An organization’s approach to governance, risk, and compliance can have a huge effect on business. In today’s world of cyber breaches and ransomware attacks on companies of all sizes and scope, organizational leaders must work together to ensure their approach to GRC is intact.
In the 70s and 80s, healthcare organizations started to migrate their patient management information from hard copy to electronic, either on shared mainframes such as SMS and McAuto or on microprocessors. The user workstations had no intelligence and were known as “dumb terminals.” There were limited locations of electronic identifiable health information. There was no motivation to sell identifiable health information.
President and CEO Gerry Blass sat down with Journal of AHIMA senior editor Mary Butler on a recent episode of the Hi Pitch Podcast to talk about the 21st Century Cures Act Information Blocking Final Rule and the eight information blocking exceptions. Blass was joined by attorney Helen Oscislawski, who spoke to the challenges her clients have faced as they prepare to comply with the rule, which goes into effect on April 5th.
In this episode of Digital Checkup, Bill Siwicki asked Gerry Blass about the new Health Industry Cybersecurity Practices (HICP) Final Rule.
A February 1 article published in Briefings on HIPAA focuses on recent findings from the Office for Civil Rights’ much-anticipated 2016-2017 HIPAA Audits Industry Report released in December 2020. The article shines light on some of the flaws and challenges in the way patient access to information has been handled over the years.
We know. It can be difficult to find accurate and consistent information on HIPAA and the temporary changes due to COVID-19. To that end, we’ve put together a timeline and brief descriptions of the notifications and guidance issued by the OCR during the COVID-19 public health emergency.
Originally designed as part of HITECH to encourage providers to adopt electronic health records (EHRs), meaningful use was a means to an end – towards improved population health and better patient care among fragmented providers. The program prioritized five pillars of health outcomes:
The General Data Protection Regulation (GDPR) is the European Union (EU) regulation on privacy and security of personally identifiable information (PII). It goes into effect on May 25, 2018. This blog provides an important comparison between GDPR and HIPAA.
The HITECH-OMNIBUS final rule stepped up the requirements and for both CEs and BAs and both must now include the new requirements in their information privacy and security risk analysis and management program.
Based on prior statements from the OCR and their recently distributed survey, the pool of audit candidates will be approximately 800 to start. These randomly selected organizations will be chosen using the National Provider Identifier database and other external sources.