Audit Log Monitoring: Tiresome But Oh-So-Necessary

audit-log-monitoring

Audit log monitoring is probably one of the most unsexy, uninteresting activities a healthcare organization or business associate has to do.  But neglect it at the risk of your solid bottom line and reputation. Last time we talked about how you can get into legal (and costly) hot water with badly aligned policies and procedures … Read more

Healthcare Organizations: What can get you into [costly] hot water?

healthcare org costly hot

For healthcare organizations and the businesses that support them, regulation and legislation too often turn into lawsuits and settlements. What’s happening to get you into trouble in the first place? How can you avoid the serious costs they bring – to the bottom line and to reputation? Here’s what Julia and I often see from … Read more

How the SHIELD Act Expands Legal Reach on Breaches

New York SHIELD Act image

Interested in some (thankfully) non-pandemic related news? New York State’s SHIELD Act is in effect as of March 21, 2020. The SHIELD Act (Stop Hacks and Improve Electronic Data Security Act) takes several actions, including: broadening the definition of “Private Information”, expanding the definition of breach, and expanding the reach of the law to include … Read more

When It’s OK to Share: OCR’s Novel Coronavirus Disease (COVID-19) Limited Waiver

OCR Limited Waiver HIPAA

Novel Coronavirus, aka COVID-19, is on track to stretch our healthcare system to the breaking point, and our healthcare providers along with it. In effect as of March 15, 2020, the OCR’s published a Limited Waiver of HIPAA Sanctions and Penalties that during this National Emergency could give care providers one less source of anxiety … Read more

What does the CCPA have to do with Policies & Procedures?

policies procedures CCPA

Compliance with CCPA is entwined with how you do business. Your business operations (the “how and what”) directly link to company policy, controls, processes: policies and procedures. You could say that the CCPA has everything to do with policies and procedures. Which is why you need to update yours – yesterday. Not convinced? Let’s go … Read more

Consumers in the Regulatory Driver’s Seat: Protecting Personal Data Privacy

protect personal data privacy

Consumers on the warpath to protect personal data privacy are making strides in state houses. For instance, here’s an update on Oregon’s Senate Bill 703 re selling health information. If you use Big Data at all, you’ve probably been following this Bill. It’s basically saying that anyone selling personal health information, although thoroughly de-identified, would … Read more

How You can Meet Compliance Challenges – and Investor Demands

growth and investor demands

From digital startups to financial firms, the ability to demonstrate information security per not only investor demands, but also board members and potential business partners, is widespread. As privacy and security consultants who also prep companies for certification, we’re seeing how the need for privacy and security compliance, long since a demand for healthcare, now stretches … Read more

Minor Privacy Rights: Where Feds & State Diverge

minor privacy laws

In most instances, HIPAA rules apply for adults and minors. That’s to say, the federal regulation sets the bar. HIPAA treats minors as adults when it comes to privacy rights if they’ve reached the age of informed consent except when state laws say otherwise. Some state laws permit or require disclosure to parents or guardians … Read more

Section 1557: Do you comply with the ACA’s Non-discrimination Requirements?

This week, new requirements under Section 1557 of the Affordable Care Act went into effect for certain health care and coverage providers. If you’re not familiar with Section 1557, it’s the non-discrimination part of the ACA and applies to: Any health program or activity, any part of which receives funding from HHS (such as hospitals that … Read more

Why the Apple vs FBI debate doesn’t have a simple answer.

Everyone has an opinion about whether or not Tim Cook, CEO of Apple, Inc., should cave to the demands of the federal government to decrypt the iPhone belonging to the San Bernadino shooter. No one likes the idea of terrorists living next door. We would all like to know what deep secrets and clues are … Read more