{"id":734,"date":"2013-08-01T01:15:42","date_gmt":"2013-08-01T05:15:42","guid":{"rendered":"http:\/\/162.144.41.148\/~msinc\/__production\/website\/?p=734"},"modified":"2013-08-01T01:15:42","modified_gmt":"2013-08-01T05:15:42","slug":"medicus-solutions-hipaa-security-series-volume-1","status":"publish","type":"post","link":"http:\/\/162.241.140.166\/~msinc\/newsletter\/medicus-solutions-hipaa-security-series-volume-1\/","title":{"rendered":"Medicus Solutions HIPAA Security Series – Volume 1"},"content":{"rendered":"

Over the past few months, Medicus Solutions has received a number of questions from our practices over the release of the new security rules.\u00a0 Because of this, we are releasing our HIPAA Security Article Series over the next eight (8) weeks.\u00a0 The intent of these articles is to educate practices on what they should be doing and provide information on how Medicus Solutions is addressing HIPAA security for our clients.\u00a0 We have added a count-down timer with the Omnibus Rule compliance date for your convenience.\u00a0<\/p>\n

[ujicountdown id=”Time Remaining until New HIPAA Compliance Required” expire=”2013\/09\/23 00:00″ hide = “true”]<\/p>\n

 <\/p>\n

Medicus Solutions HIPAA Security Article Series (1 of 8)<\/span><\/b><\/p>\n\n\n\n
\n

HIPAA Security:\u00a0 What you should know!<\/i><\/b><\/p>\n

\u00a0<\/i><\/b>\u2026..\u00a0 Over the years, there really hasn\u2019t been an enforcement body, or at least never one with a presence which has been seen. \u00a0The HIPAA Privacy and Security final rule, also known as the HIPAA Omnibus Rule, has been put in place by The Department of Health and Human Services (HHS) and the Office of Civil Rights (OCR) who are enforcing HIPAA security.\u00a0 The Omnibus Rule went into effect March 26, 2013, and compliance is required no later than September 23, 2013. \u00a0Below is part of an article on HealthcareITNews.com<\/i> in reference to the HIPAA Omnibus Rule.
<\/i><\/b><\/p>\n<\/td>\n

\n

\"HIPAAPrepare\"<\/a><\/i><\/b><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u00a0\u201cAccording to Jorge Rey, an associate principal and the director of information security and compliance for Kaufman, Rossin, the biggest difference in the new rule is a change in breach notification. Under the old rule, providers were presumed innocent of harming patients when a breach occurred \u2013 until they proved otherwise. Under the new rule, providers are presumed guilty of harming patients when data is breached. They will have to prove their innocence.\u00a0 According to Rey, OCR has already prosecuted five covered entities, with the settlements ranging from $50,000 to $1.7 million. The smallest OCR enforcement action involved the breach of fewer than 500 records. \u201cI think they are putting out the message that they are serious about enforcement. They are going after small and large cases,\u201d Rey says\u2026.He said he had received emails from OCR indicating the agency is starting to hire enforcement officials. \u201cThere\u2019s going to be a lot of enforcement going forward,\u201d he says\u2026The main reason covered entities ran into big problems with OCR last year, was they didn\u2019t conduct risk assessments,\u201d he says. \u201cProviders should identify all of their vendors with access to personal health records and ensure they are protecting it according to the new HIPAA rule\u201d.<\/i>1<\/sup><\/p>\n

There is a lot of information to process.\u00a0 Below we are going to bullet out each item in an effort to make it easy to follow the topics and make any action lists which you need.\u00a0 These items are items you should start to do immediately.<\/p>\n

What do you need to know?<\/span><\/b><\/p>\n