HIPAA Survival Guide Radio

This show concludes our exploration of what documents you should be tracking within your organization to be HIPAA/HITECH compliant. The number of documents will likely surprise even experienced practitioners. We will take a methodical approach and walkthrough the documents required for the following: 1) the HIPAA Privacy Rule; 2) the HIPAA Security Rule; and 3) the HITECH Breach Notification Rule.

This show (and the next few) will explore what documents you should be tracking within your organization to be HIPAA/HITECH compliant. The number of documents will likely surprise even experienced practitioners. We will take a methodical approach and walkthrough the documents required for the following: 1) the HIPAA Privacy Rule; 2) the HIPAA Security Rule; and 3) the HITECH Breach Notification Rule.

This show will conclude our exploration of what you should expect from an OCR audit. We will conclude our review of the HIPAA Security Rule and start reviewing what to expect from a HITECH Breach Notification inquiry. 

  This show will continue to explore what you should expect from an OCR audit. We will conclude our review of the HIPAA Privacy Rule and start reviewing what to expect from a HIPAA Security Rule audit. Contrary to popular belief, audits are not these mystical "gotcha" exercises, but rather a methodical walkthrough of the following: 1) the HIPAA Privacy Rule; 2) the HIPAA Security Rule; and 3) the HITECH Breach Notification Rule.

  This show will continue to explore what you should expect from an OCR audit. Contrary to popular belief, audits are not these mystical "gotcha" exercises, but rather a methodical walkthrough of the following: 1) the HIPAA Privacy Rule; 2) the HIPAA Security Rule; and 3) the HITECH Breach Notification Rule. Auditors, by definition, have to deal with the "reality on the ground" which are the pertinent statutes and regulations. There are systematic ways to attack each of the Rules identified above and we will review those with our audience. We will also review strategies that can help you avoid a finding of "willful neglect."

This show will explore what you should expect from an OCR audit. Contrary to popular belief, audits are not these mystical "gotcha" exercises, but rather a methodical walkthrough of the following: 1) the HIPAA Privacy Rule; 2) the HIPAA Security Rule; and 3) the HITECH Breach Notification Rule. Auditors, by definition, have to deal with the "reality on the ground" which are the pertinent statutes and regulations. There are systematic ways to attack each of the Rules identified above and we will review those with our audience. We will also review strategies that can help you avoid a finding of "willful neglect."

This show continues our discussion of disruption in healthcare and the impact that has on HIPAA/HITECH regulatory compliance. It explores healthcare compliance literacy and governance strategies that need to be implemented in this brave new online world we all now inhabit. As Yogi Berra famously said: "The future ain't what it use to be."

  This show will explore the disruption occurring in the healthcare industry  (HITECH, EHRs, ACOs, mobile, cloud computing, social media) and why it  creates an inflection point in healthcare privacy and security compliance.    It also explores why healthcare compliance literacy needs to be re-examined in a world where a half century of repressed change will be unleashed in the healthcare industry over the next five years.   As Yogi Berra famously said: "The future ain't what it use to be."

This show will inform our listeners regarding Veriphyr's flagship product which analyzes identities, activity, and privileges to expose access weaknesses that enable insiders and intruders to capture, leak, or alter data through breach of systems, applications, databases, and networks. We probe into the important problem solved by Veriphyr including addressing some of the vulnerabilities inherent in HIPAA access security. Alan Norquist brings has more than 20 years of management experience building businesses that provide compliance, security, and line-of-business solutions for large and medium-sized enterprises. Alan co-founded Cambridge Technology Partners (CATP) and was instrumental in driving the company's growth and expansion into new markets.

This show will explore the intersection of Healthcare and Social Media from the perspecticve of HIPAA compliance.  Healthcare, as a whole, has widely adopted social media and the adoption rate appears to be acclerating. Best practices are emerging regarding how social media should be used in a manner consistent with the HIPAA Privacy and Security Rules. This show will explore these emerging best practices.

  This show will explore the question "What is the Cloud?" and the opportunities and potential pitfalls of widespread adoption within the healthcare industry, including privacy and security issues. The basic definition of the "Could" is often confusing because of the jargon related to the public cloud, private clouds, community clouds, etc. The healthcare industry is moving to the Cloud in a big way and we applaud the move. Cloud economics will contribute to bending the healthcare cost curve. Although the Industry’s embrace of the Cloud is accelerating (and ambitions), historically healthcare has not rapidly adopted enabling technologies. This show will further explore healthcare's historically slow technology adoption rate and why this is not the case with respect to the Cloud. With respect to privacy and security, the show will focus on the due diligence necessary when making the move to the Cloud.

  Jay is co-founder of Mulholland Information Security.  Mulholland specializes in providing HITECH/HIPAA security assessments and other related offerings. Co-founder Jay Trinckes is a HITECH/HIPAA thought leader and author of a soon to be released book entitled: “The Definitive Guide to Complying with the HIPAA/HITECH Privacy and Security Rules.” He is also the author of our HITECH/HIPAA April 2012 Newsletter article entitled: “Dispelling the Top Ten (10) Myths of HIPAA/HITECH Compliance.” We will be discussing Mulholland’s experience regarding helping covered entities perform security assessments, including penetration tests, and other technical specifics germane to Mulholland’s  approach. We will also spend some time discussing Jay’s upcoming book and his view of the state of the industry as HHS prepares to release its Omnibus Rule in April 2012.

Sylint has developed a national reputation as a leader in its field, is cited in Westlaw and is appointed as a Special Master to the court in technically complex cases. Sylint's services cover both pre- and post-incident support, and address a broad range of regulations and requirements including HIPAA, PCI, Sarbanes-Oxley, and ISO 27001.   In his role as CTO, Serge is responsible for all aspects of technical support and service delivery, including system architecture, network design, component review, technical compliance, remediation, code development, and data recovery. We will be discussing with Serge Sylint's experience helping clients with HIPAA Security Rule implementations.

The focus of newsletter, webinars, and Radio Show has been on providing a better understanding of HITECH / HIPAA requirements and on providing insights into strategies that will help providers and business associates meet the objectives of the new regulations. However, it is often just as useful to examine the status quo and to analyze why existing strategies will no longer work.This show will discuss five compliance strategies guaranteed to fail: 1) ostrich; 2) our staff's on top of it; 3) members of our legal team are compliance experts; 4) not invented here--healthcare is so different; and 5) the docs know best.

This show will illustrate the concept of a comprehensive HIPAA Privacy Rule checklist. The point is not that checklists are good or bad, the point is that a simplistic checklist will produce certain results and a more comprehensive checklist will produce a different kind of results. The best way to prepare for an HHS audit is to have your own comprehensive checklist (obviously based on the statutes and regulations) that demonstrates that you are in compliance.