We’re having a cyber Monday sale here at HIPAA4MT and hope you will find something you’d like to have! All of our courses are on sale at some great prices! Too busy to study during the holidays? Not a problem! You can purchase your course or product now and have until January to get started. Here’s what is on sale:

General HIPAA Training Overview
Description: This course is designed to provide a basic introduction to HIPAA and the HITECH Act.
Time: Approximately 1.5 hours, including testing time.
Audience: For those who want a basic understanding of the HIPAA laws and regulations.
Investment: $25.00 Sale Price: $10

HIPAA for the Independent Contractor

This course will cover the things that you need to do if you are an independent contractor, but NOT a business associate. This is for those who contract from a service provider and not directly with a covered entity. Learn what you need to do to protect your contracts and be sure that you are doing your part!
Time: Approximately 3 hours, including testing
Audience: Those who are an independent contractor, but not a business associate. If you contract with a medical transcription company and not directly with the healthcare provider, this is your category.
CE Credits: This course has been preapproved by the Association for Healthcare Documentation Integrity for 3 medicolegal CEs.
Investment: $50.00 Sale Price: $39

HIPAA Privacy Rule Training

Description: This course covers all of the details of the HIPAA Privacy Rule
Time: Approximately 5 hours, including testing time.
Audience: For those who want a more indepth understanding of the HIPAA Privacy regulations. Topics covered will include the responsibilities of business associates with the changes related to the HITECH Act.
CE Credits: This course has been preapproved by the Association for Healthcare Documentation Integrity for 5 medicolegal CEs.
Investment: $125.00 Sale Price: $50

HIPAA Security Rule Training

Description: This course is designed to provide a basic introduction to HIPAA and the HITECH Act.
Time: Approximately 5 hours, including testing time.
Audience: For those who want an indepth understanding of the HIPAA Security rule and the HITECH Act. This will also cover the responsibilities of business associates as it relates to these regulations.
CE Credits: This course has been preapproved by the Association for Healthcare Documentation Integrity for 5 medicolegal CEs.
Investment: $125.00 Sale Price: $50

Sample Policies and Procedures

The HITECH Act and HIPAA require that you have written documentation for all of your policies and procedures as they relate to these rules. Don’t spend hours trying to figure it out. These sample policies and procedures can be adapted to your particular organization so that you are compliant. The time you save is well worth the investment.
Investment: $200.00 Sale Price: $50!

HIPAA Bundle

Description: Purchase the bundle package, which includes all three courses listed above as well as the sample policies and procedures.
Investment: $350. If purchased separately, $475, making this a 27% savings! Sale Price: $100!!

These savings won’t last long so be sure to get yours now! The Cyber Monday prices can be accessed here using the drop down menu. Get yours today!

HIPAA Specials

Intro to HIPAA $10.00 USD HIPAA for the IC $30.00 USD HIPAA Privacy Rule Training $50.00 USD HIPAA Security Rule Training $50.00 USD HIPAA Sample P&Ps $50.00 USD HIPAA Bundle $100.00 USD

Does your organization have a zero-tolerance policy for violations of patient privacy? If not, perhaps recent events indicate the value of having such a policy.

In an example of HIPAA policy enforcement, Tucson's University Medical Center has fired three employees this week for violating patient privacy. The hospital reported that three workers were dismissed for inappropriately accessing the medical records of patients involved in the high profile shooting rampage that involved Representative Gabrielle Giffords. This incident resulted in the death of six people and left Representative Giffords in critical condition.

Policies and procedures should clearly indicate that patient privacy must be protected. That includes limiting access to health information to those who have a need to know.

Education is critical in your organization. Employees should have training about HIPAA upon hire and annually thereafter. Training topics should cover patient privacy, security, and how the law and rules apply to a person's individual work setting.

Access to information must be limited to the person's need to know based on their role. This role-based access should be reviewed annually as a part of your compliance program.

You also must be able to track who has accessed protected health information. Access logs will show you who has looked at a patient's record. I imagine it was these access logs that led to the discovery of employees accessing the files at the University Medical Center in Tucson. Without access logs, you will not be able to tell if you have had a breach.

Your policies must also include a sanctions policy. Sanctions do not necessarily have to be "zero-tolerance" policies for any kind of error. There may be times when something happens that was a simple mistake. However, if you have a zero tolerance policy, be ready to follow through with it by dismissing staff when they violate the policy.

In the case of a high profile case like the one in Arizona, zero-tolerance is the wisest choice. There is far too much risk that this information could be accessed for all the wrong reasons. In the end, accessing a patient's information for any reason other than what is required to provide health care is wrong. Accessing it with the potential of personal gain, selling it to media, etc., is totally unacceptable. Note there is nothing to suggest that is what happened with this particular breach; it is, however, a higher risk of such a problem when you have high profile patients.

