New Guidance From OCR

As promised the Office for Civil Rights has begun releasing guidance with respect to the new provisions under the Omnibus Rule.  This week they issued a new template that incorporates changes to the Notice of Privacy Practices.  Organizations can download this from their website and use it to develop their own updated version.  Today they released guidance for three other provisions of the Omnibus Rule; guidance for prescription refills and other biologics, guidance for release of decedent information and guidance fore student immunizations.  This guidance is developed to clarify the marketing exception around receiving remuneration for refills of existing prescriptions and other biologics, for release of decedent information to those involved in the care or payment of care for a person at the end of their life and for allowing health care entities to release proof of student immunizations when required by state law and with parental or guardian consent.  Organizations need to update their Privacy policies for these important provisions and this guidance can assist identifying appropriate changes.  Further guidance around compromise, minimal necessary, etc. is expected out as well.

Join Us for Free Lunch and HIPAA Updates in Los Angeles & Portland Areas

Marina del Rey, May 30th 11am – 2pm CDT | Portland, Oregon, June 3rd 11 am – 2pm

CynergisTek invites all healthcare IT professionals to a half day seminar with FREE lunch and HIPAA compliance updates in the Los Angeles and Portland, Oregon areas. Both events will look at the new era of HIPAA compliance.

Continue reading →…

Business Associate Tips

Complying with the Omnibus Rule

 

Healthcare Info Security recently featured Mac McMillan’s advice for Business Associates (BAs).  McMillan first addresses that the recent Omnibus Rule defines BAs as “anyone who receives, creates, maintains or transmits protected health information on behalf of a covered entity” and that means BAs are now responsible to comply with the HIPAA Security Rule and several provisions in the HIPAA Privacy Rule.   McMillan reminds us that BAs only have until September 23 to be prepared for enforcement.

McMillan advises that BAs should conduct a risk analysis under the HIPAA Security Rule.  BAs need to conduct the analysis to identify issues in policies and procedures.  Addressing the issues is a stride towards a successful and well-defined security program.  He also suggests that educating and training staff on their responsibilities is also key to assuring an effective security program.  McMillan provides insight that BAs can find guidance on how to conduct a risk analysis through Office for Civil Rights (OCR) website, as well as North Carolina Healthcare Information and Communications Alliance’s website.

Next, McMillan advises BAs to prepare for having to respond to breaches.  Now under the Omnibus Rule BAs will have to notify their covered entity of any loss of personal health information (PHI).  He points out that when a BA has an incident, they should consider the severity of the incident based upon what information was lost, who obtained/received the info and any other factors that could reduce the risk of compromise.  They will need to analyze this info and document their decision of whether to notify or not.

To read the entire article visit Healthcare Info Security’s site.

CynergisTek Sees Record Growth

Growth Due to Increased Regulatory and Enforcement Activity & Increasing Awareness of Strategic Value of Investing in Security

 CynergisTek, announced  that the company achieved the highest annual revenue to date with 24% growth in 2012. The company believes that increasing regulations and enforcement of penalties combined with the company’s ongoing involvement in industry associations and publications aided this growth. As a result, in 2012 CynergisTek expanded its partnerships, signed new clients and added new staff resources.

CynergisTek is projecting growth to continue in 2013, with first quarter (Q1) new revenue already coming in up 421%, compared to Q1 2012. The company associates the stellar growth with new regulatory demands, including Centers of Medicare & Medicaid Services (CMS) Meaningful Use audits and the Office of Civil Right (OCR) HIPAA Audit Program, creating an increased need for comprehensive privacy and security solutions.

Continue reading →…

CynergisTek to Exhibit at HCCA

CynergisTek and Partners to Focus on New Regulatory and Security Requirements at HCCA Annual Compliance Institute 

CynergisTek™ will be exhibiting in booth 320 at the Health Care Compliance Association (HCCA) Annual Compliance Institute on April 21-24, 2013 in National Harbor, MD. CynergisTek will focus on best practices and solutions for audit preparedness, privacy monitoring and business associate management.  Several of CynergisTek’s partners, including Iatric Systems, Inc. (booth #509), Blass Compliance, LLC – ComplyAssistant (booth #708) and Zix Corporation (booth #901) will also be exhibiting at the conference.

HIPAA’s mounting regulations and enforcements, OCR’s audit program and the final Omnibus Rule are brining a renewed focus to information security in healthcare, urging provider organizations to examine security policies and practices from multiple standpoints. CynergisTek and its partners offer industry expertise and solutions for ensuring that healthcare organizations, business associates and other covered entities sharing protected health information (PHI) are taking the proper security measures to effectively manage their risk and meet compliance mandates.

“The healthcare industry is facing some of the greatest compliance and security expectations we have seen to date,” said Mac McMillan, CEO, CynergisTek. “Given the recent emphasis on regulation and enforcement, and the various compliance audits, providers are being forced to address the gaps in their security programs and bolster their infrastructure to ensure compliance.”

“With the Omnibus Rule now in effect, it is more important than ever for provider organizations to proactively manage their extended risk around their business associates,” said Gerry Blass, President and CEO, Blass Consulting & Compliance. “It is clear from the prevalence of data breaches and hacking incidents that organizations need guidance in assessing and addressing the IT security risks that exist beyond the four walls.”

“As regulatory demands around patient privacy become increasingly complex, providers are realizing the need for expert, outsourced support,” said Rob Rhodes, Senior Director of Patient Privacy Solutions, Iatric Systems. “Demonstrating compliance today is no easy task, and compliance staff are finding themselves overwhelmed with the level of risk analysis, audit maintenance and security monitoring that is required to ensure patient health information is adequately protected in today’s digital landscape.”

Representatives from CynergisTek, Iatric Systems, Blass and ZixCorp will be available at the conference to provide a more detailed overview of the regulatory and compliance challenges facing provider organizations today.

Upcoming Event -MT HIMSS Conference

 

 

CynergisTek’s CEO Mac McMillan Featured as Keynote Speaker

 

The Montana HIMSS chapter is hosting their Second Annual Spring Convention & Trade Show on May 2-3 in Billings, Montana. The event will hold a tradeshow and several educational sessions and networking opportunities. Mac McMillan will open the conference with his educational session, “Game Changers: Understanding the Impacts of the Final Omnibus Rule & OCRs Random Audits. During the presentation, McMillan will review the changes that the Omnibus rule imposes on Covered Entities and now Business Associates. Then he will present the analysis from OCRs initial random audits,  the lessons learned and provide insight on the future of the audit program.

For more information on the event, or to register, click here to visit the Montana HIMSS chapter website.