Page 2 of 2
June 16, 2016
By Gerry Blass
Several healthcare organizations have recently reported that the U.S. Department of Health and Human Services Office for Civil Rights (OCR) has sent pre-audit screening surveys to a select number of Covered Entities (CEs) with the intention of starting their second phase of audits. The OCRs Phase 2 Audits will focus on an organizations’ compliance with HIPAA Privacy, Security, and Breach Notification rules, mandated by the HITECH Act and Omnibus final rule.
Read more
June 6, 2016
By Gerry Blass
The word “HIPAA” sounds very much like the “Hippocratic” oath.
From Wikipedia – “The Hippocratic Oath is an oath historically taken by physicians. It is one of the most widely known of Greek medical texts. In its original form, it requires a new physician to swear, by a number of healing gods, to uphold specific ethical standards, including privacy of confidential health information. Of historic and traditional value, the oath is considered a rite of passage for practitioners of medicine in many countries, although nowadays various modernized versions are often used.”
Read more
May 28, 2016
By Gerry Blass
If we go back to 1990 (back to the future), we remember that email, smart workstations , mobile devices, and the internet were not available and what we now refer to as protected health information (PHI) existed primarily in 3 locations (mainframes, backup tapes, and reports).
The technology explosion that began in the 90s increased the numbers of locations of PHI geometrically and, for the most part, information security controls have been implemented as a reaction to resulting threats and vulnerabilities (e.g. laptop encryption). And that is generally still the case today.
Read more
April 29, 2016
By Gerry Blass
Imagine trying to come up with the top ten things our planet should do to decrease vulnerabilities and threats. Looking at earth from 30,000 feet can make that seem easier to do. But if we zoom in to the details we could probably come up with hundreds of things to consider. The same is true with health information privacy and security. To come up with what we consider to be the top ten things to do to pass an Office for Civil Rights (OCR) audits and reduce risk of unauthorized access to your protected health information (PHI), we had to zoom out and look at what we have observed over the past several years from a very high level. Our top ten things to do are not listed in any particular order. Keep in mind that our top ten today will most likely change very soon and at least year to year. Here they are:
Read more
