[ Wednesday, June 13, 2012 ]


OCR/NIST Presentation Last Week: I was in DC last week for the OCR/NIST presentation on HIPAA Security. I didn't liveblog it, because my computer died the night I got to DC (it has a power utilization problem and refuses to realize it's plugged in sometimes, running on battery until it's dead). But did tweet pretty regularly (I'm @JeffDrummond on Twitter) since that was easy from my phone; check out my tweets from June 6 and 7.

Two good points to pass along:
1. NIST has a Security Rule toolkit that looks very promising for any HIPAA covered entity of any size. It does require minimal technical skills, but any organization running any sort of information system should be able to handle it and use the toolkit to audit for HIPAA Security issues and fixes. You can find it here.
2. The presentation on the current status of the first batch of HIPAA audits, and some common findings, was very interesting, although I have to say nothing in it surprised me. Security compliance is worse than privacy compliance; providers were the biggest source of problems (rather than plans or clearinghouses), and smaller organizations had more problems than bigger ones. Privacy issues included deceased individuals, personal representatives, policies and procedures, and BAAs, while Security issues included user activity monitoring, contingency planning, and lack of sufficient risk assessments. You can find the rest of the presentations here.

Jeff [12:41 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template