Call Us Today 314-272-2600 | Support@HIPAAtrek.com

Resources

HIPAA Breach Notification: Who, When, and How

HIPAA Breach Notification: Who, When, and How

You already know that the HIPAA Breach Notification Rule requires you to notify all individuals whose protected health information (PHI) is compromised in a breach. But who else needs to be notified, and how? When do you have to send breach notification letters? Your breach notification requirements are determined by the overall level of risk caused by the breach. We’ve looked at the four-factor breach risk assessment that you used to find the probability that PHI was compromised. If you found the risk to be greater than low, then it’s time to send out notifications. This post will cover how...
Read More
What is a Four-Factor Breach Risk Assessment?

What is a Four-Factor Breach Risk Assessment?

You don’t need to be a healthcare professional to know that data breaches have plagued the industry for years. A breach is an impermissible use or disclosure that compromises the privacy or security of protected health information (PHI). According to the HIPAA Breach Notification Rule, you have to notify all individuals whose PHI is compromised in a breach. However, not all breaches are created equal. Depending on the risk level, you may not have to notify affected parties. So, how do you find out the extent of a breach and your notification responsibilities? First, before you start reporting every possible...
Read More
Top 3 Insider-Caused Data Breaches and How to Prevent Them

Top 3 Insider-Caused Data Breaches and How to Prevent Them

In Verizon’s 2018 Protected Health Information Data Breach Report, researchers found that nearly 58% of healthcare security incidents involved insiders. Healthcare staff, for various reasons, often violate HIPAA and cause data breaches that compromise protected health information (PHI), resulting in great loss for their employer. Healthcare is the only industry in which internal actors are the greatest threat. In other words, healthcare organizations can be their own worst enemy. Verizon’s report identified the top three (largely internal) causes of data breaches: Human error (33.5% of cases) Intentional misuse (29.5% of cases) Physical loss (16.3% of cases) This post will investigate...
Read More
Myth vs. Fact: HIPAA Compliance Implementation

Myth vs. Fact: HIPAA Compliance Implementation

Health care providers must put HIPAA rules into practice, but the law doesn’t say how. Since the HIPAA privacy rule and security rule came into effect in April 2003 and 2005 respectively, health care providers have searched for HIPAA compliance implementation solutions. Many vendors claim to offer a one-and-done solution. For example, a cloud-based service provider might lead you to believe that because their service is secure you don’t need to conduct a security risk analysis. But you do. Therefore, knowing fact from fiction can help you avoid the pitfall of relying on vendors to make you HIPAA compliant. HIPAA...
Read More
Myth vs. Fact: Security Risk Analysis

Myth vs. Fact: Security Risk Analysis

As a company that handles protected health information (PHI), HIPAA requires you to analyze how you manage risks to your PHI. This is known as a security risk analysis (SRA). The U.S. Department of Health and Human Services says risk analyses are vital to HIPAA compliance. But how often do you need to conduct one, and what does an analysis involve? What is a HIPAA Security Risk Analysis? HIPAA says the following: §164.308(a)(1)(ii)(A) Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered...
Read More
Myth vs. Fact: HIPAA-Compliant Communication

Myth vs. Fact: HIPAA-Compliant Communication

Careless communication can get HIPAA-covered companies into a world of trouble. Nevertheless, many health care professionals fail to secure protected health information (PHI) in their communication. Unsecured messages put your organization at risk. An unauthorized user could get ahold of the device, a user could copy or screen capture information, or a hacker could access unencrypted messages through public Wi-Fi. Therefore, to avoid these dangers, you must choose HIPAA-compliant communication. But what types of communication are HIPAA compliant? There are many myths about communicating PHI that you should be aware of. Let’s look at a couple common ones and see...
Read More
Myth vs. Fact: HIPAA Training Requirements

Myth vs. Fact: HIPAA Training Requirements

HIPAA law is a complex world of “dos,” “don’ts,” and grey areas. You know HIPAA training is required by law, but you may feel unsure exactly how and when you’re supposed to train your staff. What makes it worse is that many vendors mislead HIPAA-covered companies in order to sell a product, such as HIPAA training programs. But you can’t rely on vendors to tell you what you need to do for your staff. Therefore, making good decisions starts with knowing truth from fiction. In fact, you may find that HIPAA allows for more flexibility than you once thought. What...
Read More
HIPAAtrek a Finalist for the Arcus Award for Achievement in Health

