Fly First Class and Pay Economy for HIPAA Compliance

The Office for Civil Rights enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; and the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety.

Yikes – How can I do this HIPAA compliance thing for as little money as possible?

You have 2 options:

Option 1 – DIY

You can read the HHS documentation and and do it yourself. This is a not a bad option if you have the time and patience and have a solid understanding of information security and privacy compliance.

Even if you have the security background, be prepared to spend a lot of time reading documentation and getting up to speed on the relevant HIPAA security safeguards.

My colleague Dr. Martin Wehlou is a physician, software engineer and CISSP. Martin could do it himself. But – even if you are a Stanford Medical School graduate, you may want to get expert help on HIPAA compliance for your practice. Do not assume you understand.

If you are mobile app developer, think twice about the DIY strategy.

Consider that mobile healthcare medical devices need to be cleared by the FDA with a 510(K) submission for patient safety and also meet HIPAA requirements for patient privacy and security. Even though a medical device vendor itself is not a HIPAA covered entity, the vendor is considered a business associate to a covered entity and may be required to demonstrate provable security.

Option 2 – Hire a HIPAA compliance consultant

By now you realize that you should probably retain a HIPAA security and compliance consultant who will walk you through the security safeguards in CFR 45 Appendix A and help you understand what you need to implement.

READ

Big Data Analytics Is Perfect For The Future Of Personalized Medicine

How to get the most out of a HIPAA consulting engagement

You want 2 things from your HIPAA consultant:

1) You want him or her to help you consider multiple threat scenarios that threaten patient data, and do that for your specific business (medical practice, hospital, nursing home etc).

Ask you HIPAA compliace consultant to help you build a number probable threat scenarios – considering what could go wrong – employees stealing a hard disk from a nursing station in an ICU where a celebrity is recuperating for the information or a hacker sniffing the hospital wired LAN for PHI, or residents surfing adult sites with their radiology iPads.

2) Ask your HIPAA consultant to prioritize a set of the most cost-effective safeguards for your operation (and not copy and paste the last report he did for some other hospital).

Threat scenarios are the reality. Compliance regulation is the theory.

Dveloping realistic HIPAA compliance threat scenarios (as opposed to checking off the regulatory checklist) requires some work.

Threat scenarios are not “one size fits all”.

The threat scenarios for an AIDS testing lab using medical devices that automatically scan and analyze blood samples, or an Army hospital using a networked brain scanning device to diagnose soldiers with head injuries, or an implanted cardiac device with mobile connectivity are all totally different.

For a healthcare organization of up to 1000 employees and 1-3 physical locations, here is a rough rule of thumb to help you estimate how much time you should invest in the process.

Allocate 3-5 days brainstorming threat scenarios in a conference room with doctors, nurses and administrative staff – up to 7 people should do the job.

READ

Vaping Health Risks Raise Alarm About Educating Younger Generations

The process of brainstorming threat scenarios for HIPAA compliance has 2 steps:

Step 1 – consider how much your assets (people, systems, business, patient data) are worth in dollars and cents. Then consider, the likelihood of occurrence and cost of damage. These are all things that can be estimated or measured.
Step 2 – consider likely threats, for example: radiology tablets infected by malware and downtime that affects your ability to provide service is 1 threat scenario.

You and your HIPAA consultant should then spend another 2-3 days, analyzing the data and building a threat model. A good HIPAA consultant will help you look at your business from the perspective of an attacker and then recommend specific cost-effective, security countermeasures to mitigate the damage from the most likely attacks.

Now take the threat model back to the team and run it by them for a sanity check in a 1-2 hour meeting.

After the sanity check with the team that constructed the threat scenarios, you and your HIPAA consultant need to calculate your Value at Risk. Calculating VaR will help shed light on where to save money and where to spend money.

Using threat analysis for HIPAA compliance gives you 3 good things:

It gives you the right security safeguards, cheaper and more effective than implementing the entire checklist. Doing the right thing is good.
Managers, especially finance managers, relate well to the concepts of threat modeling. A good CFO understands the notion of value at risk, and being a good CFO, will want to implement the right compliance controls at the lowest cost. This is not a bad thing.
When you use threat scenarios, you create a common language between physicians and IT. This is a very good thing.

The Importance Of Medical Labels And Supplement Labels

5 Effective Strategies to Help Grow Your Physical Therapy Business

4 Questions To Ask Before Choosing A Healthcare Uniform Services Rental

Medical Marketing is Vital to Offset Plummeting Healthcare Operating Margins

Try These Tips On How To Handle Medical Expense Debt

Why Meal Planning Is Good for Your Budget & Your Health

How Do I Become A Clinical Documentation Specialist?

