We've moved

You can now follow us at: http://vitruvianmedpro.com/blog/

HIPAA Compliances Solutions helping medical practices stay out of willful neglect!!!

HHS/OCR/WEDI Sponsoring free 4-Part Webinar Series on new HIPAA Rules

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the Workgroup for Electronic Data Interchange (WEDI) is launching a series of co-sponsored webinars on various aspects of the Omnibus HIPAA Rulemaking.  The 90-minute webinars are specifically designed for small health care providers, with a focus on practical strategies for implementing the Omnibus Rule changes within a small clinical practice.

The virtual sessions are scheduled for June 14, June 28, July 17 and July 26, 2013 from 1:00pm – 2:30pm Eastern Time on the following topics:

•             HITECH Omnibus Overview of the Rule -  June 14

•             Drill down on the new HITECH Privacy Rule - June 28

•             Breach and Enforcement under the HITECH Omnibus Rule - July 17

•             Business Associates and the HITECH Omnibus Rule  - July 28

Registration is free of charge and available at: http://www.wedi.org/forms/meeting/MeetingFormPublic/view?id=2C09800000249

HIPAA Compliance and Encryption

As part of being HIPAA compliant, covered entities and business associates are responsible for protecting patient health information (PHI). Onc way to protect PHI is to encrypt devices that provide access to PHI. You can learn more about encryption and PHI at

http://www.physicianspractice.com/ehr/data-encryption-101-medical-practices?GUID=9533E9BE-E642-4774-9B8C-7106375F772C&rememberme=1&ts=05042013

Final HIPAA/HITECH Omnibus Rule has gone into effect

The OCR (Office of Civil Rights) may be calling you!

Covered entities and business associates must  comply with the final Omnibus Rule by Sept. 23rd 2013.   The US Department of Health and Human Services (HHS) Omnibus Rule has put in place privacy, security, and enforcement under the HIPAA/HITECH.

Are you prepared to be fully HIPAA Compliant?

· Have you had a Risk Assessment done this past year?

· Have you updated you Notice of Privacy Practices and patient authorization forms?

· Have you updated your business associate agreements?

· Do you have a Breach Response Plan and a Contingency Plan in place?

· Do you have a revised HIPAA Policy and Procedures Manual?

· Have you trained your employees on HIPAA Policy and Procedures each year and documented it?

If you answer NO to any of these questions, it is a good bet you will be in line for a HIPAA audit as you are probably in “Willful Neglect”.  Mandatory fines for Willful Neglect start at  $50,000, however in some cases, even for small physician practices the fines have been $100,000. Based on level of negligence, fines can be as high as $1,500,000.

Leon Rodriguez, HHS OCR Director, noted in a press release that the Omnibus Rule:

...marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented.  The changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.

Vitruvian MedPro is offering an affordable, comprehensive, Turnkey  HIPAA Compliance Solution complete with:

· Risk Assessment and Risk Management Plan

· 8 Step DVD training with savable PDF Documents

· 8 Step paper binder used for training

· Complete HIPAA Training Videos based on OCR, CMS AND NIST GUIDELINES

· Specific training for the HIPAA Compliance Officer

· FULL telephone and email support for one year

Call 781-454-7406 to schedule your FREE consultation!

 

 

 

HIPAA Compliance Changes Require Business Associate Agreement (BAA) Updates

Changes by Health and Human Services (HHS) /Office of Civil Rights (OCR) under the new HIPAA Final Onmibus Rule implements a number of provisions for HITECH to strengthen privacy and security rules. This rule expands many of the requirements to business associates of covered entities. Some of the largest breaches reported to HHS have involved business associates. Penalties are increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation.

 

• Read the HHS Press Release http://www.hhs.gov/news/press/2013pres/01/20130117b.html
• Read the Final Rule in the Federal Register http://www.gpo.gov/fdsys/pkg/FR-2013-01-25/pdf/2013-01073.pdf

One of the changes requires you to update your BAA’s (see a sample)

http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contractprov.html

Another change requires health care providers to update their Notice of Privacy Practices (NPP). You can review the highlights in the HHS Press Release link above.

At Vitruvian Medpro Consulting we help medical practices stay out of 'Willful Neglect' by providing an affordable and comprehensive turnkey HIPAA Compliance solution.

HIPAA Compliance Basics Links

With the new HITECH Omnibus rules, HIPAA compliance officers might want to revise their practice's HIPAA Compliance plan.   It always helps to go back to basics and review all the aspects related what makes a medical practice HIPAA compliant.

 

Below are links on HIPAA related topics:

OCR Summary of Privacy Rule http://www.hhs.gov/ocr/privacy/hipaa/understanding/summary/privacysummary.pdf

Sample Business Associate Agreement http://www.hhs.gov/ocr/privacy/hipaa/understanding/coveredentities/contractprov.html

Understanding Health Information Privacy http://www.hhs.gov/ocr/privacy/hipaa/understanding/index.html

Covered Entity, Business Associate and Organizational Options  http://www.hhs.gov/ocr/privacy/hipaa/understanding/training/coveredentities.pdf

PHI Uses, Disclosures and Minimum Necessary  http://www.hhs.gov/ocr/privacy/hipaa/understanding/training/udmn.pdf

Breach Notification Requirements  http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html

At Vitruvian Medpro Consulting we help medical practices stay out of 'Willful Neglect' by providing an affordable and comprehensive turnkey HIPAA Compliance solution.

New HIPAA Regulations

From our friends at AMBA:

In January, DHHS came out with new HIPAA final regs that are supposed to greatly enhance a patient’s privacy protections, provide individuals new rights to their health information, and strengthens the government’s ability to enforce the law.

 

See more information at http://www.hhs.gov/news/press/2013pres/01/20130117b.html

Download New Regs: https://www.federalregister.gov/public-inspection

At Vitruvian MedPro, we offer an affordable, comprehensive, turnkey HIPAA compliance solution that helps medical practices stay out of "Willful Neglect".