Eagle Articles - iMed Newsletter | |
| December 2004 | VARs are offered a sample protocol for a network and operating system "tune-up" to help clients comply with HIPAA Security. |
| November 2004 | HIPAA Business Associate Agreements - New specifications are mandated 4/20/2005. Compliance suggestions are offered. |
| October 2004 | Internet Backup is a convenient and attractive solution medical practices and financially attractive for resellers. |
| September 2004 | The Risk Analysis is the cornerstone of effective computer security. What is this, and how should it be done? |
| August 2004 | HIPAA Security for Medical VARs - Overview |
HIPAA General |
|
CMS Main HIPAA Web site includes official copies of HIPAA regulations, an expanded FAQ, Official CMS positions on HIPAA interpretation, enforcement information for HIPAA Security and Transactions, and other information |
|
The Office of Civil Rights, a department of the Health and Human Services Division, is in charge of enforcement for HIPAA Privacy. |
|
WEDI is the leading national trade association for electronic commerce in healthcare. A few specific resources are highlighted below; go to the WEDI site for a wealth of resources for HIPAA Privacy, Security, and Transactions. |
|
Most areas of the country have a regional affiliate of WEDI. These affiliates vary in participation and scope -- some offer great opportunities for VARs. Check out the one in your area. |
|
Jeanne is brilliant, entertaining, and engaging, and has been involved with the electronic claims industry for many years. NDC resellers will be familiar with her from her longstanding relationship with the company. Sign up for her newsletter to keep up with the politics of healthcare. |
|
HIPAA Security |
|
VARs would do well to actually read the rule. Interhack, a partner of Eagle, has created on-line tools which give you 4 ways to read the rule. For a quick checklist, check out the "matrix" with the 42 implementation specifications. |
|
Most VAR clients are small practices (solo docs or small groups). This white paper provides some thoughtful insights on scaling a security effort to this type of organization. |
|
HIPAA Security requires medical practices to perform a "periodic technical and non-technical evaluation . . . that establishes the extent to which security policies & procedures meet the requirements. . ." This brief white paper provides a brief discussion of what "evaluation" means. Astute VARs will recognize that this requirement creates a need which they are uniquely qualified to fill. |
|
Does your client's e-mail need to be encrypted? The answer is a definite maybe. Become educated on the state of secure e-mail in this 30-page WEDI white paper. |
|
Information on e-mail encryption technologies, PGP and S/MIME |
|
This American Healthcare Indemnity Company newsletter discusses considerations for physicians who choose to communicate with patients via e-mail. This newsletter provides guidance to their customers on managing risk. |
|
For those installing wireless networks, the NIST 800-48 guide suggests a series of practices for mitigating the security issues involved with wireless networks. It weighs in at 118 pages. |
|
The Security rule requires that software include "audit trails," and further, that the practice periodically must review activity. This term leaves a lot of room for interpretation. Read this white paper and decide just how good the audit trails built into your practice management and/or EMR software are. Important audit trails are also created at the firewall and network operating system levels. |
|
If you are offering an EMR solution, this brief white paper offers some reflections on the impact of HIPAA. Eagle's position is that security becomes more important when a practice implements EMR. |
|
Both your clients, and the VAR (because of Business Associate Agreement obligations) must have an approach for detecting, reporting, and responding to security incidents. If this 140 page NIST document is more than you have time to digest, read the 4 page executive summary, Appendix H (Frequently Asked Questions), and Appendix I (Crisis Handling Steps). |
|
Your clients are required to have written policies and procedures to address HIPAA security's 42 "implementation specifications." This 100 page white paper describes what should be included, offering reflections on industry best practices. Sample policies, however, are NOT included. This is a good guide for larger clients who will be drafting and/or customizing their policies. |
|
SANS, non-profit security organization, offers some sample security policies. Note that Eagle offers comprehensive policies & procedures for both the VAR and your clients. |
|
HIPAA Transactions |
|
Washington Publishing Company publishes the official ANSI Implementation Guides |
|
If the official 800 page guide to the ANSI 837 has you singing the blues, check out this "cliff notes" version. The primary purpose of this guide is to identify data requirements of the practice. To make this assessable, data fields which are not populated by the provider, along with details of the looping structure and have been omitted. ** Designed for legal (8-1/2" x 14" Paper ** Author - Eagle Consulting Partners for OHIO for EDI. |
|
Similar to above, with a column indicating where in Medisoft(TM) to enter the data. Medisoft is a registered trademark of NDC Health, Inc.. This guide was created by Eagle and is not endorsed by NDC. |
|
WebMD offers a simplified, yet accurate representation of the ANSI 837 Professional claim. This 53 page document is color coded and should be printed on a color printer to maintain important content. While this document represents the full looping structure, it omits definitions of fields and the "situations." |
|
Need a taxonomy code? Check out the official list published in April 2003. |