at the upper end of what organizations can be penalized and when you break it down it equals about a buck a record lost. For companies that are dealing in millions of records, that penalty can add up. But that’s just at very large companies. And data breaches are becoming sufficiently routine that everyone sort of looks at it and goes, ‘Eh, it’s another one.'”

But Nav Ranajee, director of healthcare vertical for CoreLink Data Centers, believes that starting to hit the big organizations in the pocketbook and making a spectacle out of the process should have the desired effect. Many of these organizations have been deprioritizing security because there just hasn’t been enough financial incentive to push it up the stack on the IT to-do list, he says. The HHS making the risk of pecuniary damage a real risk of failing to comply with Health Insurance Portability and Accountability Act (HIPAA Training) security requirements changes that financial equation for these organizations, he says.

“What I’m seeing now when we talk to our clients, say a hospital or a business associate like a software company that services a hospital, is that when it comes to HIPAA, the first priority of a CIO has historically to allocate funds to get that new EMR in house or that new clinical system, because that’s going to pay off in revenue,” he says. “But when it comes to making sure HIPAA requirements are up to date, that’s usually the last line item on the budget because it’s really a sunk cost. Now they’re going to have to look at the risk involved and wonder ‘Do I risk having a million dollar lawsuit if I don’t put the right security protocols in place?'”

The settlement BlueCross BlueShield of Tennessee paid to HHS was a penalty for failing to prevent a breach that saw the theft of 57 unencrypted hard drives containing recordings of customer service phone calls. The drives were left behind in a data closet after the company stopped using a leased facility.

“This settlement sends an important message that OCR expects health plans and healthcare providers to have in place a carefully designed, delivered, and monitored HIPAA compliance program,” said Leon Rodriguez, director of HHS OCR. “The HITECH Breach Notification Rule is an important enforcement tool and OCR will continue to vigorously protect patients’ right to private and secure health information.”

According to Nicholson, the breach is a good lesson to healthcare organizations on how compliance really could have helped the security of the organization and maybe even prevented a breach. “One of the things that HIPAA and HITECH require is that you go through an assessment of your policies and procedures whenever your operations significantly change. I don’t know for sure, but it seems like BlueCross BlueShield of Tenessee may not have done that evaluation. If they had done it, they might have said, ‘We’ve got these hard drives containing this unencrypted PHI and it’s in a locked closet but that’s not sufficient in this leased space,'” he says. “That’s probably a lesson to healthcare organizations. You really need to do those evaluations anytime a significant aspect of your operation changes that has implications on PHI.”

For his part, Ranajee says the BlueCross BlueShield of Tennessee incident stands as yet another testament of the importance of encryption for healthcare data protection.

“Really, it’s all about making sure that if you have data servers in your office or workplace, they need to be locked down–they need to locks on them–and they need to be encrypted,” he says. “Those are two of the main things that are not commonplace but they should be.” Health Care Compliance

Have a comment on this story? Please click “Add Your Comment” below. If you’d like to contact Dark Reading’s editors directly, send us a message.

How to understand the new HIPAA requirements to make sure you’re in compliance


The American Recovery and Reinvestment Act of 2009 (ARRA), also known as the stimulus bill, contains the HITECH Act that amends the Health Insurance Portability and Accountability Act (HIPAA), which was enacted in 1996.

“When HIPAA was first enacted, the health care industry was paper driven,” says Jeff Porter, a director with Kegler, Brown, Hill & Ritter. “HITECH is addressing some long-standing issues with HIPAA, as well as some newer issues that have arisen as a result of the advent of electronic health records and the online transfer of health information.”

Among the significant changes are the expansion of enforcement to states’ attorneys general and expansion of privacy and security provisions related to “business associates” and new breach notification provisions. In addition, penalties can now be imposed on individuals as well as entities.

Smart Business asked Porter for more information about the changes to HIPAA Training.

Who is covered by HIPAA?

You or a legal representative can determine whether you are a covered entity. The website for the U.S. Department of Health & Human Services (HSS.gov) and the Office of Civil Rights (OCR) provide good guidance in this regard. Covered entities typically include hospitals, nursing homes, medical offices that provide treatment and bill for those services, health insurance plans, and health care clearinghouses (e.g., companies that convert health records and other information into the coding necessary for billing and research). If you are a business associate of a covered entity (e.g., a medical billing firm or a home health care agency), and you are obtaining information for a purpose the covered entity might use it for, you fall under the HIPAA provisions which apply to business associates.

What changes have been made regarding penalties for noncompliance?

The penalties have changed in a couple of significant ways. First, in regard to enforcement, previously penalties could only be imposed on covered entities – now penalties can be imposed on individuals as well. If someone within an organization willingly neglects and doesn’t comply with the rules and makes wrongful disclosures, he or she will be subject to fines, as well as possible imprisonment. Second, in the past, enforcement and violations were addressed solely at the federal level by the Office of Civil Rights. Now, attorney generals are empowered to deal with enforcement and violations as well.