How To Get Capital For New Equipment For Your Healthcare Business

The Importance Of Medical Labels And Supplement Labels

Medical Marketing is Vital to Offset Plummeting Healthcare Operating Margins

Recall Procedures: Does Your System Keep Patients Safe?

5 Things To Consider Before Buying Hospital Beds

Vaping Health Risks Raise Alarm About Educating Younger Generations

The Importance Of Medical Labels And Supplement Labels

The Benefits Of Updating Your Hospital’s Systems

What Will Machine Learning Do With Healthcare In 2020?

The Importance Of Medical Labels And Supplement Labels

The Benefits Of Updating Your Hospital’s Systems

Reasons Why HIPAA Is Vital For The Healthcare Industry

Hospitals Suffer From Denied Claims – Can Proper Patient Identification Help?

How Wearable Tech Insights Are Improving Healthcare

The Roles Of AI, IoT, And Cybersecurity In Transforming Healthcare

Top 5 Ways Mobile Apps Are Impacting Health And Fitness Industries

How To Use SMS To Increase Customer Satisfaction In Healthcare

Why You Need To Know The Risks Of Self-Diagnosis

Technological Advancements in The Medical Field That You Should Keep An Eye On

mHealth Apps And Digital Doctors: The Future Of The Healthcare Sector?

EHR For Rural Hospitals: Criteria And Access

7 Tips To Make Sure Your Medical Practice Is Found Online

4 Top Reasons Why App Developers Love Apple Health Records API

Should Healthcare Care About Branding?

How can Healthcare Professionals Manage their Reputation Online

The Keys To Maintaining Safety With Medical Equipment

The Importance Of Medical Labels And Supplement Labels

How Clinical Trials Are Changing Cancer Outcomes

Sports Medicine: Preventing Sports Injuries With Wearable Sensors

The Keys To Maintaining Safety With Medical Equipment

Sports Medicine: Preventing Sports Injuries With Wearable Sensors

How Much Does An Ultrasound Machine Cost?

The Impact Of Mobile App Development On Health And Wellness

The Importance Of Medical Labels And Supplement Labels

How Clinical Trials Are Changing Cancer Outcomes

Top 6 Emerging Medical Technologies Of The Year

Companies Explore The Latest Advances In Interventional Neurosurgery

Cannabis is Excellent for Taking the Edge off Dual Anxiety and Depressive Disorders

How Technology Can Prevent Workplace Injuries

How Precision Medicine And Big Data Will Be The Future Of Healthcare

What Will Machine Learning Do With Healthcare In 2020?

The Rise In Medical Malpractice Costs And How They Make An Impact

Assessing The Health Benefits And Risks Of Physical Intimacy

What Are The Risks Of Bruxism And How Can You Prevent Them?

Food, Mood, And Wellbeing: Is The Western Diet Making Us Sick?

How Technology Is Making Diabetes Management Easier

Top AED Models To Minimize Risks Of Cardiac Arrest 2019

3 Things To Consider When Looking For A Heart Doctor

The Value And Criticism Of Robot-Assisted Heart Surgery

Here’s What To Know About Sleep And Heart Health

What Are The Risks Of Bruxism And How Can You Prevent Them?

Managing Your Expectations for Dental Implant Surgery

5 Urgent Steps To Take To Stop Gum Bleeding

5 Reasons To Whiten Your Teeth At The Dentist In 2020

How Technology Is Making Diabetes Management Easier

Take These 4 Important Steps For Healthy And Happy Aging

Living Alone When You’ve Been Diagnosed With Alzheimer’s

A Guide To Healthy Aging And Happier Golden Years

10 Early Dementia Signs You Need To Be Aware Of

Understanding Hypnosis For Sleep And Its Major Benefits

Food, Mood, And Wellbeing: Is The Western Diet Making Us Sick?

Comfort Eating Is A Hidden Contributor To The Obesity Epidemic

How Often Should You Cycle to Stay Fit

How To Lose Weight And Eat Food You Love By Tracking Macronutrients

What All Good Cataract Surgeons Have In Common

5 Tips For Dealing With Inflammation Of The Joints

6 Natural Remedies For Back Pain You Can Try

6 Excellent Exercises To Help Rotator Cuff Syndrome

Body Pain And Chiropractic Care: How Are They Related?

Important Early Pregnancy Signs To Be Aware Of

Prenatal Care: 5 Great Reasons to Get a Prenatal Massage

Are You Healthy Enough to be a Surrogate?

5 Tips for a Healthy Pregnancy