HIPAA

Test staff knowledge of HIPAA with these questions.

Would all your staff members know what to do if their laptop computers were lost or stolen?

If healthcare organizations take a lesson from Blue Cross Blue Shield of Tennessee's (BCBST) $1.5 million settlement for its 2009 HIPAA breach, it's that they should wake up and pay attention to where their ePHI is contained and stored, says Ali Pabrai, MSEE, CISSP, CSCS.

Healthcare organizations could see the long-awaited final rules for HIPAA/HITECH before the end of June.

With 20 initial "trial" audits completed, OCR ­expects to move forward with another 95 audits to ­measure HIPAA compliance before year's end, said ­Susan ­McAndrew, JD, OCR's deputy director for health ­information privacy. This represents a reduction in the number of audits (150) that were originally planned for 2012.

Sure, you understand the value of investing in improvements that will better protect your organization's PHI. But do the senior leaders who actually hold the purse strings get it?

Q. Please explain in an understandable way for nontechnical individuals what level of encryption is needed for e-mail to be considered secure as defined in the interim final breach notification rule.

All covered entities (CE) face the question, “Will the data be there when I need it?”

How well you train your workforce members will determine whether you score points or encounter problems during a HIPAA compliance audit.

Mac McMillan, CISSM, has an insider’s look at what it’s like to undergo a HIPAA compliance audit.