HIPAAtrek a Finalist for the Arcus Award for Achievement in Health

"The St. Louis Regional Chamber hosts the Arcus Awards...celebrating the achievements of companies and leaders they say are making the St. Louis region a more attractive place to live, work and invest." Read the story here.
Read More
Phishing: Don’t Take the Bait

Phishing: Don’t Take the Bait

Because healthcare organizations hold a wealth of sensitive information, they’ve been prime targets of phishing attacks for years. In a 2018 report by Merlin International, 62% of respondents (healthcare organizations) had experienced a cyberattack in the last year, half of which resulted in lost healthcare data. Furthermore, up to 91% of cyberattacks can be traced to phishing emails. In phishing scams, hackers masquerade as legitimate sources that you’re familiar with and trust. They trick you into handing over your credit card number, bank account number, social security number, passwords, and more. Hackers may steal your information, money, and identity, or...
Read More

Target Trouble Areas with HIPAA Training

A little oversight can lead to a lot of trouble. Employees who aren't prepared to securely handle patients’ protected health information (PHI) can accidentally cause breaches and leak tens to millions of private records. Why does this happen? In many cases, managers fail to train their staff in HIPAA compliance. HIPAA compliance training shouldn’t simply check the box and call it a day. Training must be ongoing, detailed, and tailored for each department. With regular training, managers can address risk areas as they arise, from a lack of breach preparedness to improper use of the nurse’s station white board. Detailed...
Read More
HIPAA Compliance Efforts: Planning for the Worst and Hoping for the Best

HIPAA Compliance Efforts: Planning for the Worst and Hoping for the Best

Planning your HIPAA success is probably the last thing on your mind. As a busy healthcare professional, you deal with multiple roaring fires all day long every day. Because you are so busy, it is easy to put off HIPAA compliance and simply hope for the best. What you may not realize is your burning compliance ember can quickly become an uncontrollable forest fire. Hoping for the best with your HIPAA compliance program has several problems: The Office of Civil Rights (OCR) is conducting audits to ensure compliance Healthcare breaches are on the rise resulting in costly fines It is...
Read More
Is Your ePHI Encrypted?

Is Your ePHI Encrypted?

You know that you have to secure your Protected Health Information. You also know that you should encrypt your PHI. But, do you know how expensive not having your PHI encrypted can be? Do you know the steps you should take to encrypt your devices and systems? The University of Texas MD Anderson Cancer Center (MD Anderson) knows exactly how expensive it is to fail to encrypt. MD Anderson experienced multiple HIPAA violations recently: Theft of an unencrypted laptop from a private residence of an employee Two losses of unencrypted USB thumb drives Because of these violations, MD Anderson was...
Read More
How to Secure Your Workstations

How to Secure Your Workstations

A vital step to protect patient information is to secure the tools you use to access, store, and transmit that information. Workstations are a major access point to your organization’s electronic protected health information (ePHI). Therefore, if you don’t properly secure your workstations or train your staff to use them securely, your workstations could become a liability. Set Workstation Safeguards You can secure your workstations with a few simple steps: Enable access control to restrict who or what can access ePHI. Set workstations to logoff or switch to screensavers in 15 or fewer minutes. Patch software regularly to improve security,...
Read More
HIPAA Tip: Password Security

HIPAA Tip: Password Security

An employee complains about having to change their password yet again. After minutes spent crafting the new password, they jot it down on a sticky note and stick it to their monitor. Sound familiar? Creating and remembering complex passwords is the bane of healthcare employees, who deal with many programs and networks related to patient care throughout the day. Some password practices, like the one above, are easy and tempting. After all, isn’t it okay to take a shortcut if it helps your workflow? However, the price of convenience can be steep. Careless password practices often violate HIPAA’s security requirements,...
Read More
Can I Text or Email Patient Information?

Can I Text or Email Patient Information?

