|
|
HIPAA Compliance and HITECH Audit Training with Alvaka Networks
This is a question posed to me by, Aaron Goldberg of Ziff Davis Publishing and Eric Lundquist of Ziff Davis Publishing, during an IBM sponsored webinar this morning.
The fundamental questions focused around two areas, starting with, "Do Information Technology (IT) shops need to staff and prep for 24x7 operations?" In a polling question, 81% said, “Yes” they do need to do that. The subsequent discussion revolved around what options IT shops have to do that since they normally don’t have the budget, nor the human resources, required to do server monitoring and application monitoring combined with after hours staffing and remediation of issues. One solution to avoid building your own, was to contract with a firm that can provide augmented support 16x5 or 1
|
| I wrote a short blog on some of the changes that were instituted by the passage of ARRA and it incorporated HITECH provisions. If you follow the link at the bottom of this entry, you can go to an interview that I did with Search Security on the subject of VARs and Business Associates. "In this edition of “Patrolling the Channel,” see why the designation of “business associate” has given McDonald additional compliance challenges. The executive VP talks about the technical and non-technical controls being implemented for HIPAA’s sake.
|
| Kevin McDonald is executive vice president and director of compliance practices at Alvaka Networks, an Irvine, Calif.-based network, security and managed services consulting firm that is both a solution provider and a “business associate” according to HIPAA regulations.
In this edition of “Patrolling the Channel,” see why the designation of “business associate” has given McDonald additional compliance challenges. The executive VP talks about the technical and non-technical controls being implemented for HIPAA’s sake. He also shares why he thinks solution providers may be behind the curve when it comes to compliance with the healthcare regulation.
|
| Many were excited by the passing of Title XIII of ARRA, also known as the Health Information Technology for Economic and Clinical Health Act (HITECH Act). It was billed as providing up to $22 billion dollars for taxpayer money to, "advance the use of health information technology." What was not so well trumpeted during all of the excitement, were the massive increases in enforcement, penalties, the changing of the HIPAA enforcement responsibility from CMS to the Office of Civil Right and the extension of the HIPAA Rules to business associates of covered entities.
|
| What is HIPAA?
HIPAA (the Health Insurance Portability and Accountability Act) mandates the use of computers and patient privacy when dealing with patient data and information. These standards ensure the data will be transmitted on a standard that patient privacy and information is secure and within guidelines established for this act.
Policies
Security Standards should be put into place that help to prevent, detect security events and allow for the correction of HIPAA Security violations.
Companies and hospitals need a Risk Analysis so the vulnerabilities and possible risks can be evaluated. This ensures that the integrity and confidentiality is maintained. With this in place, companies can then look in to Risk Management to help reduce the risk of exposure of their records. With these two critical items in place, employees should be trained and informed of any repurcussions of failure to comply with these rules.
After setting the aforesaid policies in place, a review of the policies and procedures should take place. This includes the auditing of servers, workstations, logs, reports and any reports.
|
| Introduction
As passed by the United States Congress, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) will institute administrative reforms that will be phased in over the period 2000-2003. Of major importance in the HIPAA legislation is the issue of data and transaction standardization-a mandate very few healthcare providers can sidestep if they bill third parties for services provided to patients. The law also changes the way health care providers have to protect the privacy of a patient's health information and contains security procedures that must be followed to protect the integrity of a patient's health information.
HIPAA Project Team
Dr. Bob Harry, the Office of the Director IHS, is the national IHS HIPAA coordinator. To carry out his responsibilities, Dr. Harry has formed a multidisciplinary Team. This team will work with Dr. Harry to provide leadership and coordination of all efforts as IHS healthcare programs work to become HIPAA compliant.
The strategic plan developed by the headquarters HIPAA team calls for them to interpret the regulations and develop national policies needed to comply with them. The team will cooperate with regional and national I/T/U programs and provide them with related information and materials as they are developed for HIPAA compliance. Through the HQ HIPAA Team, Dr. Harry will monitor the progress of the HIPAA compliance effort by I/T/U programs.
It is expected that the IHS Area Offices will develop Area HIPAA compliance plans that will include policy development needed to achieve HIPAA compliance at the Area level. Also, the Area Offices will work with the local I/T/U programs in helping them become HIPAA compliant.
|
| HIPAA compliance forms are pieces of documentation that help medical facilities and other businesses comply with the provisions of the Health Insurance Portability and Accountability Act, or HIPAA. This federal law helps to protect the information of patients who are receiving medical care. All kinds of medical businesses take HIPAA compliance very seriously, and specific penalties apply to cases of misuse of patient data. HIPAA covers all kinds of medical environments, including inpatient and outpatient locations, and good compliance requires coordinated efforts at many different levels, where HIPAA forms can help streamline compliance efforts.
|
|
|
