Tuesday, December 18, 2012

HIPAA: What to do before the office for civil rights comes knocking: parts I and II

http://www.ncbi.nlm.nih.gov/pubmed/22834177


 2012 May-Jun;27(6):337-40.

What to do before the office for civil rights comes knocking: part I.

Cascardo D.

Source

The Cascardo Consulting Group, USA. dcascardo@aol.com

Abstract

A comprehensive privacy and security program consists of written policies, standards, training, technical and procedure controls, risk assessment, auditing and monitoring, and the assignment of privacy- and compliance officers who are responsible for the management of the above. The privacyofficer serves as the central person who is responsible for overall coordination of policies and procedures of the organization. Entities subject toHIPAA should also review their employee training programs, and determine whether it is time for updated training. The current privacy and security rules require covered entities to train workforce members as well as provide periodic security reminders. It is critical to sensitize employees to the potential consequences of improper uses or disclosures of PHI. As illustrated in this article, PHI must be handled with great care, and entities must respond to OCR inquiries adequately. Increased enforcement activity reemphasizes the need to take HIPAA compliance seriously.

...................................................................................................

http://www.ncbi.nlm.nih.gov/pubmed/23167021

 2012 Sep-Oct;28(2):87-90.

What to do before the office for civil rights comes knocking: Part II. Coping with breaches, enforcement, and other fallout of HIPAA: the significance of harm.

Cascardo D.

Source

The Cascardo Consulting Group, USA. dcascardo@aol.com

Abstract

Physicians and their lawyers must review business associates that are subject to HIPAA and must revisit their HIPAA privacy and security efforts to comply with the new rules. In particular, they must: (1) review and revise their HIPAA privacy and security notices, policies, administrative materials, and training manuals; (2) review, negotiate, and revise their business associate agreements; and (3) train any employees who have access to PHI with respect to the changes to HIPAA's rules as a result of ARRA.





Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)