The OFFICE FOR CIVIL RIGHTS (OCR) under the DEPT. OF HEALTH AND HUMAN SERVICES (HHS.GOV) just last week published their information regarding the PHASE 2 HIPAA Audits now underway. Posted is how they are collecting information from covered entities, what is new in the way they do HIPAA audits, and what you need to do to be prepared for this audit.
If you are a DUMATEK-PI customer, you may be contacted so we can update your compliance documentation Or so we can conduct another assessment to update the company HIPAA security RISK ANALYSIS.
If you are not a DUMATEK-PI customer, feel free to give us a call as we can surely help you with your HIPAA Security compliance efforts especially if you do not have a RISK ANALYSIS. Not having a RISK ANALYSIS is considered "willful neglect".
Also, for proper orientation of the laws, ask DUMATEK-PI about their HIPAA training program.
WHAT YOU SHOULD DO NOW!
- have an updated RISK ANALYSIS
- know your security team
- have policies and procedures
- have documentation for remediation activity
- have signatures of staff of proof of training
for more information on the Phase 2 Audits : http://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/audit/index.html
This year, DumaTek Philippines , in partnership with HIPAA Academy, will be hosting the 1st CSCS and CHP Certification Seminar – an event open to all IT savvies, and higher management employees handling Healthcare Information. Mr. Ali Pabrai, founder of HIPAA Academy and ecfirst, and Dumatek CEO Mr. Gerry Dumatol, will be spearheading the event which aims to help the participants broaden their understanding on the intricacies of HIPAA, safeguarding electronic patient information (ePHI), and the importance of being compliant.
Details about the Seminar will be released SOON!
BY April 1st, 2014, Microsoft will no longer support the Windows XP Professional Operating System. All HIPAA covered entities and business associates, as well as sub-contractors, would need to replace these legacy systems into Windows 7 Professional or higher Professional Operating Systems to continue to maintain the implementation specifications required under the technical safeguards of the HIPAA Security Final Rule. This only applies to HIPAA covered entities.
HIPAA Security requires covered entities to periodically evaluate the effectiveness of the security measures implemented to mitigate, if not eliminate the risks and vulnerabilities to e-PHI identified by a HIPAA Risk Analysis. Under an evaluation, it should recommend changing these legacy systems because it would simply be reasonable and appropriate for risk management. Microsoft is ceasing the support for security updates against the constantly evolving tech-threats we address, especially when connected to the world through our internet service provider (ISP).
WHAT SHOULD YOU DO?
Identify how many Windows XP Professional computers you have in your company and replace them with Windows 7 Professional or a “higher” Professional Operating Systems before April 1st, 2014. This will be true for Windows 2003 Server too. The new server is Windows 2008 which is good till tear 2020 (budget for $4000.00 if you are currently using a Windows 2003 Server).
HOW CAN DUMATEK HELP?
For over a decade, Dumatek has guided many covered entities and business associates with their compliance efforts to HIPAA Security as well as supply them with their computer network needs. A standard “low-cost” Windows 8.1 Professional workstation is made available to quickly replace the old Windows XP Professional systems. This includes attaching the systems to the pre-existing network and re-establishing the resources needed for the system user to conduct his/her job. This comprises the connection of the new computer system to the company’s EHR or medical practice management system. Taking this approach allows a covered entity to get this issue addressed in the most cost effective and expediently quick manner as well as get a quick review of the status of their HIPAA Security compliance. ($868.00 per system)
There are financing options available as well since for some entities, this would be a full overhaul on the company’s computer network infrastructure.
Please contact DUMATEK at 714-460-5508 or DUMATEK - PI at 8082677 for more information, or assistance.
Want to see DUMATEK USA? Click HERE.