CMS checklist for HIPAA security audits
February 29, 2008 at 10:26 pm (business, cms, email compliance, health care, health information, health records, healthcare, HIPAA, hipaa compliance, hipaa privacy, hipaa security, medical records, thoughts, tony trenkle)
The CMS (Centers for Medicare and Medicaid Services) has posted a PDF checklist of several items relating to HIPAA Security On-site Investigation that health care providers might want to take a look at in preparing for HIPAA email compliance. I suggest reviewing this list if you are a health care professional that is curious what kinds of things you might want to have on the agenda to be ready for the upcoming HIPAA audits.
Hospitals get ready for HIPAA security compliance [part 3]
February 29, 2008 at 6:29 pm (archive email, business, cms, corporate, data retention, electronic communication, electronic document retention, electronic privacy, Email Archiving, email backup, email compliance, email management, email retention, email security, email storage, health care, health information, health records, healthcare, HIPAA, hipaa compliance, hipaa privacy, hipaa security, medical records, message archiving, news, privacy, thoughts, tony trenkle)
Ellen Messmer of Network World reports that lately hospitals have had more to worry about than just preparing for upcoming HIPAA security audits. “Health care organizations feel under increasing attack from the Internet,” Messmer writes, “while security incidents involving insiders and disappearing laptops with sensitive data are piling up.” Dr. John Halamka, CIO at both Beth Israel Deaconess Medical Center and Harvard Medical School in the Boston area, was quote as saying: “there is definitely an uptick in attacks. Privacy is the foundation of everything we do. We don’t want to be the TJX of health care.” She then turns to Don Jackson, researcher at Atlanta-based security services firm SecureWorks, who says: “health care organizations store a lot of valuable personal, identifiable information such as Social Security numbers, names, addresses, age, in addition to banking and credit-card information.” Jackson explains how cyber attacks are potentially beneficial to the pockets of criminals who obtain health insurance credentials to use in the “counterfeit document racket, especially in Central and South America.”
At least in terms of electronic communication, it might be time for some hospitals to turn to outsourced email archiving. Encryption, security, and access are all issues for health care providers right now, and these are three issues that email archiving services are well equipped to handle. It is time for hospitals to address the quality and success of their electronic patient data backup and protection. With HIPAA security audits right around the corner, the time to wait before integrating an email compliance solution is really over.
Health Information Privacy and Security Week 2008
February 21, 2008 at 6:14 pm (ahima, archive email, business, cms, data retention, Email Archiving, email compliance, health care, health information, healthcare, HIPAA, hipaa compliance, hipaa privacy, hipaa security, legal, message archiving, news, politics, security week 2008, thoughts, tony trenkle)
According to the American Health Information Management Association (AHIMA) website, the event often referred to as “hipaa security week” will be held April 13th – 19th, 2008. AHIMA states: “CONFIDENTIAL IS ESSENTIAL–Protect Health Information” is the theme for Health Information Privacy and Security Week 2008. This invaluable awareness event, held April 13th through 19, assures our communities that the industry takes extraordinary measures to put health information in the right hands and keep it there. It is a positive reminder of the importance every healthcare professional should place in this crucial aspect of medicine. A message that resonates throughout the nation’s facilities.”
With the CMS bearing down on the enforcement of HIPAA security compliance, this years health information privacy and security week will likely get taken a little more seriously. The protection of electronic patient health care data is an extremely important measure for our society to take, and I believe that the CMS’s current agenda is definitely helping the cause. Email compliance and email archiving solutions are necessities for health care professionals at this point, especially for those that do not want to deal with the repercussions handed down by Tony Trenkle and the Office of E-Health Standards and Services.
Hospitals get ready for HIPAA security compliance [part 2]
February 18, 2008 at 6:11 pm (archive email, business, cms, data retention, electronic communication, electronic document retention, Email Archiving, email audit, email compliance, email management, email retention, email security, health care, healthcare, HIPAA, hipaa compliance, hipaa privacy, hipaa security, legal, message archiving, news, oig, politics, thoughts, tony trenkle)
According to report on patient privacy (RPP), the industry’s most practical source of news on HIPAA patient privacy provisions, the compliance reviews which began last month “are separate and unrelated to audits being conducted by the HSS Office of Inspector General (OIG).” Tony Trenkle, director of the CMS Office of E-Health Standards and Services, told RPP that “the focus is broader than just hospitals, although they are included. In the future we may work with OIG, but these are two separate proceses.” Trenkle’s senior policy advisor, Lorraine Tunis Doo, added: “we will interview the people who are appropriate to the documentation and policy and procedures that we need to evaluate. Whoever is relevant will need to be there. It could be different at every review.” In regards to the 283 security complaints logged by the CMS as of December 2007, Trenkle said: “the majority of allegations are of inappropriate access and risk of inappropriate disclosure.”
Well, as the Centers for Medicare and Medicaid Services (CMS) start to integrate the compliance review process there are a bunch of pertinent questions that come to my mind. Firstly, how will the CMS reviews impact the current state of electronic patient health care data and email management? Would a serious HIPAA violation change the way that electronic information is managed by health care providers? What is the difference between a HIPAA security compliance review and an OIG audit? Would the agency doing the testing (OIG or Office of E-Health Standards and Services) impact the stringency required for the security and privacy of an email archiving system? Will the OIG and CMS Office for E-Health Standards and Services be working together in the future? If the answer is yes, would this create a uniform policy and method for testing electronic patient health care data? Would the OIG merely be setting the stage for Tony Trenkle by doing preliminary investigation work? How many entities will be reviewed? What other health care providers and facilities will be subject to HIPAA email compliance regulations besides hospitals? Stay tuned for updates.
Simplicato's Weblog 