Healthcare compliances training and discussion blog

Posts tagged ‘Security Compliance’

Safeguard your confidential data by implementing HIPAA Privacy Rule’s De-Identification Standard


A legislative act passed in year 1996, called HIPAA or in other words the Health Insurance Portability & Accountability Act affected the health care administration. For years, we have researched upon the safety rule along with three types of security safeguards based mainly on technical and physical grounds.

Amongst the above mentioned three safety points, we delved at the administrative safeguards and its obligatory as well as addressable implementation specifications. In this article, we will examine the main key factors pertaining to the technical and physical safeguards of the security rule. The motive of this article is to simplify and state the main concepts of HIPAA Privacy Rule’s De-Identification Standard.

Physical Safeguards

Physical safeguard rule laid by the HIPAA Privacy Rule’s De-Identification Standarddeals with the strategies and procedures required to be implemented in order to control physical admission to systems or devices containing health information and facilities covering electronic records.

It is therefore mandatory to take maximum care when beginning and removing hardware and software that deals with secured Health Information (PHI) from the network. Utmost care must be taken in disposing off any equipment which is on the edge of retirement, so that PHI contained within such systems is not compromised.

  • Health data stored in the equipment must be controlled and monitored carefully.
  • Access to the hardware and software must be operated by proper trained and authenticated individuals.
  • Make sure that workstations must be situated away from high traffic areas to avoid direct view of the monitor screens to the public.
  • The main person taking the services of contractors and agents must assure that the contractors and agents are professionally trained and are aware of their duties and responsibilities.

Technical Safeguards

Technical security measures deals with factors that require to be executed when transmitting health information electronically over open networks in order to ensure that health information do not go into wrong hands.

  • Responsible entity must follow a strict procedure to make sure information integrity which includes digital signature, check sum, message confirmation.
  • Execute right methods to confirm that the entity entitle to access the electronic records is the one it claims to be. There are some signs to confirm the same that includes card systems, password systems, giving a return call, and hand showing signs
  • Drafting and maintaining all policies implemented and practices followed for HIPAA Privacy Rule’s De-Identification Standard that needs to be presented as and when required by the compliance auditors.

Implementation Specifications

We cannot ignore with the healthcare compliance, as it becomes essential to safeguard Protected Health Information.

It is required to employ a system that will take utmost care of the health information, for this our heath care providers like doctors, hospitals and health plans must be given a unique identifier. At present most of them are using either tax-id numbers or employer identification number.

The security and privacy rules have laid down certain provisions to assure that the personal records of people is not misused, secured and kept confidential, any person failing to follow the rule will be fined up to $250,000 and possible jail time for severe enough violations by HIPAA. HIPAA rule was indeed designed and created to ease the massive process of health care administration.

About emPower

emPower is a leading provider of comprehensive Healthcare Compliance Solutions through Learning Management System (LMS). Its mission is to provide innovative security solutions to enable compliance with applicable laws and regulations and maximize business performance. empower provides range of courses to manage compliance required by regulatory bodies such as O.SHA, HIPAA, Joint commission and Red Flag Rule etc. Apart from this emPower also offers custom demos and tutorials for your website, business process management and software implementation.

Its Learning Management system (LMS) allows students to retrieve all the courses 24/7/365 by accessing the portal. emPower e-learning training program is an interactive mode of learning that guides students to progress at their own pace.

For additional information, please visit http://www.empowerbpo.com.

Report: Congress, Presidents, U.S. Supreme Court Have Obstructed OSHA Regulatory Process


Some OSHA regulations have been delayed for as long as 31 years, with presidents, Congress and the U.S. Supreme Court all contributing to the slowdown in the rulemaking process.

“The requirements on OSHA have nearly paralyzed the agency,” said Justin Feldman, worker health and safety advocate with Public Citizen and author of the report. “As a result, OSHA cannot adequately protect workers from toxic chemicals, heat stress, repetitive use injuries, workplace violence and many other occupational dangers. Inadequate regulation imposes tremendous costs on workers, who may be forced to pay with their health or even their lives.”

Because so much time and resources are spent trying to promulgate fewer standards, Public Citizen asserts that OSHA has been unable to address many other risks. For example, NIOSH has identified 682 toxic chemicals to which workers are exposed. OSHA has no existing regulation for 244 of these chemicals, meaning workers can be exposed to them at any level. For another 196 chemicals, OSHA’s standards offer less protection than NIOSH recommends. OSHA has regulated only two chemicals since 1997; industry, meanwhile, develops two new chemicals every day.

This article was originally posted at http://ehstoday.com/standards/osha/report_obstruction_osha_standards_1007/

HIPAA vs The Cloud


HIPAA Compliance: The objective behind

Sensitivity in maintaining individual health record of every person is too significant and this is what gets ensured under HIPAA security compliance, which aims at protecting an individual’s information to be obtained, created, used and maintained electronically at a specific healthcare unit or hospital. As a result of this rule, the healthcare unit is responsible for taking every measure to keep this information confidential, secure, reliable and free from any electronic interference. But healthcare units usually find it tough to meet the expectations of this security rule & it requires a more technical approach in abiding by the directives of the security rule.

Healthcare unit’s responsibility in ensuring HIPAA security compliance

Under HIPAA security compliance, each of the three aspects, namely administrative, technical and physical, has to be adhered to by implementation specifications. These specifications specify the modus operandi for meeting the three aspects. A healthcare unit or hospital has to either implement a security measure to achieve this objective, execute the given implementation specifications or, may not put into practice either one of the two. But as part of HIPAA compliance, the body has to document whichever choice it wants to implement and this document should additionally comprise of basis of the evaluation on which this decision has been arrived at. Outcome of all this can be visibly noticed in the form of a challenge for IT professionals working in health sector.

