Please Don't Violate HIPAA

May 22, 2014

Perfect for the office bulletin board, here is an "Ode to HIPAA."

Spelled with one "P" and not two,

For HIPAA compliance, here's what you need to do.

Privacy, Security, and Breach Notification Rules all apply,

So, when undergoing a risk analysis it's best not to lie.

 

A variety of policies and procedures are required,

Become a writer and get inspired.

Required under §164.306,

Policies and procedures need to be fixed.

 

It is also crucial that laptops, smart phones, and tablets all encrypt,

And that the level is at the required NIST bit.

 

Audit controls are not an option,

Before choosing a solution, proceed with caution.

Know the difference between a loop, SIM solution, and a logger,

Otherwise, your violation could be picked up by a blogger.

 

The integrity, confidentiality, and accessibility of PHI is essential,

Therefore, data backup, storage, and proper disposal are fundamental.

 

When it comes to enforcement, HHS is not alone.

The FTC has stepped into this zone.

Authorized by Congress to protect consumers' personal health information,

Certain corporations have paid for not adhering to the regulations.

 

Acting in accordance with §164.310,

Physical safeguards can avoid a potential portend.

In the area of social engineering,

Verifying visitors and callers is an area worth steering.

 

Covered entities, business associates, and subcontractors' actions must be equal,

And the creation, transmission, receipt, and retention of PHI must be sequel.

Failure to do due diligence in the realm,

Can end up with HHS at the helm.

 

In sum, HIPAA, HITECH and related state laws pronounce

That compliance is not optional and submitted claims may bounce.

The fines are climbing and now is the time,

To evaluate your processes and get everything in line.