Intermountain Healthcare deserves praise for its gutsy leadership on information security. It's calling attention to the value of thorough risk assessments, acknowledging its need to improve security and developing best practices to share.
Intermountain Healthcare stepped up its risk assessment efforts to better identify security issues and help ensure it can pass a federal HIPAA audit. Plus, it's developing security best practices to share with others.
Many healthcare organizations can improve their risk assessments by thinking about those evaluations in a new way, says privacy and security attorney Kirk Nahra.
Federal advisers are considering options for reinforcing the importance of risk assessments in the rules for Stage 3 of the HITECH Act's incentive program for electronic health records.
A $400,000 federal penalty stemming from the investigation of a breach at a clinic owned by Idaho State University is the latest example of how even relatively small security incidents can trigger hefty sanctions.
Under HIPAA Omnibus, business associates are now directly liable for HIPAA compliance. But covered entities need to take steps to ensure their BAs are, indeed, HIPAA compliant, says privacy attorney Stephen Wu.
Security specialist David Newell outlines common pitfalls healthcare organizations need to avoid when conducting a risk analysis - such as focusing on an insufficient, narrow HIPAA compliance assessment.
When it comes to HIPAA Omnibus Rule compliance, smaller physician practices must guard against complacency because they could be held accountable, warns compliance expert Marjorie Satinsky.
Business associates and subcontractors that handle protected health information must prepare for audits and enforcement actions under the HIPAA Omnibus Rule, says security expert Susan Lucci.
Smaller healthcare organizations with limited resources will find HIPAA Omnibus Rule compliance preparation particularly challenging. But experts point to useful online resources and offer tips.
The federal HIPAA compliance audit program won't resume until this fall at the soonest, says Susan McAndrew of the HHS Office for Civil Rights. She describes specific steps that organizations can take to prepare.
As organizations get ready to comply with the HIPAA Omnibus Rule, they also must scrutinize longstanding HIPAA compliance challenges. Experts highlight the key areas of concern.
Attorney Marcy Wilder explains why the HIPAA Omnibus Rule means many healthcare organizations will need to change their approach to determining if an incident is a breach that must be reported.
The Department of Health and Human Services conducts three types of audits or investigations involving privacy and security issues. But preparing for any of these inquiries requires similar steps, experts say.
Too many healthcare organizations conduct a HIPAA compliance assessment instead of a comprehensive risk analysis, says security specialist Dave Newell, who also points out other common mistakes.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing omnibus.healthcareinfosecurity.com, you agree to our use of cookies.