In the end, having a zero-tolerance policy at your organization, and being sure you enforce it, protects everyone and shows you are serious about patient privacy. It may also protect you should you have to defend yourself in court or to the government in the case of a breach.

Training is critical. Have you done your annual HIPAA training with staff this year?

It's that time of year again! Parents are scrambling to get things ready for the kids to return to school. At the same time, many are savoring the idea of having the house to themselves for a few short hours in the day. For those of us who aren't doing the back to school scramble, it's the end of summer and a time to think about what's next.

In celebration of the back to school season, MT Tools Online is offering a 25% discount on all E-Courses as well as the sample policies and procedures. Ready to get going toward your goal of being sure you understand all about HIPAA and are compliant? Take advantage of this savings to assist you in reaching this goal now! To take advantage of the special pricing, go to the HIPAA Training page, select which package you would like, sign up, and use the discount code "school" when you make your purchase.

Use the back to school time as a time to plan for YOUR future. There's no better time to make the move toward what you need related to HIPAA and the HITECH Act!

I ran across an interesting report this week related to data breaches and their cost to an organization. The 2009 Ponemon Institute Benchmark Study was released and makes for some fascinating and scary information. The study covers many different industries where breaches occurred in 2009, with 45 participants, some of which are healthcare entities. I encourage you to read the entire report as I found it quite interesting.

With breach notification now required if an organization has a breach, it's important to take steps to protect yourself from this occurring. So what if this happens? What will it cost? Here are some interesting points from the study:

• The average cost of a breach is $204 per record involved. In the healthcare industry, however, this cost rises to $294 per record, second only to the pharmaceutical industry at $310.
• The average organizational cost in 2009 was $6.75 million. The most expensive cost was $31 million.
• The study looked at what percentage the cost of lost customers is due to a breach. This has risen to 3.7% and is listed as the main cost when you have a breach. It is interesting to note that, while the average is 3.7%, in health care that number actually increases to 6%, which is equal in the healthcare, communications, and pharmaceuticals industries.
• Another important thing to note is that 42% of breaches were listed as due to an external factor, such as using an outsourcing company to provide services. In the healthcare industry, this number rises to 60%.
• Of the breaches studied, 36% were related to lost or stolen laptop computers or mobile devices. Do you now see a value in being sure your jump drives and external hard drives are encrypted?
• Also reported was the average cost when the breach was related to a mobile device: $224 compared to $193.
• Do you have a compliance officer for your organization who manages the process? If not, it may be a good time to rethink your strategy. Those organizations who have one had an average cost per record of $156.73 versus a cost of $235.51 for those who do not.

While a mere $200 may not sound like a lot, remember this is per record breached. Just one breach that involves 500 patients would have a cost of around $102,000. Many of the 131 breaches reported on the HHS website have many more records than 500.

Be sure your compliance program is protecting you from breaches that could end up costing thousands, or millions, of dollars. It is not a place to skimp on in your organization.

Remember, if you are an independent contractor, this weekend is your last opportunity to get the HIPAA4MT sample policies and procedures at a significant discount!

As we have discussed with the recent rules that were published, independent contractors are now subject to the rules of a business associate, no matter whether they contract directly with the covered entity or not. That brings some challenges for everyone as those who are subcontractors try to do what they need to do to be compliant.

As someone who has been there as an IC and knows what the struggles can be, I've been thinking how to best address this in a way that would be helpful. There are a lot of products out there to select from, and the prices range from $200 to $4,000. I don't know too many independent contractors who could do that.

If you are a subcontractor, you should now have your own set of policies and procedures to show that you are compliant. In an effort to assist those of you who are independent contractors, we are now making the set of sample policies and procedures available to independent contractors, or those who are classified as a subcontractor, for a greatly reduced price. The policies, which normally are priced at $200, are now available to the independent contractor for a price of $60. This does not apply to a business owner who has a business with employees or subcontractors, and is some just for the sole proprietor who contracts from someone else. This does not include the training that is offered, only the set of policies.

You might ask, "but how you know?" Isn't it possible that business will take advantage of this? Sure it is. Still, I believe that people in general operate with honesty and integrity. It's the cornerstone to my businesses and I anticipate that others will do the same. For me, it's just that simple.

If you would like to order a set of these policies, please email me, put "IC Policies and Procedures" in the subject line, and I will send you the discount code to use. This offer will be available through August 15, 2010.

UPDATE: There is a problem with the links for the training page. You can find information on available HIPAA Training at the training page on the website.