Click here to see a replay of the "Security Risk Analysis: 12 Steps to Meaningful Results" webinar. 

Click her to see a replay of the Managing Risk and Achieving Security: Focus on the Business Associate Relationship Webinar.  Covered Entities need to be aware of the critical role that Business Associates play in assuring security of confidential information.  Today’s regulatory environment, patient/consumer engagement, and progress toward achieving regional and national health information exchange make the CE/BA relationship a primary concern for privacy and security officers.

Cignet Health (Cignet) has become the first covered entity to be issued a civil monetary penalty. The HHS Office of Civil Rights (OCR) has imposed a penalty of $4.3 million. The violations were a result of the new rules and regulations set forth in Section 13410(d) of the HITECH Act.

For further details see links below.

http://www.hhs.gov/ocr/privacy/hipaa/news/cignetnews.html

Summary of Changes to Questions Sets - Second Quarter 2010

We would like to notify you of changes that have been made to the ComplyTrack Risk Assessment questions in the Comprehensive Library for the Provider Baseline. As part of the Quarterly Review Process, the following Risk Assessments were reviewed this quarter:

As many are aware, the February 17, 2010 effective date for many of the HITECH provisions has passed. This has left many covered entities and business associates wondering how to proceed. According to hhs.gov, the relevant effective dates for provisions will be issued through Notice of Proposed Rulemaking (NPRM) and an eventual final rule.

On March 8, 2010, the American Hospital Association (AHA) submitted comments to CMS on its proposed "meaningful use" rule.

In a notice published in the Federal Register on August 4, 2009, Kathleen Sebelius, Secretary of the Department of Health and Human Services delegated authority to the Director of the Office of Civil Rights over the HIPAA Security rules.  With this delegation, the OCR is responsible for interpreting and enforcing both the HIPAA Privacy and Security rules.  The OCR can now impose civil money penalties, issue subpoenas, and make exception determinations.  The delegation is effective immediately. See 74 FR 38630.

On April 17, 2009, HHS issued guidance specifying the technologies and methodologies that render protected health information unusable, unreadable, or indecipherable to unauthorized individuals, as required by the Health Information Technology for Economic and Clinical Health (HITECH) Act passed as part of the American Recovery and Reinvestment Act of 2009. The guidance was developed through a joint effort by OCR, the Office of the National Coordinator for Health Information Technology, and CMS.

I'm all for saving money and making things easier, at least when it doesn't publicize my Dr's finding from my latest physical.

M. Eric Johnson who is the director of the Center for Digital Strategies at Dartmouth College discovered a number of medical records available for public view during a two week study he completed in January for the Department of Homeland Security. Amazingly these files were available for the taking on peer-to-peer file sharing networks you and I would visit to download our favorite song.

By now you've probably heard the rumblings surrounding HIPAA and the new Stimulus Bill signed by President Obama on February 17, 2009.  If not, the effect the bill is going to have on business associates and covered entities is extensive.  Numerous changes will be made to their current policies and procedures.