Even if you were in violation of HIPAA, the odds of being fined is 0.
http://www.realtime-itcompliance.com/laws_regulations/2008/05/hipaa_complain
ts_and_associate.htm
"Over the last five years, the OCR "resolved" 25,536 complaints out of
32,595 complaints received, from April 14, 2003 through December 31, 2007,
alleging violation of HIPAA...
The agency has not imposed civil money penalties on any CE (providers,
payers, and clearinghouses) as a result of corrective action it has taken
during this period."
-----Original Message-----
From: Steven Peck [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 13, 2008 9:21 AM
To: NT System Admin Issues
Subject: Re: Hippa Compliance Checklist
Consultants make money based on experience and advice. HIPAA doesn't
currently have case law behind it and therefore most businesses do not
want to be the first John Doe vs SomeCompany, inc which will then be
quoted in the news and courts for the next 20 years.
HIPAA is complex. There are distribution lists that specialize in
this type of regulation floating around. It is also a pain and there
is much conflicting and competing information out there.
Steven
On Tue, Aug 12, 2008 at 6:26 PM, <[EMAIL PROTECTED]> wrote:
Dave,
We do a lot of IT work for Doctor offices and organizations connected to
hospitals and such. We have a document they all had to sign saying that
we
are not responsible for identifying or resolving issues related to HIPAA
compliance, because of these very issues. We make recommendations that
from
the IT side help with security and establish a IT Secure framework to
build
on, but the responsibility and liability is squarely with the offices to
determine what they have to do to be compliant. Most offices simply will
not pay the money to do what is needed.
If you are set in this venture, first get legal counsel to draft a
proposal
that says while you are here to consult and provide guidance that
ultimately
you are not responsible for anything regarding HIPAA directly. Here is
the
reason. HIPAA is so grey that if the office fails to follow a process,
break a rule, etc and they are facing civil/criminal (Which means paying
dollars) you will be the fall guy..ALWAYS..
It's the same concept of tape backup. We install the solution, train
them,
but we are not responsible for their data if they don't check the status
of
their backup or fail to swap their tapes. How can you be responsible for
what they do or don't do. You can't..Get it in writing.
2. There is no standard form or process that works. Every environment is
different; apps, connections, types of service( Billing, Financial,
service) and it even gets more specific based on types of billing and
service.. Yet all in a strangely gray haze that really just means spend
money....
Good luck, I would have a root canal every day of my life than maintain
compliancy with HIPAA regs and reconcile those with doctors...
Greg
From: Jon Harris [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 12, 2008 3:36 PM
To: NT System Admin Issues
Subject: Re: Hippa Compliance Checklist
Agreed that is why I refuse to do that work.
Jon
On Tue, Aug 12, 2008 at 2:13 PM, Ziots, Edward <[EMAIL PROTECTED]>
wrote:
HIPAA compliance is a lot more than a checklist it's a process, and you
need
to know what policies and procedures that the doctor has in place along
with
the practices of the partners that that doctor associates with.
There are two major pieces of HIPAA you need to deal with the Privacy
Section, and the Security Section. A lot of it is vague, and not clear
cut.
There are some good to do or consider, but I will tell you that
information
disclosure ( unencrypted hardware being used to store patient info) will
get
you in trouble, also privacy issues. Again I am going to say this loud and
clear its not a checklist it's a process, and it isn't for the faint of
heart.
Z
Edward E. Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP,Security+,Network+,CCA
Phone: 401-639-3505
________________________________
From: Jon Harris [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 12, 2008 11:26 AM
To: NT System Admin Issues
Subject: Re: Hippa Compliance Checklist
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