Shouldering HIPAA compliance responsibility with cloud computing vendor

No surprise, emergence of cloud computing looked like easing the scenario but with enough caution, given that an outside agency in the form of cloud providing associate is involved besides the healthcare unit. Because of this vendor-client partnering, the ultimate responsibility to abide by HIPAA compliance resting with the healthcare unit gets pooled with the vendor, since implementation gets carried out at the vendor end. Thus, there is much room for the sensitive information getting trickled at the remote location where cloud model has been setup. In this situation, the healthcare unit will have to adhere to all the security aspects and implementation specifications as discussed above, so as to satisfy the HIPAA security rule. In the process, the healthcare unit will have to extend its interference and control at the cloud computing associate’s location in terms of integrity, encryption, data transfer & management, etc., which this body earlier left up to business associate due to contractual limitations or budget constraints.

Documentation of roles

Obviously, the healthcare unit has an opportunity this way to allot even responsibility to its cloud computing business associate and keep it under the scanner, as if HIPAA compliance is not just the healthcare unit’s liability, but is as much an accountability of that vendor. The documented modus operandi of this body can well include the extent to which it has involved vendor and along with, ask the vendor to document its procedures and practices in following the technical requirements and the HIPAA compliance as a whole.

While cloud computing can be the technical answer for healthcare IT professionals to successfully satisfy HIPAA security compliance, the organisations in healthcare can well ensure strict adherence of HIPAA rules by shouldering equal responsibility with their cloud computing business associates.

About emPower eLearning

emPower  is a leading provider of comprehensive Healthcare Compliance Solutions through Learning Management System (LMS). Its mission is to provide innovative security solutions to enable compliance with applicable laws and regulations and maximize business performance. empower provides range of courses to manage compliance required by regulatory bodies such as OSHA, HIPAA, Joint commission and Red Flag Rule etc. Apart from this emPower also offers custom demos and tutorials for your website, business process management and software implementation.

Its Learning Management system (LMS) allows students to retrieve all the courses 24/7/365 by accessing the portal. emPower e-learning training program is an interactive mode of learning that guides students to progress at their own pace.

For additional information, please visit http://www.empowerbpo.com/HIPAA_Compliance_Training.html.

Doctor’s office settles with OSHA


A local doctor’s office has agreed to pay a $10,500 fine as part of a settlement with the Occupational Safety and Health Administration.

The Kirkland Family Practice also agreed to correct violations involving exposure of employees to needles and other sharp devices, infection control and employee training, according to a settlement signed Aug. 18 by Dr. Clem Kirkland.

In July, OSHA cited the office, 5928 Springboro Pike, with eight violations calling for a potential $32,000 fine.

In the settlement, OSHA withdrew citations involving steps taken after an employee suffered a needle-stick in June 2011 and annual employee training. OSHA reclassified and reduced the fines for other violations.

In addition to the fines, Kirkland agreed to rewrite its exposure control plan, including “annual consideration and implementation of safer needle devices” and “identification of the appropriate disinfectant to be used in decontaminating contaminated work surfaces.”

Kirkland also agreed to hire inspectors for annual job safety and health inspections for the next two years and to report “how each item was abated or corrected” to OSHA.

Kirkland did not return calls.

Cost Effective HIPAA Compliance Training Programs


emPower eLearning Solutions is excited to offer a training solution that will help organizations train their entire work population in a timely and cost effective manor. emPower eLearning Solutions Compliance Training is devoted to helping organizations meet the Administrative Simplification Act section 164.530(b)(1). This section requires employers to provide HIPAA Training awareness and Job Role policy training. Our course is designed to reach all level of employees from providers to billing clerks to housekeeping.

HIPAA’s intent is to reform the healthcare industry by reducing costs, simplifying administrative processes and burdens, and improving the privacy and security of patient’s information.

For More http://www.empowerbpo.com/HIPAA_Compliance_Training.html

OCR invites state AGs to gear up for HIPAA security crackdown


The Office of Civil Rights (OCR) in the Department of Health and Human Services is expanding its fight against HIPAA security and privacy violations, as mandated by the HITECH Act. The OCR, a relatively small office with limited manpower, is now inviting the attorneys general of all 50 states to receive training in HIPAA enforcement.

According to Government Health IT, the training course will help the attorneys general and their staffs understand HIPAA rules and the penalties for violating them, and also will teach them how to investigate possible violations. The HITECH Act gives the attorneys general the authority to bring civil actions in this area.

The two-day training courses will begin in April in Dallas, and will continue on in Atlanta, San Francisco, and Washington, D.C. OCR also will provide online training to supplement its in-person sessions.

In addition, OCR will supply information to state attorneys general about pending or concluded OCR actions against healthcare providers, health plans and business associates. So far this year, OCR has levied fines of $1 million against Massachusetts General Hospital and $4.3 million against Cignet Health for HIPAA violations or potential violations.

Besides the frequent losses and thefts of HIPAA-protected personal health information, which continue to be a major problem, John Moore of Chilmark Research has focused attention on a new challenge: Applications designed for Android mobile devices, he says, are insufficiently vetted for security gaps. Google Health recently had to remove 50 malware apps in the Android mode, he says.

Moore says that iPads–which are catching on rapidly among doctors–have less vulnerability because Apple scrutinizes outside applications more thoroughly for security flaws.

Tag Cloud