Gearing Up for HIPAA Compliance Audits in IT, Part 7: Teamwork

In my final blog post for this HIPAA compliance audit series, I want to touch on a non-technical topic that will undoubtedly be crucial for any HIPAA-Covered Entity – the need for teamwork among the diverse individuals or departments responsible for ensuring compliance. Today's "traditional" audit teams must involve both technical and non-technical experts, and the HIPAA/HITECH regulations demand no less. In most cases, medical professionals, techies and even Business Associates must sit down together and examine the complete PHI (protected health information) trail within the organization and then hammer out numerous technical security decisions for each and every standard. That is [...]

HIPAA Compliance|

Gearing Up for HIPAA Compliance Audits in IT, Part 6: Document Management

A good electronic document management system is an essential part or complement to an electronic health record (EHR), as well as a copier or printer. Let us be honest – as much as you might want to deal only with e-documents, you will need to handle paper for the foreseeable future. So, if you are facing a HIPAA audit, it is essential to make sure that paper records are handled with as much care as digital ones. In my continuing series on preparing for these new HIPAA audits, I have invited Dennis Porter, our document management expert, to cover issues related [...]

Gearing Up for HIPAA Compliance Audits in IT, Part 5: Printer Log Management

I know one of the biggest concerns that HIPAA-Covered Entities may have right now - aside from the HIPAA audit itself - is how to ensure that PHI (protected health information) isn't stolen or stored in a manner that doesn't comply with the law. As I continue my series on how to prepare for a HIPAA audit, I've invited John Sedlak, our manager of network and managed print services, to explain what you can do to protect PHI that may exist in the logs on your copiers and printers. There are two ways to handle multi-function printer logs: proactively and [...]

Gearing Up for HIPAA Compliance Audits in IT, Part 4: Technical Controls

It's almost the end of April. By now, all HIPAA-Covered Entities should at least be toying with the idea of starting a security risk analysis (required by law) in preparation for a compliance audit. Eventually, the U.S. Department of Health & Human Services and its Office for Civil Rights (OCR) will get to you. In my ongoing blog series about this complex topic, I am focusing a good bit on the responsibilities of Business Associates as defined by HIPAA and HITECH because that is our biggest area of concern at Graphic Enterprises. Our office equipment – including many different models of Konica Minolta printers and copiers, [...]

Gearing Up for HIPAA Compliance Audits in IT, Part 3: Security Risk Analysis

With HIPAA audits getting underway this year, Covered Entities are starting to ask, "What do I need to do to get ready?" As the president of an authorized Konica Minolta printer and copier company, I am asking that question, too, because the equipment we sell and service may eventually hold PHI (protected health information). As a Business Associate of many Covered Entities in Northeast Ohio – including hospitals, physician offices, clinics and more in Canton, North Canton, Akron, Youngstown and beyond – the team at Graphic Enterprises recognizes the importance of performing a HIPAA security risk analysis (in fact, the [...]

Gearing Up for HIPAA Compliance Audits in IT, Part 2: Business Associates

If you're responsible for health IT at a HIPAA-covered entity, you're probably thinking more seriously about the reality of HIPAA compliance audits, which are getting underway this year. As I discussed in my first post on HIPAA audits a couple weeks ago, the passage of the HITECH Act in 2009 raised the bar on security for protected health information (PHI) and electronic PHI under HIPAA – for both covered entities and what are known as "business associates." I'm sure you're already quite familiar with the term "business associate" and what types of vendors fall into this category (service providers, vendors and third parties [...]

Gearing Up for HIPAA Compliance Audits in IT, Part 1

When the Federal Health Insurance Portability and Accountability Act - affectionately known as HIPAA - was passed in 1996, no one was seriously thinking about how things like the Internet, electronic health records (EHRs), cloud computing and smartphones would affect personal health information (PHI). Fast forward 13 years to 2009, when the Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted as part of the American Recovery and Reinvestment Act. Suddenly, there was an intersection between EHR adoption, government incentives and the safety and security of electronic PHI. Thanks to HIPAA, HITECH and other factors too numerous to list [...]

Go to Top