Sending texts and emails is a part of everyday life. Most organizations use one or both to communicate inside the organization and with clients. But when you handle electronic protected health information (ePHI), texting and emailing may be risky. Regardless, 73% of healthcare professionals use text messaging to send ePHI, and 98% rely on email to communicate internally and externally. Texts and emails are easy and convenient, but are they legal? Is Texting/Emailing Patient Information Ever OK? Texting or emailing patient information is a legal gray area in many cases. HIPAA requires you to securely transmit and store ePHI, and...
Read More
How to Safely Manage Your Mobile Media

How to Safely Manage Your Mobile Media

Mobile devices are commonplace in modern offices. As a covered entity (CE) or a business associate (BA), you will undoubtedly have mobile devices and media to manage. Electronic protected health information (ePHI) is not only on your desktop computer but may be on many devices, from laptops to thumb drives and from smartphones to external hard drives. However, these smaller devices can easily leave the building, sometimes by accident. This puts your organization at risk of a privacy breach. As a CE or BA, you are responsible for maintaining the confidentiality, integrity, and availability of ePHI. Therefore, you must be...
Read More
When Can I Disclose PHI?

When Can I Disclose PHI?

Every day, you share patients’ protected health information (PHI) to carry out tasks at work. However, is it okay to share PHI without the patient’s permission? In many cases, yes. HIPAA allows you to share PHI both internally and with business associates if it helps with treatment, payment, or healthcare operations (TPO). TPO disclosures allow your organization to run smoothly without having to get authorization at every turn. Furthermore, many of your organization’s daily activities are related to TPO. Treatment Disclosures Many people are cautious about sharing patients’ treatment information. However, withholding too much can cause gridlock that could lead...
Read More
How to Secure Your Personal Devices

How to Secure Your Personal Devices

https://youtu.be/CpLcyPfmvzg Healthcare organizations of all sizes allow employees to use their personal devices, such as smartphones, to access protected health information (PHI). This is often called “bring your own device” (BYOD). Using personal devices at work is quick and convenient. However, if handled improperly, personal devices can be a security threat. Below are some of the security issues that you must address if your organization has, or plans to have, a BYOD policy. Encryption. Although it’s simple and inexpensive to encrypt devices, most BYOD devices are not encrypted, probably because they aren’t viewed as work devices. Nevertheless, personal devices should be...
Read More
Cybersecurity Awareness: Multi-Factor Authentication

Cybersecurity Awareness: Multi-Factor Authentication

As a HIPAA-covered organization or business associate, you should set basic safeguards around your electronic protected health information (ePHI) so that it stays private and secure. Therefore, to celebrate National Cybersecurity Awareness Month (NCSAM), we will continue to focus on the basics of security. The last post covered patch management tips and showed how failing to patch software can lead to a major breach. Multi-factor authentication (MFA) is another important safeguard you can easily use to secure your data. What is Multi-Factor Authentication? MFA is when you use two or more credentials to access your information. The three types of credentials...
Read More
Cybersecurity Awareness: Patch Management

Cybersecurity Awareness: Patch Management

It’s National Cybersecurity Awareness Month (NCSAM), which means it’s time to go back to the basics of HIPAA privacy and security. The last post gave tips for managing your passwords. Now you’ll learn why patch management is one of the most important things you can do. In May of 2017, hackers exposed the data of over 145 million people using Equifax to monitor their credit. According to Wired, hundreds of thousands of credit card and social security numbers were stolen. Why did this happen? Simply put, Equifax failed to patch a vulnerability in their software. If you handle people’s private...
Read More
Cybersecurity Awareness: Password Management

Cybersecurity Awareness: Password Management

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights has made October the National Cybersecurity Awareness Month (NCSAM).  Why? Healthcare companies are falling prey to hackers, resulting in huge privacy breaches, and the problem is only getting worse. Therefore, HHS wants healthcare organizations to go back to the basics of privacy and security. It’s more critical now than ever for you, as a covered entity or business associate, to secure your electronic protected health information (ePHI). The easiest security step you can take is to put a good password management system in place. What is Password...
Read More
Incidental Disclosure vs. Privacy Violation: Train Your Staff

Incidental Disclosure vs. Privacy Violation: Train Your Staff

In a recent Kentucky court case, a hospital fired a nurse for an alleged HIPAA privacy violation. The nurse had been helping a technician and physician prepare for a medical procedure, telling them to wear gloves because the patient had Hepatitis C.  After the patient filed a complaint, the hospital decided that the nurse had violated HIPAA and fired her. What did she do wrong? In this case, we see the fine line between incidental disclosures and privacy violations. What are Incidental Disclosures? Let’s say a patient checks in at the front desk. Even though there’s a partition, the patient...
Read More
The Connection Between MIPS (Medicare and Medicaid Incentive Programs) and HIPAA

