This year is off to quick start for those of us tracking HIPAA news as the Office of Civil Rights deals with the departure of its director. Addionally, Healthcare IT News reports that 2013 was a big year for HIPAA privacy breaches, right up to the end of December. In other news, IT leaders discuss the importance of audits when it comes to digital security and HIPAA compliance.
This week's Clinical Documentation News Roundup Brings you the latest information on HIPAA violations, security issues and updates.
- OCR Director Leon Rodriguez’s Departure Leaves Large Void from Health IT Security: “A few federal government employees played musical chairs of sorts this week and the upheaval will have a major impact on healthcare IT security in 2014. Office for Civil Rights (OCR) Director Leon Rodriguez will leave his position to fill Alejandro Mayorkas’s role as director of the United States Citizenship and Immigration Services (USCIS). Rodriguez had been the OCR Director since 2011 and was previously Chief of Staff and Deputy Assistant Attorney General for Civil Rights at the Justice Department. His departure creates problems for OCR in that it will be lacking that centralized figure as it prepares for much-discussed 2014 HIPAA audits.”
- 4-Year Long HIPAA Breach Uncovered from Healthcare IT News: “In the world of HIPAA privacy and security breaches, 2013 was a big year, and the last days of December proved no exception. The five-hospital Riverside Health System in southeast Virginia announced earlier this week that close to 1,000 of its patients are being notified of a privacy breach that continued for four years. From September 2009 through October 2013, a former Riverside employee inappropriately accessed the Social Security numbers and electronic medical records of 919 patients. Reportedly, the employee was a licensed practical nurse, according to a Daily Press account. The breach wasn't discovered until Nov. 1 following a random company audit.“
- Four Reasons Why Audits Matter from Net Security: “In light of numerous security breaches that appear almost daily, it is easy to understand why clients, management, and boards of directors need additional assurance on the reliability and security of the information they report to stakeholders, customers, partners, and management. So how do these stakeholders gain the confidence in their systems? In short, formal independent third-party audits of key systems and controls are a step in the right direction. Federal and state governments also recognize the need for companies to strengthen their systems of internal controls. We see this with various state-specific privacy regulations and national regulations impacting financial reporting and healthcare (e.g. the Sarbanes-Oxley Act and HIPAA/HITECH respectively). Industry is also incented to improve assurance as shown by the PCI DSS Standard as well as the participation of multiple ‘critical sector’ organizations with the forthcoming NIST Cybersecurity standard.”
- Healthcare Tech Leaders Share New Year's Resolutions from Information Week: “In 2014, healthcare technology leaders will be wishing, and working, for improvement in the healthcare system and the technologies to support it. According to John Halamka, CIO of Beth Israel Deaconess Medical Center Halamka, '2014 will be a turning point for healthcare IT as we finish a large number of regulatory mandates -- ICD10, Meaningful Use Stage 2, HIPAA Omnibus Rule, and Affordable Care Act requirements. We'll be able to focus on a number of breakthrough innovations including Google Glass in the emergency department, patient/family dashboards in the ICU, and novel applications of natural language processing to improve the quality of medical records as they are created.'"
- Building a HIPAA-Compliant Security Program: Best Practices from Health IT Security: “Dave Newell, Director of CTG’s Security Solutions Practice, HIPAA concerns and uncertainty is cyclical and something the healthcare industry has gone through before. With 18 years of experience as an information security and IT architecture consultant for small and large organizations, Newell offers some best practices for HIPAA compliance. ‘When we go in and work with providers on security, we’ll evaluate their security program not just from a HIPAA compliance standpoint, but we’ll use something like ISO27001, which is an international standard that was designed to tell an organization how to design, build and improve a security program. This is what hospitals should want to do – HIPAA compliance should happen along the way because you have a good security program. Many organizations have policies and procedures in place, but not much in the way of process, so they’re really not very good at being secure.’”
If you need more information about HIPAA compliance and the risk assessment requirement, watch our recent webinar "HIPAA Risk Assessment: What You Need to Know."
Logan Solutions uses a combination of clinical practice expertise and technological skill to help physician practices throughout the U.S. implement, customize and improve their ERM and Dragon Medical software systems. Contact us to find out how our clinical-practice expertise can help your practice with its clinical documentation software needs.