News & Upcoming EventsOctober 2014
Quick Links...

Where to Find CynergisTek!
     Follow us on Twitter         View our profile on LinkedIn        

This month's newsletter includes updates on hot topics such as OCR's recent guidance on emergency situations and a limited time offer on CynergisTek's phishing assessments. Read below to learn more.

Due to the Ebola crisis the Office for Civil Rights (OCR) issued guidance on how patient info can be shared under the HIPAA Privacy Rule in an emergency situation. The bulletin was also released to help remind all that HIPAA rules are not set aside in the event of an emergency. 



David Holtzman recently presented a free webinar on how to prepare for a Meaningful Use audit. He reviews the requirements for attestation, describes what the audit process looks like and provides guidance on how to be prepared in the event you are selected for a random audit. Click below to learn more and watch a recording of the presentation.


Did you know that phishing is one of the most common cyber attacks in the industry?

CynergisTek is proud to offer four different phishing programs with a special introductory price. Protect your security program by empowering employees with the knowledge they need to recognize a well-crafted phishing attack. 



HealthcareITNews recently featured an article reviewing the reasons why vets should be appealing to hospital IT departments. Mac McMillan says, "If I were a health system, and I were looking for a good quality ISO with a lot to give, and a lot of discipline and a lot of motivation and know-how, I'd be hiring a vet." 




OCR has made it clear that they will enforce the HIPAA Omnibus Rule changes to business associates (BAs) and their subcontractors that receive, create, transmit or maintain protected health information. They also announced they will include BAs in the next round of random compliance audits that will start in FY 2015. Are you and your vendors in compliance? Are you ready for a random compliance audit?



David Holtzman presented on OCR audits at the recent Medical Group Management Association (MGMA) Annual Conference. During his presentation, he gave expert advice on what organizations need to do before the audits return, as well as provided several helpful resources.


Compliance Q&A


In every newsletter we answer some of the toughest compliance questions we receive from our newsletter readers, clients and at association events. This month David Holtzman is asked about OIG audits. 


The recently released HHS OIG Workplan for 2015 identified a project in which some HIPAA covered entities and business associates will be reviewed for their compliance with the Security Rule Contingency Planning Standard. What steps can organizations take to prepare for the possibility of an OIG audit?


The purpose of contingency planning is to establish strategies for recovering access to ePHI should the organization experience an emergency or other occurrence, such as a power outage and/or disruption of critical business operations. The goal is to ensure that organizations have their ePHI available when it is needed. The Security Rule requires covered entities and business associates to establish and implement policies and procedures for responding to an emergency or other occurrence (e.g. fire, vandalism, system failure, and natural disaster) that damages a system that contains ePHI. In addition, as part of a regular security risk analysis, organizations should evaluate how they have implemented required processes to establish a data backup plan, disaster recovery plan and emergency mode operation plan. They should also evaluate what reasonable and appropriate measures are needed to implement testing and revision procedures, and, analysis of critical applications and data criticality analysis. 


Have a tough compliance question? Email us to have your question answered by one of our subject matter experts.