The Connection Between MIPS (Medicare and Medicaid Incentive Programs) and HIPAA

CMS (Centers for Medicare and Medicaid Services) inappropriately paid $729.4 million in Meaningful Use incentives to healthcare providers over a three-year period due to the providers’ errors. These errors are a result of providers not being able to support their attestations of completing the measures and objectives as decided in the 2015 EHR Incentive Programs Final Rule. A couple examples of these attestations include completing the Security Risk Assessment and protecting electronic Protected Health Information (ePHI)). MIPS is a “pay-for-performance” program and it is independent of macroeconomic factors, upon which the earlier physician payment system was based. In order to...
Read More
Building an Emergency Preparedness Plan: Communications

Building an Emergency Preparedness Plan: Communications

As a rural health clinic (RHC) or federally qualified health center (FQHC), you must have an Emergency Preparedness Plan in place. First, you did an all-hazards risk assessment. Next, you created policies and procedures that show how to evacuate patients and staff, how they’ll shelter in place, how you’ll keep medical records safe, and how you’ll use volunteers of all skill levels. But how will you carry out all these procedures if you don’t have a communications plan? Emergencies often make communication difficult, which can lead to more danger. Additionally, untrained staff or faulty communication systems can make it hard...
Read More
Building an Emergency Preparedness Plan: Policies and Procedures

Building an Emergency Preparedness Plan: Policies and Procedures

Are you still developing your Emergency Preparedness Plan for your rural health clinic (RHC) or federally qualified health center (FQHC)? Most likely, you’ve already conducted an all-hazards risk assessment. You found all possible emergencies that could happen at your facility – including man-made and natural disasters – and developed responses for each. Now, your next step is to solidify your plan in policies and procedures. The Centers for Medicare and Medicaid Services (CMS) requires the following: § 491.12 (b) Policies and procedures. The RHC/FQHC must develop and implement emergency preparedness policies and procedures…. The policies and procedures must be reviewed and updated...
Read More
Building an Emergency Preparedness Plan: Risk Assessment

Building an Emergency Preparedness Plan: Risk Assessment

Are you ready to meet the Emergency Preparedness Plan deadline for your rural health clinic (RHC) or federally qualified health center (FQHC)? The purpose of an emergency preparedness plan is to safeguard human resources, maintain business continuity, and protect physical resources. This plan will help maintain access to health care during an emergency or natural disaster. What’s in an Emergency Preparedness Plan? Your emergency preparedness plan will include: An emergency plan (including a risk assessment),Policies and procedures,A communication plan, And a training and testing program Risk Assessment The first step is to conduct a facility-based risk assessment. A risk analysis...
Read More
The Three Exceptions to a HIPAA Breach

The Three Exceptions to a HIPAA Breach

Many people have a “better safe than sorry” mentality when it comes to privacy and breaches. Similar to how doctors, nurses, and technicians often considered incidental disclosures to be privacy violations, many privacy officers consider any impermissible disclosure to be a breach. However, there are three exceptions to a breach that all staff members should be aware of. 1.    Unintentional Acquisition, Access, or Use The first exception to a breach is when an employee unintentionally acquires, accesses, or uses protected health information (PHI) in good faith within the scope of their authority, and the PHI is not further used or...
Read More
Should I Have an Information System Asset Inventory?

Should I Have an Information System Asset Inventory?

Although you aren’t required to have an information system asset inventory, having one will help you meet several requirements of the HIPAA Security Rule, including risk analysis and management, information systems activity review, device and media management, and audit controls. An asset inventory does more than just track your hardware. According to the HIPAA Security Rule Crosswalk to NIST, inventorying assets helps you achieve important business goals. A few business benefits include streamlined risk management, up-to-date business operations, and reduced financial cost. Risk Management HIPAA requires a risk analysis in which you identify threats and vulnerabilities that could compromise protected health...
Read More
Why Do I Need a Business Associate Agreement?

Why Do I Need a Business Associate Agreement?

Yesterday (April 20, 2017), the Office for Civil Rights (OCR) announced a settlement of $31,000 with an Illinois nonprofit. The nonprofit had failed to enter into a business associate agreement (BAA) with one of its vendors that stores records containing protected health information (PHI), which is a HIPAA violation. Settlements are costly. When an organization settles with the OCR for a HIPAA violation, the organization is placed on a corrective action plan (CAP). CAPs can be extensive, especially for small organizations. Not only does the Illinois nonprofit have to pay the OCR $31,000, but it has to create policies and...
Read More
What Should I Charge for Medical Record Requests?

