HIPAA Omnibus Rule

Posted on April 30, 2013 by dennis

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) very recently released final modifications/regulations to the HIPAA Security, Privacy, Enforcement, and Breach Notification Rules.  This new rule is called the Omnibus Rule.

The final rules, which took effect in March 2013, include increased liability for non-compliance, as well as provide for direct liability for Business Associates and their sub-contractors.  This includes ACS.  However, this ruling is of no surprise to ACS, and in fact, has been anticipated for quite some time.  Long before the proposed regulations were released for public comment in 2009, ACS set it sights on complete and total understanding of protection of patient data, as it pertains to technical safeguards within our client environments.  Our Safeguard program and risk assessment tools have been widely accepted throughout the Kansas City healthcare community, for many, many years now.  We felt it important though to reitterate how important it is to choose the right business partner, particularly one that understands the highly regulated healthcare field.

It is also important to note that the final rules move HIPAA enforcement away from a traditionally voluntary compliance framework, and more towards a penalty-based arrangement.  Willful neglect is at the top of the list.  This is very important, and healthcare entities should pay particular attention to this one.  Neglecting your computer network, in many respects, is like leaving your house unlocked when you are away.  You never know who may walk in the door, or what they may do.  In addition to malicious attacks of your data, complete loss of data is also a very real and serious point to consider.  Imagine how your business would survive a complete loss of years worth of patient data, or for that matter, days or weeks worth of important business flow information or patient records.  The results could be devastating, and more than likely, would be.  So, in closing, ACS feels that regardless of what such a new ruling states, a comprehensive, common sense based approach to protecting data should always be top of mind.  We are here to help with that.

 

Posted in Healthcare I.T. | Tagged , , , , , | Leave a comment

EHR Vendors Form Alliance on Data Sharing

Posted on March 6, 2013 by dennis

A group of health IT vendors representing a large chunk of the market for electronic health records have launched the CommonWell Health Alliance, designed to increase interoperability among their systems, it was announced Monday at the annual convention of the Health Information Management and Systems Society (HIMSS) in Orlando. 

Read more here:   http://www.informationweek.com/healthcare/electronic-medical-records/ehr-vendors-form-alliance-on-data-sharin/240149948

Posted in Healthcare I.T. | Tagged , , , , , | Leave a comment

Top Healthcare Breaches And The Rising Costs To Organizations

Posted on February 1, 2013 by dennis

The consequences of poor security controls and failing to protect patient healthcare data are costly data breaches, which have steadily increased since 2010, according to the Third Annual Benchmark Study on Patient Privacy and Data Security, issued recently by the Ponemon Institute and sponsored by Portland, Ore.-based ID Experts. The study analyzed 80 healthcare organizations, which included hospitals, clinics and integrated delivery systems, interviewing professionals who work in security, administrative, privacy, compliance, finance and clinical.  

To read the full article, click here:  http://www.crn.com/slide-shows/security/240147011/top-healthcare-breaches-and-the-rising-costs-to-organizations.htm?pgno=1

Posted in Healthcare I.T. | Tagged , , , | Leave a comment