What is the impact on state privacy laws?

Although many believe that HIPAA is the sole controlling authority related to patient privacy, it does not however preempt state privacy laws and regulations. If provisions in the state privacy laws are more restrictive, then those provisions apply in addition to HIPAA. For example, Ohio has some of the stricter state privacy laws in regard to disclosure of protected health information. These laws have to be evaluated and reviewed to determine what additional actions might be needed in terms of notification and disclosures. The question for the future is whether states with these stricter privacy measures will impact exchange of health information with other states. In coming years, if we are going to have more free-flowing medical information, these issues will need to be addressed.

What is considered protected health information?

Protected health information is identifiable information related to treatment of a patient and that is maintained by a covered entity. In certain circumstances covered entities can release this information without authorization, for purposes of treatment, billing and health care operations. Covered entities can’t release information beyond those purposes without authorization of the patient. In addition, specific types of information are viewed as more sensitive (e.g., mental health and substance abuse information, information about certain diseases, such as HIV) in many states and more restrictions on disclosure exist at the state level.

What is a permissible disclosure?

Information can be disclosed if a patient authorizes it. Information must be disclosed by a protected entity if the HHS requests that information as part of an investigation. Permitted disclosures also include treatment information (to help treat a patient); information used to seek payment; or information used in the health care operations category if that information will improve the quality of care overall or part of the business overall.

Do patients have any new rights?

Patients will have a greater ability to try to find out who has accessed their protected health information. Past experience is that most patients never request such information. However, there will now be a greater ability for patients to request an accounting of disclosures. This means that covered entities and business associates could be asked to account for a good deal of information if they get a request. New regulations are being considered in this area, so it is an area to watch.

How can covered entities best keep up with the changes and protect themselves?

1) Keep an eye on releases from HSS about changes. 2) Consult with your legal representative. 3) Make sure your designated privacy officer is properly trained and that he or she is training your employees. 4) Keep open lines of communication with business associates and make sure any contracts you have with them include appropriate provisions that will require they comply with HIPAA and all other state laws which may come into play.

This article was originally posted at http://www.sbnonline.com/2012/03/how-to-understand-the-new-hipaa-requirements-to-make-sure-you%E2%80%99re-in-compliance/?full=1

 

HIPAA vs The Cloud


HIPAA Compliance: The objective behind

Sensitivity in maintaining individual health record of every person is too significant and this is what gets ensured under HIPAA security compliance, which aims at protecting an individual’s information to be obtained, created, used and maintained electronically at a specific healthcare unit or hospital. As a result of this rule, the healthcare unit is responsible for taking every measure to keep this information confidential, secure, reliable and free from any electronic interference. But healthcare units usually find it tough to meet the expectations of this security rule & it requires a more technical approach in abiding by the directives of the security rule.

Healthcare unit’s responsibility in ensuring HIPAA security compliance

Under HIPAA security compliance, each of the three aspects, namely administrative, technical and physical, has to be adhered to by implementation specifications. These specifications specify the modus operandi for meeting the three aspects. A healthcare unit or hospital has to either implement a security measure to achieve this objective, execute the given implementation specifications or, may not put into practice either one of the two. But as part of HIPAA compliance, the body has to document whichever choice it wants to implement and this document should additionally comprise of basis of the evaluation on which this decision has been arrived at. Outcome of all this can be visibly noticed in the form of a challenge for IT professionals working in health sector.

Shouldering HIPAA compliance responsibility with cloud computing vendor

No surprise, emergence of cloud computing looked like easing the scenario but with enough caution, given that an outside agency in the form of cloud providing associate is involved besides the healthcare unit. Because of this vendor-client partnering, the ultimate responsibility to abide by HIPAA compliance resting with the healthcare unit gets pooled with the vendor, since implementation gets carried out at the vendor end. Thus, there is much room for the sensitive information getting trickled at the remote location where cloud model has been setup. In this situation, the healthcare unit will have to adhere to all the security aspects and implementation specifications as discussed above, so as to satisfy the HIPAA security rule. In the process, the healthcare unit will have to extend its interference and control at the cloud computing associate’s location in terms of integrity, encryption, data transfer & management, etc., which this body earlier left up to business associate due to contractual limitations or budget constraints.

Documentation of roles

Obviously, the healthcare unit has an opportunity this way to allot even responsibility to its cloud computing business associate and keep it under the scanner, as if HIPAA compliance is not just the healthcare unit’s liability, but is as much an accountability of that vendor. The documented modus operandi of this body can well include the extent to which it has involved vendor and along with, ask the vendor to document its procedures and practices in following the technical requirements and the HIPAA compliance as a whole.