What Should I Charge for Medical Record Requests?

Attorneys, insurance companies, patients, and others may request medical records. Between patient care and daily operations, it can be hard to keep up with all these requests and to know how much to charge for medical record copies. There are three options for charging patients for record requests. Actual Labor Costs First, you can calculate the actual labor costs of fulfilling the request (ex. How long it takes for an individual at your organization to copy/send the record). The patient might only request a hard copy, or they might request a summary or explanation of the record. The labor fee...
Read More
Accepting Patient Information on Your Website

Accepting Patient Information on Your Website

Patients are looking for easy ways to communicate with their providers that don’t require a phone call. Hold times and constraining office hours to make an appointment, request records, pay a bill, and other patient communications are often cited as frustrations by your patients. To help resolve this, you look to technology to streamline your patient communications. Technology is a perfect solution to solve many of these more tedious communications. Technology can make your patients and your staff a lot happier. Patients can send communication requests at their convenience and your staff isn’t tied up on the phone to respond...
Read More
My EMR/EHR Makes Me HIPAA Compliant, Right?

My EMR/EHR Makes Me HIPAA Compliant, Right?

Far too many privacy officers lean on their electronic medical record (EMR) or electronic health record (EHR) system as a HIPAA compliance crutch. They believe (mistakenly) that an EMR/EHR system keeps their organization HIPAA compliant. Maybe that’s you. However, even if your EMR/EHR system itself is HIPAA compliant, it does not cause your organization to be HIPAA compliant as a whole. Let’s look at the HIPAA requirements that an EMR/EHR system will help you comply with and those that it won’t. What Does an EMR/EHR Do? EMR/EHR systems have privacy and security safeguards that help you use the system in...
Read More
Is Your Backup Data Secured?

Is Your Backup Data Secured?

In January 2017, a HIPAA-covered Texas clinic learned that someone had stolen an unencrypted external hard drive. The thief took it from a locked closet inside the clinic. The clinic used that hard drive to back up patients' protected health information (PHI). Consequently, the drive contained seven years' worth of data, including names, dates of birth, driver's license numbers, SSNs, medical record numbers, diagnoses, lab test results, and medications. Where did the clinic go wrong? They had locked the hard drive inside the clinic, but they had not protected it from insiders. That's why you must examine where you keep...
Read More
What Are Audit Trails, and Why Are They Important?

What Are Audit Trails, and Why Are They Important?

If you don't record and review system activity, hackers or unethical employees can harm your organization without a trace. Therefore, The Office for Civil Rights (OCR) prompts HIPAA-covered organizations to collect, secure, track, and review their system audit trails. What Are Audit Trails? As a HIPAA-covered organization, you must put in place hardware, software, and/or mechanisms that create an audit trail. The trail is a recording of your electronic system's activity. OCR explains the audit trails your system can leave behind: Application audit trails track and log user activities in the application. System-level audit trails log successful and unsuccessful login...
Read More
What is a HIPAA Security Risk Analysis?

What is a HIPAA Security Risk Analysis?

A security risk analysis is a vital part of the risk management process. According to the HIPAA Security Rule, all HIPAA-covered organizations must conduct them. A risk analysis helps your organization prevent, detect, contain, and correct security violations. However, the rule itself is rather broad: RISK ANALYSIS (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the [organization]. - Section 164.308(a)(1)(ii)(A) Because the rule is broad, there is a lot of room for misunderstanding. Let’s address some common misconceptions about risk analyses. Small...
Read More
Update on Texting Patient Orders

Update on Texting Patient Orders

The Joint Commission (TJC) has concluded that it is not acceptable to use secure text messaging for patient care orders. Industry experts weighed in on the pros and cons of implementing secure text orders, and the impact on patient safety remained unclear. Therefore, TJC and the Centers for Medicare and Medicaid Services (CMS) were both opposed to this practice. Their three main reasons were: 1.       Texted orders would require nurses to manually transcribe them into the electronic health record (EHR) system, creating a burden that may harm their ability to care for patients. 2.       Whereas verbal orders allow for real-time...
Read More
What Are TPO Disclosures?

What Are TPO Disclosures?

