First Healthcare Compliance CONNECT September 2019

More documents

Recommendations

Info

Q&A: HIPAA and Health Apps By Catherine Short Rachel V. Rose, JD, MBA, presented the webinar “HIPAA and Health Apps.” Rachel returned to answer many commonly asked questions on our blog. How has HIPAA evolved to address mobile technology? HIPAA was signed into law in August 1996. Subsequently, the Privacy Rule and Security Rule were implemented. In 2009, the HITECH Act passed and with it came an increased focus on security of protected health information (PHI) and breach notification. Finally, on January 25, 2013, the Final Omnibus Rule was published (78 Fed. Reg. 5566 (Jan. 25, 2013)). In general, the U.S. Department of Health and Human Services – Office for Civil Rights has primary jurisdiction over HIPAA enforcement for covered entities, business associates and subcontractors. Other agencies such as the Federal Trade Commission (FTC) and the Food and Drug Administration (FDA) also play a role. In terms of mobile technology and health apps in particular, HHS recently published FAQs – a series of five questions and answers that target a covered entity’s liability when transferring a patient’s data to an app. Additionally, over the past couple of years, the FDA has released guidance on mobile medical apps – specifically those medical apps the 8 FDA will regulate and those that it won’t, which depends on the app’s function. What is covered under ePHI? ePHI, which is also known as electronic protected health information, is protected health information that is produced, saved, transferred or received in an electronic form. This can include USB drives, CD-ROMS, email, apps and VoIP technology. The management of ePHI is covered under the Security Rule. What steps can companies take to ensure compliance? One can think of compliance as an inverted triangle – start with a broad base at the top and narrow the focus into different departments and the relevant technical, administrative and physical safeguards set forth in the Security Rule. The top should include forming an enterprise risk management team and conducting an annual, comprehensive risk analysis that every team member reads. From there, understanding the ingress and egress of protected health information, the vulnerabilities and compliance solutions identified in the risk analysis can be addressed. First Healthcare Compliance, LLC © 2019
Get our eBook by Andrew Wilson! • What is Telemedicine? • Telemedicine FAQ’s • Elements of a Telemedicine Program • Are You Ready For Telemedicine? And don’t miss Andrew’s past webinar with us, “Telemedicine Compliance Primer – Using Delaware as a Model” available in podcast or on YouTube format. Download your copy today Are there any National Institute for Standards and Technology (NIST) publications that address privacy, security and mobile apps? Yes. Two key NIST special publications are SP 800-124, Rev. 1, Managing the Security of Mobile Devices in the Enterprise and SP 800-53, Rev. 5, Security and Privacy Controls for Info Systems and Organizations. Both of these publications provide useful frameworks for achieving compliance to ensure that the confidentiality, integrity and availability of the data is maintained, even on an app. Be on the lookout for Rachel on our radio program, 1st Talk Compliance in October 2019. Take a look at our brand-new book: HIPAA Privacy and Security, and our online compliance training courses such as What is HIPAA?, and HIPAA Business Associate Agreements Under HITECH. And check out Rachel’s other blog Recent HHS Guidance Underscores the Importance of HIPAA Compliance. Come hear Rachel Rose speak live at the HIPAA Privacy and Security Summit, November 14, 2019 at Delaware Law School. Rachel V. Rose – Attorney at Law, PLLC (Houston, Texas) – represents clients on healthcare, cybersecurity, securities and qui tam matters. She also teaches bioethics at Baylor College of Medicine. She has been consecutively named by Houstonia Magazine as a Top Lawyer (Healthcare) and to the National Women Trial Lawyer’s Top 25. She can be reached at rvrose@rvrose.com. Be on the lookout for Rachel on our radio program 1st Talk Compliance in September 2019. 1st Talk Compliance in September 2019. Contact Toll Free: 888-54-FIRST 9
Page 1 and 2: ® CONNECT An Exclusive Monthly Pub
Page 3 and 4: Compliance Super Ninja Pamela Setuf
Page 5 and 6: Client FAQ Corner Are healthcare pr
Page 7: 9:40−10:40 a.m. Jo-Ellyn Sakowitz
Page 11 and 12: ethics) in Delaware, New Jersey, an
Page 13 and 14: WORD SEARCH J L P V R L H C N R D Z

First Healthcare Compliance CONNECT September 2019

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?