Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Top 5 Tips for HIPAA Compliance

Posted on December 17, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

Manny Jones, health care solution manager at LockPath, recently sent me 5 tips to consider in order to meet HIPAA guidelines. It addresses some of the following questions: What does the HIPAA Omnibus rule mean for me? How do I know if I’m compliant? Where do I even begin?

This list of 5 tips are a good place to start.

1. Be prepared for more frequent audits and a fine structure based on knowledge – The new tiered approach means organizations can face much higher fines if they’re not in compliance with the rule.

2. Update Notice of Privacy Practice (NPP) – These should explain that individuals will be notified if there is a breach, disclosures around areas that now require authorizations, and more. Once updated, organizations should redistribute to patients and others to ensure they’re aware of changes.

3. Develop new processes – These should address additional restrictions on use or disclosure of protected health information (PHI).

4. Identify assets containing PHI – Once an organization has an inventory of these assets, they can determine where safeguards/breach notification obligations apply.

5. Understand the new definitions – Organizations should understand how “breach” and “business associate” are now defined and how they apply to their organization.

For those wanting to really dig into the details of HIPAA compliance, you’ll want to consider a HIPAA Compliance training course. These are easy online courses for both the HIPAA privacy officer or your staff. As is noted above, more frequent audits and fines are coming.

Hacking HIPAA – Patient Focused Common Notice of Privacy Practices

Posted on June 27, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

How can you not be interested in an article that talks about hacking? Of course, in this case I’m talking about hacking in a much more general since. Most people think of hacking as some nefarious person compromising a system they shouldn’t be accessing. The broader use of the term hack is to create something that fixes a problem. You “hack” something together to make it work.

This is what David Harlow, Ian Eslick, and Fred Trotter had in mind when they got together to hack HIPAA. They wanted to create a HIPAA Notice of Privacy Practices (NPP) that would provide meaningful privacy choices for patients while still enabling the use of the latest technology. Far too often HIPAA as seen as an excuse for why doctors don’t use technology. However, if the NPP is set up correctly, it can enhance patient privacy while allowing use of the latest technologies in your practice.

The Hacking HIPAA team decided to leverage the power of crowdfunding to see if they could collaboratively develop a patient focused Notice of Privacy Practices. I really love the idea of a Common Notice of Privacy Practices. If you like this idea, you can help fund the Hacking HIPAA project on MedStartr.

For those not familiar with crowdfunding, imagine your healthcare organization getting $10,000 worth of legal work from one of the top healthcare lawyers for only $1000. Looked at another way, you get an updated Notice of Privacy Practices with all the latest HIPAA omnibus rules incorporated for only $1000. Call your lawyer and see if they’d be willing to provide an NPP for that price. Plus, your lawyer probably will just provide you some cookie cutter NPP they find as opposed to a well thought out NPP.

This is such a great idea. I hope that a large number of healthcare organizations get behind the project. I’d also love to see some of the HIPAA disclosure companies and EHR companies support the project as well. The NPP will have a creative commons license so those companies could help fund the project, provide feedback in the creation of the NPP and then distribute the NPP to all of their customers. What better way to build the relationship with your customers than to provide them a well thought out NPP?

If you want a little more information on how the Hacking HIPAA project came together, here’s a video of Fred Trotter talking about it. Also, be sure to read the details on the Hacking HIPAA MedStartr page.