-
April 16th, 2006, 11:47 PM
#11
I'm not here to make things "easy"...
I'm a Brit to the core... swore my allegance to "Her Majesty Queen Elizabeth the Second, her Heirs and Successors" and will always maintain that... But having lived in the good ole US of A for 17 years I'm starting to get the hang of it...
So... Back to HIPAA...
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
April 16th, 2006, 11:55 PM
#12
im sorry I hijacked the thread... now I can rest easy knowing your political alliances lol
Tiger, one more post and your at 5K. congrats my friend
-
April 17th, 2006, 06:09 AM
#13
TigerShark: You have to state you are HIPAA compliant and that's really it... The problem comes if you lose some PHI,
Losing some PHI is only one aspect of this deal. There are other valid reasons to be audited other than losing info, of which I will relate further in this post.
85 percent of my clients are oral surgeons, dentists and doctors, so I have to deal with HIPAA in many places where I work and it's not losing PHI that we are worried about as much as it is valid/invalid client complaints/concerns that reach the ears of the HIPAA authority.
Seems everyone wants to sue someone, and since my clients look like the pot of gold they aren't, anybody with a trumped up complaint can attempt to bring down an inspection, if they know to whom to complain to loud enough.
Anyways, here is a excerpt from 45 CFR parts 160 and 164 (enforcement) from the Department of Health and Human Services.
The authority for administering and enforcing compliance with the Privacy Rule has been delegated to the HHS Office for Civil Rights (OCR). 65 FR 82381 (December 28, 2000). The authority for administering and enforcing compliance with the nonprivacy HIPAA rules has been delegated to the Centers for Medicare & Medicaid Services (CMS). 68 FR 60694 (October 23, 2003).
At present, our compliance and enforcement activities are primarily complaint-based . Although our enforcement efforts are focused on investigating complaints, they may also include conducting compliance reviews to determine if a covered entity is in compliance. When potential violations come to our attention through a complaint or a compliance review, OCR or CMS’s Office of HIPAA Standards (OHS), as appropriate, attempts to resolve the matter informally. Many such matters are resolved at the initial stage of contact.
Listed in this CFR are penalties per similar and unsimilar violations with total yearly penalties.
ZT3000
Beta tester of "0"s and "1"s"
-
April 17th, 2006, 08:11 AM
#14
//Thread hijack
Tex~ you seem to know very little?
I attach your proper flag, please correct your details accordingly...............
"Just when you thought that the Northern War of Economic Aggession was over"
-
April 17th, 2006, 08:14 AM
#15
Sorry, don't know how to do multiple attachments............if, indeed, it is possible?
Send Tiger~ some blue lupin seeds?
This one is politically correct they hope
-
April 17th, 2006, 10:19 AM
#16
it's not losing PHI that we are worried about as much as it is valid/invalid client complaints/concerns that reach the ears of the HIPAA authority
ZT: Absolutely... Primarily the complaint is usually going to come from the client simply because, in the vast majority of cases the HIPAA compliant entity will be the last to know that data has gone "walkies". The fun thing about it though is the way the regulations are written. There is practically nothing said about how you must protect PHI - it's almost all left to the entity to determine what should be done - which could be a recipe for disaster given a Doctor with no computer knowledge and the ability to read the regs...
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
April 17th, 2006, 01:49 PM
#17
The company I work for has products in multiple countries and use Safe Harbor instead of HIPAA. From what I have experienced Safe Harbor is more stringent especially when it comes to personal data.
My experience has been more directly with the data and when having to sending it to external companies for testing purposes. All of the personal information had to be removed (i.e. initials) or changed (i.e. birth date, study identifier and other certain dates which could link a person to a specific visit).
When sending the data out I had to send it on a CD-R since they wouldn't allow it to be sent over an email (even over a secured connection). The data had to be in an encrypted zip file and the password was sent separately. Both were sent via Fed-Ex after it was approved by our Safe Harbor representative. This was done even with a confidentiality agreement with the companies in question.
For internal use it didn't have to be as "scrambled" but there still was some level and again it had to be approved before it could be sent/used to the department.
Like HIPAA the tech side isn't clearly defined and left to mainly open to interpretation by the company representatives.
"Security. The Directive requires that "appropriate technical and organizational measures to protect data" against destruction, loss, alteration, or unauthorized disclosure or access be taken(Article 17)."
Safe Harbor
Wise men talk because they have something to say;
fools, because they have to say something.
Plato
-
April 17th, 2006, 09:25 PM
#18
**MOVED**
I placed this thread in regulatory compliance.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
December 7th, 2009, 06:17 AM
#19
-
June 11th, 2013, 03:32 PM
#20
Junior Member
I worked with HIPAA in the healthcare industry, and everyone is really concerned because if any patient data becomes public, then the hospital, doctors and other can be fined or sued. Most people I worked with take HIPAA very seriously.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|