Company Information

489 Boylston Street Suite 2
Brookline, MA 02445
Tel: 781.454.7406

Friday, June 21, 2013

We've moved

You can now follow us at:

HIPAA Compliances Solutions helping medical practices stay out of willful neglect!!!

Thursday, May 16, 2013

HHS/OCR/WEDI Sponsoring free 4-Part Webinar Series on new HIPAA Rules

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the Workgroup for Electronic Data Interchange (WEDI) is launching a series of co-sponsored webinars on various aspects of the Omnibus HIPAA Rulemaking.  The 90-minute webinars are specifically designed for small health care providers, with a focus on practical strategies for implementing the Omnibus Rule changes within a small clinical practice.

The virtual sessions are scheduled for June 14, June 28, July 17 and July 26, 2013 from 1:00pm – 2:30pm Eastern Time on the following topics:

•             HITECH Omnibus Overview of the Rule -  June 14

•             Drill down on the new HITECH Privacy Rule - June 28

•             Breach and Enforcement under the HITECH Omnibus Rule - July 17

•             Business Associates and the HITECH Omnibus Rule  - July 28

Registration is free of charge and available at:

Friday, April 5, 2013

HIPAA Compliance and Encryption

As part of being HIPAA compliant, covered entities and business associates are responsible for protecting patient health information (PHI). Onc way to protect PHI is to encrypt devices that provide access to PHI. You can learn more about encryption and PHI at

Monday, April 1, 2013

Final HIPAA/HITECH Omnibus Rule has gone into effect

The OCR (Office of Civil Rights) may be calling you!

Covered entities and business associates must  comply with the final Omnibus Rule by Sept. 23rd 2013.   The US Department of Health and Human Services (HHS) Omnibus Rule has put in place privacy, security, and enforcement under the HIPAA/HITECH.

Are you prepared to be fully HIPAA Compliant?

· Have you had a Risk Assessment done this past year?
· Have you updated you Notice of Privacy Practices and patient authorization forms?
· Have you updated your business associate agreements?
· Do you have a Breach Response Plan and a Contingency Plan in place?
· Do you have a revised HIPAA Policy and Procedures Manual?
· Have you trained your employees on HIPAA Policy and Procedures each year and documented it?

If you answer NO to any of these questions, it is a good bet you will be in line for a HIPAA audit as you are probably in “Willful Neglect”.  Mandatory fines for Willful Neglect start at  $50,000, however in some cases, even for small physician practices the fines have been $100,000. Based on level of negligence, fines can be as high as $1,500,000.

Leon Rodriguez, HHS OCR Director, noted in a press release that the Omnibus Rule:

...marks the most sweeping changes to the HIPAA Privacy and Security Rules since they were first implemented.  The changes not only greatly enhance a patient’s privacy rights and protections, but also strengthen the ability of my office to vigorously enforce the HIPAA privacy and security protections, regardless of whether the information is being held by a health plan, a health care provider, or one of their business associates.

Vitruvian MedPro is offering an affordable, comprehensive, Turnkey  HIPAA Compliance Solution complete with:

· Risk Assessment and Risk Management Plan
· 8 Step DVD training with savable PDF Documents
· 8 Step paper binder used for training
· Complete HIPAA Training Videos based on OCR, CMS AND NIST GUIDELINES
· Specific training for the HIPAA Compliance Officer
· FULL telephone and email support for one year

Call 781-454-7406 to schedule your FREE consultation!




Tuesday, March 19, 2013

HIPAA Compliance Changes Require Business Associate Agreement (BAA) Updates

Changes by Health and Human Services (HHS) /Office of Civil Rights (OCR) under the new HIPAA Final Onmibus Rule implements a number of provisions for HITECH to strengthen privacy and security rules. This rule expands many of the requirements to business associates of covered entities. Some of the largest breaches reported to HHS have involved business associates. Penalties are increased for noncompliance based on the level of negligence with a maximum penalty of $1.5 million per violation.
One of the changes requires you to update your BAA’s (see a sample)

Another change requires health care providers to update their Notice of Privacy Practices (NPP). You can review the highlights in the HHS Press Release link above.

At Vitruvian Medpro Consulting we help medical practices stay out of 'Willful Neglect' by providing an affordable and comprehensive turnkey HIPAA Compliance solution.

Wednesday, March 13, 2013

HIPAA Compliance Basics Links

With the new HITECH Omnibus rules, HIPAA compliance officers might want to revise their practice's HIPAA Compliance plan.   It always helps to go back to basics and review all the aspects related what makes a medical practice HIPAA compliant.
Below are links on HIPAA related topics:

Understanding Health Information Privacy

Covered Entity, Business Associate and Organizational Options

PHI Uses, Disclosures and Minimum Necessary

At Vitruvian Medpro Consulting we help medical practices stay out of 'Willful Neglect' by providing an affordable and comprehensive turnkey HIPAA Compliance solution.

Tuesday, March 12, 2013

New HIPAA Regulations

From our friends at AMBA:

In January, DHHS came out with new HIPAA final regs that are supposed to greatly enhance a patient’s privacy protections, provide individuals new rights to their health information, and strengthens the government’s ability to enforce the law.

At Vitruvian MedPro, we offer an affordable, comprehensive, turnkey HIPAA compliance solution that helps medical practices stay out of "Willful Neglect".