There are serious consequences to impermissibly disclosing patients’ protected health information (PHI). This is a paralyzing prospect to many healthcare employees. Consequently, some staff members refuse to use or disclose PHI to the point that their workflow is disrupted. However, HIPAA allows you to disclose PHI for treatment, payment, and healthcare operations (TPO) purposes. These are the basic activities a healthcare organization goes through every day and don’t require patient authorization. Therefore, it’s important that your staff know about TPO disclosures so that they can have confidence to carry out their work while protecting patient privacy. TPO Disclosures: Treatment You...
Read More
Risky Business: Should You Keep Documents in Storage Units?

Risky Business: Should You Keep Documents in Storage Units?

Document management and storage is a universal business concern. This issue is even greater for healthcare organizations. As a HIPAA-covered organization, you must keep both your electronic and paper records secure. Many small or medium-sized healthcare organizations store documents with a storage company. The rent is inexpensive, and employees can easily access the storage unit. However, are storage companies the best solution? Let's look at some of the issues you should consider before renting a storage unit. Legal Liability In the case of a breach of documents kept in a storage unit, your healthcare organization would take sole responsibility. This...
Read More
Social Engineering: A Hacking Story

Social Engineering: A Hacking Story

We're all familiar with what a technical hacker is. They sit behind a computer somewhere planning their strike on an unsuspecting healthcare company. Healthcare is a prime target for technical hackers. However, a more subtle threat exists: social engineering. Social engineers are experts at reading and manipulating people. They rely on trickery, wit, and charm to break into otherwise secure systems. They exploit the weakest link in the security chain: humans. Social engineering is a security threat healthcare staff may be least familiar with. So, what does it look like? How do social engineers manipulate people and gain access to...
Read More
St. Louis startup guides clients in complex world of HIPAA

St. Louis startup guides clients in complex world of HIPAA

As founder and CEO of a company that guides medical professionals through the complex and daunting world of HIPAA – the 1996 federal law that restricts access to individuals’ private medical information — Sarah Badahman knows she needs to express to her customers passion and enthusiasm for the subject matter. Read More...
Read More
Do Janitorial Services require a Business Associate Agreement?

Do Janitorial Services require a Business Associate Agreement?

Many physician offices are struggling to determine which of their vendors are business associates and which are not. It can be a daunting task. One of the most frequently asked questions we receive is whether or not janitorial or cleaning services are business associates or not. Like all things regulatory - it depends. I know everyone hates hearing this answer, so allow me to elaborate to help you determine if your cleaning crew is a business associate or not. Cleaning and janitorial services in general are not business associates as defined by the privacy rule, and therefore, a business associate agreement...
Read More
HIPAA Compliance Efforts: Planning for the Worst and Hoping for the Best

HIPAA Compliance Efforts: Planning for the Worst and Hoping for the Best

As a busy healthcare professional, you are dealing with multiple roaring fires all day long every day. It is easy to view HIPAA compliance efforts as a barely burning ember, at best. The problem is that ember can quickly become an uncontrollable forest fire if it is not tended to. We so often put the task of HIPAA compliance off thinking that nothing will ever happen to us. We are simply hoping for the best. The problem is, we have not sufficiently prepared for the worst. There are several problems with this failure to plan: The Office of Civil Rights...
Read More
HIPAAtrek: Sarah Badahman on Managing and Mastering HIPAA

HIPAAtrek: Sarah Badahman on Managing and Mastering HIPAA

The federal Health Insurance Portability and Accountability Act (HIPAA), is the 1996 law passed as a means of protecting information about an individual’s health insurance. Any health practitioners from your physician to your dentist are required by law to comply with HIPAA regulation in order to continue working. However, HIPAA requirements are notoriously complicated and difficult to manage. It has become extremely hard for health practitioners to keep up to date with HIPAA. HIPAAtrek, is a new application founded by Sarah Badahman, that helps practitioners to map out and manage HIPAA. Read More...
Read More
Technology, HIPAA and You Part 4: HIPAAtrek

Technology, HIPAA and You Part 4: HIPAAtrek

Wow what a whirlwind of a month. Since my talk at BSides San Francisco I have been in Dallas, Chicago, San Diego, and points beyond working on the intersection of HIPAA and Infosec as a new paradigm for thinking about how we secure PHI. There was also my guest piece @Tripwire on The New Normal in Breaches, Audits and Enforcement.
Read More
Arch Grants Announces Summer 2015 Global Startup Competition Recipients

