Every covered entity requires periodic assessments and a set of policies & procedures to ensure HIPAA compliance.
A virtual assistant, or VA for short, is an administrator who performs their duties remotely instead of in your office.
Depending on the skill set you chose to hire, our VA’s can provide a wide range of customer service and medical services.
HIPAA compliance involves fulfilling the requirements of the Health Insurance Portability and Accountability Act of 1996, its subsequent amendments, and any related legislation such as the Health Information Technology for Economic and Clinical Health (HITECH) Act.
A covered entity is a health care provider, a health plan or a health care clearing house who, in its normal activities, creates, maintains or transmits PHI.
A “business associate” is a person or business that provides a service to – or performs a certain function or activity for – a covered entity when that service, function or activity involves the business associate having access to PHI maintained by the covered entity.
The Technical Safeguards concern the technology that is used to protect ePHI and provide access to the data. ePHI – whether at rest or in transit – must be encrypted to NIST standards once it travels beyond an organization´s internal firewalled servers.
The Physical Safeguards focus on physical access to ePHI irrespective of its location. ePHI could be stored in a remote data center, in the cloud, or on servers which are located within the premises of the HIPAA covered entity. They also stipulate how workstations and mobile devices should be secured against unauthorized access.
The Administrative Safeguards are the policies and procedures which bring the Privacy Rule and the Security Rule together. They are the pivotal elements of a HIPAA compliance checklist and require that a Security Officer and a Privacy Officer be assigned to put the measures in place to protect ePHI, while they also govern the conduct of the workforce.
The HIPAA Privacy Rule governs how ePHI can be used and disclosed. In force since 2003, the Privacy Rule applies to all healthcare organizations, the providers of health plans (including employers), healthcare clearinghouses and – from 2013 – the Business Associates of covered entities.
Covered entities are also advised to:
The HIPAA Breach Notification Rule requires covered entities to notify patients when there is a breach of their ePHI. The Breach Notification Rule also requires entities to promptly notify the DHSS of such a breach of ePHI and issue a notice to the media if the breach affects more than five hundred patients or to OCR if less than 500 patients.
Breach notifications should include the following information:
Breach notifications must be made without unreasonable delay and in no case later than 60 days following the discovery of a breach. When notifying a patient of a breach, the covered entity must inform the individual of the steps they should take to protect themselves from potential harm, include a brief description of what the covered entity is doing to investigate the breach and the actions taken so far to prevent further breaches and security incidents.
The HIPAA Omnibus Rule was introduced to address a number of areas that had been omitted by previous updates to HIPAA. It amended definitions, clarified procedures and policies, and expanded the HIPAA compliance checklist to cover Business Associates and their subcontractors.
The Omnibus Rule amends HIPAA regulations in five key areas:
Definition changes were also made to the term Business Associate, the term Workforce was amended to include employees, volunteers and trainees, and what material is now classified as Protected Health Information.
Social media has become a very powerful and valuable tool, whether for personal or business use. Also, nowadays, more often than not, people have the
There are many free email solutions available these days. @Gmail.com, @outlook.com. @yahoo.com amongst others. But did you know that using those emails for PHI (Protected
