LuxSci provides HIPAA-compliant services and must itself maintain HIPAA-compliant business operations in order to comply with HIPAA HITECH regulations.  As such, many of our customers and leads look to us for exactly what they need to do to be compliant.

This article provides you with a quick and easy-to-read overview of the various things needed for compliance.  The items given below should not be considered a complete or formal list for compliance, nor will doing all of these things guarantee that you are compliant.  

Read the rest of this post »

We have previously discussed how it may be OK according to HIPAA to send and receive FAXes with ePHI over standard analog phone lines.  See: Is a FAX document HIPAA-Secure?

However, we have observed that customers more and more wish to integrate FAXing with their computers, taking advantage of the “paper-free” office that is arriving most places.  Why should they have to print and manually fax things or receive FAXes on an old-fashioned FAX printer, when their computers have FAX capability?  Can that capability be used in a HIPAA-compliant way?

The answer is “Yes, you can”.  This article explains how and points out things to watch out for.

Read the rest of this post »

In February, 2010, the HITECH changes to HIPAA went into effect.  These required that the Business Associates of HIPAA covered entities also be HIPAA Compliant with respect to the Protected Health Information (PHI) they manage and transmit.  This was a big change with big ramifications … but more changes are coming.

On July 14th, 2010, the US Department of Health and Human Services (HHS) published a series of proposed changes to HIPAA in a notice in the Federal Register.  All comments on these proposed changes are due by September 13th, 2010, and the final rules will likely go into effect shortly thereafter.

With respect to electronic communications, there are several significant changes that will be happening.

Read the rest of this post »

We are often approached by customers wanting to use their blackberry mobile devices to send and receive email that may contain electronic Protected Health Information (ePHI).  Such customers, when they must abide by the HIPAA and HITECH laws governing medical privacy, must comply with a long set of regulations that covers, among other things, how ePHI may be transmitted over the Internet.

This article deals with the security of sending and receiving email on a Blackberry configured for Internet email services (i.e. it does not apply to those connecting to an Blackberry Enterprise Server and Exchange).

Read the rest of this post »

Changes to HIPAA as a result of HITECH provisions in the American Recovery and Reinvestment Act are going into effect on February 17, 2010.  These changes seriously impact the requirements on Business Associates and impose significant liability penalties on HIPAA violations.  For a discussion of these and how they relate to email and web services, see: HITECH 2010: HITECH Impact on Email and Web Outsourcing.

In response to these changes and to ensure that both LuxSci and its HIPAA customers are HIPAA-compliant:

• Old BAA Void: All Business Associate Agreements (BAA), formerly known as Medical Privacy Agreements, that current LuxSci customers have by virtue of the old BAA being incorporated automatically in LuxSci’s Master Services Agreement are VOID as of February 17th, 2010.
• New BAA Required: Any LuxSci Customer who is using or plans to use LuxSci for ePHI (electronic protected health information) of any kind (i.e. email, web sites, WebAides, databases, etc) must explicitly sign our new BAA and ARA (Account Restrictions Agreement) before LuxSci will consider itself a Business Associate and the customer’s LuxSci account HIPAA compliant.

LuxSci will be contacting customers that it believes might need to sign a BAA and ARA during the month of February.  However, as LuxSci does not know which customers are using their account(s) for storage or transmission of ePHI, it is up to our customers to contact LuxSci to establish a BAA.

See:

• Lux Scientiae HIPAA Busines Associate Agreement
• Lux Scientiae HIPAA Account Restrictions Agreement
• Medical Privacy / HIPAA in LuxSci’s Privacy Policy

Read the rest of this post »

On January 30th, 2010, LuxSci will be releasing a set of software updates that add new security features and enhance existing security features.  Additionally, LuxSci is introducing a new Business Associate Agreement for HIPAA customers — one that complies with the new HITECH provisions of HIPAA.  These changes will impact some existing and future customers, as described in this notice.

Read the rest of this post »

Surprise!  HIPAA has changed, gotten bigger, and grown teeth.

The American Recovery and Reinvestment Act (ARRA, or The Obama Stimulus Bill), signed into law in February 2009, includes new, more comprehensive provisions for HIPAA. These provisions are in a section of the bill known as the Health Information Technology for Economic and Clinical Health Act (HITECH).

For organizations that are already required to abide by HIPAA (i.e. the “Covered Entities” of HIPAA), HITECH adds the following requirements:

Read the rest of this post »