Arch Grants Announces Summer 2015 Global Startup Competition Recipients

Arch Grants has awarded $3.65 million to grow 66 early-stage businesses since the organization launched in 2012. These companies have created more than 250 jobs in Missouri, generated $16 million in revenue, and raised $49 million in capital funding as of March 31, 2015.
Read More
Be Proactive! Why Passive Compliance with HIPAA is NOT a Good Idea

Be Proactive! Why Passive Compliance with HIPAA is NOT a Good Idea

Although, your healthcare practice administrator has “downloaded” forms and procedures from the Internet or hired a “consultant” to implement a procedure you don’t understand, you are not compliant without taking the full HIPAA journey to complete compliance and peace of mind. The Office of Civil Rights (OCR) began Phase 2 audits in fall of 2014 that will continue well into 2015-2016. Be prepared by making sure you carefully conduct due diligence and have your office procedures in place. OCR’s Phase 2 audits will focus on covered entities and the following three areas:  Security risk analysis and management, Breach notifications, and...
Read More
Do I REALLY need to update my Windows server?

Do I REALLY need to update my Windows server?

Many professionals in the healthcare industry and the business world in general are expected to cut costs wherever possible in their department.  Furthermore, practice administrators are often buried under an enormous to-do pile with limited time to devote to HIPAA compliance. Therefore, it is likely that thinking about how using outdated technologies may influence their HIPAA-related data security, is one of the LAST things on the minds of many who have access to protected health information (PHI). However, this is one seldom-thought-of concern that simply cannot wait. It turns out that using outdated technologies, including Windows server 2003, is a...
Read More
Entrepreneurial Journey Leads to HIPAAtrek

Entrepreneurial Journey Leads to HIPAAtrek

How did you get started? Once upon a time, our founder was sitting in an office struggling to stay afloat with all that is thrown at a practice administrator in the healthcare industry on a daily basis. Developing written policies and procedures got pushed aside many times as other fires kept popping up which had to be dealt with. Training the staff on HIPAA was often interrupted by phone calls and patient emergencies. Tasks to stay compliant were often lost in the ever-growing “to do” pile. There had to be an easier way! Thus…HIPAAtrek™ was born. Read More...
Read More
10 Common Questions about the HIPAA Privacy Rule

10 Common Questions about the HIPAA Privacy Rule

One recurring segment that HIPAAtrek’s Blog will contain are a series of posts devoted to answering some of the most commonly asked questions about a HIPAA-related topic. Since our last post covered the basics of HIPAA in a nutshell, we thought a good place to start would be to answer some common questions about a specific part of HIPAA – The HIPAA Privacy Rule. 1. Q:  What exactly IS the HIPAA Privacy Rule? A: The HIPAA Privacy Rule that was modified in 2002 set national standards for providers and business associates with the goal of protecting patient’s medical records and...
Read More
What is HIPAA Compliance, Anyway?

What is HIPAA Compliance, Anyway?

While an article containing general information about the basics of HIPAA Compliance might seem simplistic, it is incredible how many professionals, especially business associates, don’t have basic working knowledge of compliance. Along with this lack of general knowledge, many, including some covered entities and their business associates are in the dark about why the HIPAA privacy rules might apply to them. In turn, this lack of information puts them at risk for HIPAA breaches, which often result in steep penalties. For example, the most recent HIPAA breach in 2004 saddled New York Presbyterian Hospital and Columbia University with a $4.8M...
Read More
HIPAAtrek wins big at Startup Connection

HIPAAtrek wins big at Startup Connection

four startup companies received Bright Future Awards of $5,000. Those awards were given to minority, women, veteran or immigrant-owned companies. The winners included Better Weekdays (minority-owned), which has developed a job-matching platform for millennials; HIPAAtrek (female-owned), an online tool for health care providers to manage compliance programs; Zymplr (immigrant-owned); and Blue Line Security Solutions (veteran owned), a facial recognition startup.
Read More
Northbridge partners with HIPAAtrek

Northbridge partners with HIPAAtrek

A partnership has formed between Northbridge Professional Technologies in Murphysboro and HIPAAtrek, a HIPAA compliance software company.
Read More
Capital Innovators announces its upcoming Fall 2014 cohort.

Capital Innovators announces its upcoming Fall 2014 cohort.

“We have a great blend of entrepreneurs. Some are more technical and some are artsy. We’ve got locals and we have outside perspectives. All of the founders come with deep domain experience and we are thrilled to have the opportunity to collaborate with them.
Read More