Everyone is Compliant!  Can YOU Prove It?

HIPAA

Omnibus Rule

 2013

Effective Date

March 26th, 2013

1 month, 25 days ago

End of Grace Period

September 23rd, 2013

 in 4 months, 2 days

I have worked with the team at Kardon Technology since early 2012 as they developed their Small Provider and Business Associate offering using our ComplyAssistant application as a component.  Their understanding of HIPAA compliance requirements in Small Provider offices is exceptional.  I definitely recommend their skills as HIPAA Compliance consultants.  They offer a level of experience and understanding of HIPAA that positions them as a “go to” team for Small Providers and Business Associates needing compliance assistance.
 
Gerry Blass, President and CEO of 

Blass Consulting & Compliance

Gerry has worked in healthcare IT for over 35 years for HIS (health information systems) companies, hospitals and his privately held companies.   Gerry formed Blass Consulting, LLC in 2001 to provide healthcare IT and compliance professional consulting services ; and Blass Compliance LLC in 2009 to provide ComplyAssistant, a web based compliance management tool. He is also a co-founder and moderator of the HIPAA 411 discussion group on LinkedIn with over 3,000 members.

Gerry is a member of HIMSS, HCCA, SCCE and HFMA, including NJ HFMA and their CARES (healthcare compliance) forum.

Meaningful Use, EMR, Practice Portal, PCI, 5010, ANSI and… Oh, yeah, then there’s managing current staff, training new staff, handling patient records, submitting claims and… supporting your providers.  Understanding you have neither the time or the resources to research, understand, implement and manage a policy and procedure plan that complies with the recent Omnibus Final Rule enhancements, Kardon Technology has a variety of tools to assist you.


Is It Worth the Gamble?

What is HIPAA/HITECH, and why should you care?  Most in the medical industry are familiar with the Health Insurance Portability and Accountability Act (HIPAA), or they should be. It’s been around since 1996, and included implementation efforts from then through July 1, 2005. The privacy rule defines when and how private information can be used and accessed. Part of the American Recovery and Reinvestment Act (ARRA), the Health Information Technology for Economic and Clinical Health Act (HITECH) was introduced in 2009. HITECH deals with implementation of Electronic Health Records (EHR), added new Breach Notification Regulations and added compliance requirements for Business Associates. The provisions offer incentives to get providers to implement technology and fully utilize it in their practice.  In January (2013), the Omnibus Final Rule was published… and there were changes.  Or shall we call them ‘updates’.

Why Should You Care? Not only does this change introduce new documentation requirements and more strict regulations, the enforcement framework considerably increased penalties for violations, with a cap of $1.5 Million (not a typo). Random audits by the OCR or States Attorney General Offices were also implemented in 2012 and findings are currently being analyzed. The time for gambling has past.

Where Do I Start?

Compliance Consult with ComplyAssistant You’ve worked so hard to put everything in place. Before you submit your bid for funds, you must perform a HIPAA Compliance Assessment and have a detailed plan for remediation in place. The majority of small private practices have been focused on addressing the EHR implementations and qualifying under Meaningful Use rules for incentive payments. They haven’t had time to focus on the HIPAA changes, detailed in the Kardon Technology HIPAA White Paper. According to the HIPAA Security Rule, every Covered Entity must have a Security Risk Assessment done regularly and documented, covering all the rule provisions and how they are being addressed in your organization.  The 2012 Random Audit Protocol revealed this is not being done correctly   Plus…

The law completely changed the enforcement rules of HIPAA Regulations. The risk of failing a random audit that requires documented proof of policy implementation within 10 days is greater than you may care to admit. Most healthcare organizations have limited resources to manage an ever increasing scope of compliance activities. The question is not if, but when can you stop to devote time to define and maintain your policies. Kardon Technology has done the detailed research for you. Kardon Technology has collaborated the design of a system that works to at least identify the status of your Security Risk Analysis, and outline a plan for remediation. Partnered with ComplyAssistant, all of your compliance activity is managed in a powerful software application. Policies, security procedures, employee training can all be documented and filed for quick and easy retrieval.

Carrying this disk home each day isn’t safe?

Kardon Backup Powered by Intronis There’s backup, and then there’s HIPAA Compliant backup. Kardon Technology offers both. Patient privacy has become a major topic of concern over the past several years. With the majority of patient information being transferred over to digital format to improve the convenience, efficiency and cost of storing data, organizations expose themselves to certain risks. The Security Rule requires health care providers to put in place certain administrative, physical and technical safeguards for electronic patient data. Organizations must adhere to the Security Rule’s standards and specifications for backing up and safekeeping electronic data. Among other things, Covered Entities will be required to have a Data Backup Plan, a Disaster Recovery Plan, and an Emergency Mode Operation Plan.

Kardon Backup Powered by Intronis was created, with healthcare providers in mind, to satisfy the broad need for a safe, reliable, and cost-effective method of backing up data off-site and allowing full file restoration at any time. The software encrypts all data and stores the information in military-grade secure facilities. Consider Kardon Backup by Intronis before selecting an inferior backup option that does not meet HIPAA Guidelines and Standards.

chpse5