While cloud computing can be the technical answer for healthcare IT professionals to successfully satisfy HIPAA security compliance, the organisations in healthcare can well ensure strict adherence of HIPAA rules by shouldering equal responsibility with their cloud computing business associates.

About emPower eLearning

emPower  is a leading provider of comprehensive Healthcare Compliance Solutions through Learning Management System (LMS). Its mission is to provide innovative security solutions to enable compliance with applicable laws and regulations and maximize business performance. empower provides range of courses to manage compliance required by regulatory bodies such as OSHA, HIPAA, Joint commission and Red Flag Rule etc. Apart from this emPower also offers custom demos and tutorials for your website, business process management and software implementation.

Its Learning Management system (LMS) allows students to retrieve all the courses 24/7/365 by accessing the portal. emPower e-learning training program is an interactive mode of learning that guides students to progress at their own pace.

For additional information, please visit http://www.empowerbpo.com/HIPAA_Compliance_Training.html.

Cost Effective HIPAA Compliance Training Programs


emPower eLearning Solutions is excited to offer a training solution that will help organizations train their entire work population in a timely and cost effective manor. emPower eLearning Solutions Compliance Training is devoted to helping organizations meet the Administrative Simplification Act section 164.530(b)(1). This section requires employers to provide HIPAA Training awareness and Job Role policy training. Our course is designed to reach all level of employees from providers to billing clerks to housekeeping.

HIPAA’s intent is to reform the healthcare industry by reducing costs, simplifying administrative processes and burdens, and improving the privacy and security of patient’s information.

For More http://www.empowerbpo.com/HIPAA_Compliance_Training.html

Compliance Solution through Learning Management System


The Learning Management System is an e-management system, which manages e-courses imparted to the online learners. The basic idea is to educate and train students who come from diverse fields. There are many online learning courses offered, which educate people about safer and better working environment. LMS is a software package that provides a reliable platform for delivering of e- packages to the online learners around the world.

The LMS offers a multitude of advantages to the users, which makes make their access of the online courses quite easy.

  • The courses are completely managed online, hence it possible for every one to enroll, easily.
  • People are not bound by the time and distance and can easily access the on line courses of their choice from their own computer.
  • The courses are tailored to address the need of particular industry and LMS play a critical role by ensuring that all the relevant information is updated on regular intervals and brought to the knowledge of the students.

The online courses pertaining to Joint Commission, HIPAA, OSHO and Red Flag are smoothly managed and can be easily updated on a regular basis. This is a great feature that protects the organization from legal lawsuits due to non conformance on the part of employee due to lack of proper knowledge.

Ensures Compliance and transparency

The system keeps tracks of the individual performance and displays the result online, and gives the user a good understanding of the learning path that they have to undertake. They can also checks their progress and review their records at regular intervals. This helps the users to check, where they stands during different phases of the e-course. Learning Management System is a great boon for the organizations as it has a tracking system that quickly points to the non conformance of standards and reduces considerably the risks of legal actions due to lapse on the part of the employees or employers. It provides regular updates and ensures that the organization and its people stay abreast when it comes to following the requisite laws and regulations that are enforced by government regulatory authorities. The system also provides greater transparency by allowing the users to:

  • Set a predetermined course completion date that suits them.
  • Update themselves on their progress.
  • Know exactly how many people have completed the course at any given time.
  • Allows the candidates to view their results online

LMS in Safety and Healthcare Applications

The Learning Management System allows for better management of OSHA courses, which train workers about occupational safety standards employed in the workplace. There are various courses on protection from various hazards that workers face at work site.

Joint Commission courses for hospital accreditation are available, so that learners can enhance their knowledge about requisite standards. The aim is to make people aware about the norms that will help them greatly to increase the quality of patient care.

LMS in Security applications

The e-courses in HIPAA are well managed through Learning Management System. The course is about how to prevent identity theft and is of great use to patients and the insurance companies as it saves them from the fraud claims due to stolen identity and in the process saves millions of dollars.

Learning Managment System offers an interface thast makes it possible to address compliance issues, easily.

About emPower

emPower is a leading provider of comprehensive Healthcare Compliance Solutions through Learning management system (LMS). Our mission is to provide innovative security solutions to enable compliance with applicable laws and regulations and maximize business performance. We provide range of courses to manage compliance required by regulatory bodies such as OSHA, HIPAA, Joint commission and Red Flag Rule etc. Apart from this emPower also offers custom demos and tutorials for your website, business process management and software implementation.

Our Learning Management system (LMS) allows students to retrieve all the courses 24/7/365 by accessing our portal. emPower e-learning training program is an interactive mode of learning that guides students to progress at their own pace.

For additional information, please visit http://www.empowerlms.com/

Tag Cloud