Gmail, Google Apps for Business HIPAA Business Associate Agreements

The Health Insurance Portability and Accountability of Act demands that all HIPAA covered businesses prevent unauthorized access to “Protected Health Information” or PHI. PHI includes patients’ names, addresses, and all information pertaining to the patients’ health and payment records. According to the Department of Health and Human Services, “HIPAA Rules apply to covered entities and business associates.” Complete compliance with HIPAA guidelines requires implementation of basic and advanced security measures. Basic security includes benchmark-based password creation and use, personnel education and training, limited access to PHI, data encryption, use of firewalls, antivirus software, and digital signatures. With increasing adoption of electronic medical records and cloud-based software-as-service (SaaS), advanced security measures are necessary. Google’s Business Associate Agreement, introduced in September 2013, offers HIPAA compliant online services for covered entities.

Five Steps to HIPAA Security Compliance

Lack of compliance to the HIPAA security standards could lead to large fines and in extreme cases even loss of medical licenses. Several steps can be followed by medical practices to ensure compliance to HIPAA standards.

Don’t Overthink HIPAA Privacy Rules

Ever since HIPAA Privacy Rules became finalized law in 2003, many healthcare practices have been anxious and fearful of penalties should they interpret the law incorrectly and be out of compliance. Non-compliance fines can be hefty, so it is understandable why many providers practice with apprehension. HIPAA rules have brought a needed awareness for patient privacy, but at the same time much of the law is hazy with areas often needing legal interpretation.

HIPAA Compliance: Let’s not Forget the Dental Office

Dentists who realize the importance of training their staff regularly and making sure new hires are immediately well-informed and proficient in HIPAA law are much less likely to have any reported complaints or fail an audit. HIPAA training is crucial, not just because the office could be substantially fined if not in compliance, but because it is essential to protecting their patient’s private health information.

HHS Publishes Technical Corrections to January 25, 2013, HIPAA Privacy, Security, and Enforcement Rules

June 7, 2013. Today, HHS published in the Federal Register “Technical Corrections to the HIPAA Privacy, Security, and Enforcement Rules” that were published on January 25, 2013, as the Final Rule: “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules.”

HIPAA Final Rule: Today is Effective Date–Covered Entities and Business Associates Have 180 Days to Comply

March 26, 2013. Today is the first big milestone since publication in the Federal Register on January 25, 2013, of the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules. Today is the effective date of the Final Rule, and covered entities and business associates must comply by September 23, 2013.

HIPAA Final Rule: Notice of Privacy Practices for Protected Health Information: Provision of Notice (2)

March 25, 2013. Today, we continue going through the HIPAA Privacy Rule, section by section, as modified in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Tomorrow, March 26, 2013, is the effective date of the Final Rule.

HIPAA Final Rule: Notice of Privacy Practices for Protected Health Information: Content of Notice (1)

March 22, 2013. Today, we continue going through the HIPAA Privacy Rule, section by section, as modified in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. On Monday, March 25, we present 45 CFR 164.520(c): Implementation specifications: Provision of Notice.

HIPAA Final Rule: More on Uses and Disclosures of Protected Health Information of Decedents

March 13, 2013. Today, we continue going through the HIPAA Privacy Rule, section by section, as modified in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Tomorrow, we begin two days presentation of modifications to the Notice of Privacy Practices for Protected Health Information.