AHA Solutions
Resources for Hospitals
Forward this Email

HIPAA Tip
04/22/09

The HIPAA Tip is emailed the second, third and fourth Wednesday of every month.  In it you will find valuable information to ensure you are current on the latest news, trends and regulatory issues surrounding HIPAA. Subscribers total over 2,500.

If you're looking for assistance in HIPAA compliance training solutions, please contact:

Ali Pabrai, Security+, CISSP, CHP, CSCS
ecfirst.com/HIPAA Academy, Chief Executive
www.HIPAAAcademy.Net

HIPAA Academy's HIPAA Compliance Training Solutions have the exclusive endorsement
of the American Hospital Association (AHA).

 


To learn more about AHA-Endorsed products and services and the AHA Solutions Signature Learning Series, please call
(800) 242-4677 or visit www.aha-solutions.org

April 22, 2009

Massachusetts Compliance Deadline for Security
Organizations have until January 1, 2010 to comply with the new State regulations (201 CMR 17.00), which are aimed at protecting the personal data of Massachusetts residents. Massachusetts security regulations require organizations to address the following:  
-Requires each covered business to “develop, implement, maintain and monitor a comprehensive written information security program” that applies to records that contain Massachusetts’ residents’ personal information (201 CMR 17.03)
-Security program must include “administrative, technical and physical safeguards” to protect such records
-Regulations also require businesses that store or transmit personal information about Massachusetts’ residents to (201 CMR 17.04):

  •  Restrict access by use of passwords
  • Deploy updated malware protection
  • Encrypt information transmitted across public or wireless networks
  • Monitor all systems to detect unauthorized access
  • Encrypt information stored on laptops
  • Incorporate firewalls

The new Massachusetts regulations — which implement the data breach provisions in the state's consumer protection law — require any business that handles sensitive personal information on Massachusetts residents to encrypt the data while it's being transmitted over public networks or stored on mobile devices such as laptops, handhelds and memory sticks.

The Massachusetts law also requires companies to limit the amount of data they collect, have written security policies and maintain a detailed inventory of all personal data, whether it is stored in computers, archived on tapes or kept in paper files. In addition, businesses must deploy adequate physical and technical security controls for safeguarding protected data and properly authenticating users who are given access to the information.

Nevada Law & Transmission Security
The State of Nevada also has requirements for security. Nevada law provides that “a business in this State shall not transfer any “personal information” of a customer through an electronic transmission (except fax) to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission. Personal information is defined as a person’s name together with SSN, a driver’s license #, financial account # plus PIN, or other code to gain access to an account.

 Is Your Organization Compliant with New State Regulations?
Contact Steve.Ferrick@ecfirst.com or call 1.877.899.9974 x14 to discuss risk analysis, vulnerability assessment and other State & Federal requirements. ecfirst has significant experience enabling healthcare organizations conduct a HIPAA assessments. Talk to us to learn more about how we can help address your challenges with HIPAA compliance, including new requirements from the HITECH Act. Ask Steve for the executive brief PDF on Increased Mandates for Privacy & Security of Health Information, New Penalties Established to learn more about the HITECH Act requirements and recent fines from the FTC and HHS.

 

Certified HIPAA Professional Program in Las Vegas

Learn about key aspects of the new HITECH Act (economic stimulus bill recently enacted) and the HIPAA regulation including Transactions and Code Sets, Identifiers, Privacy and Security. This is an exceptional program delivered by Ms. Lorna Waggoner, a HIPAA expert. Take the certification exam at the end of the 2nd day. To register or check the schedule for other locations, please visit www.HIPAAAcademy.Net or call 1.877.899.9974 x17.

 

Certified Security Compliance Specialist (CSCS) Program in Las Vegas

To attend the only certification program in the industry that addresses PCI DSS, ISO 27001/27002, HIPAA, FISMA, and other information security regulations, please visit the web-site, www.ecfirst.com, and click on the CSCS Program. The CSCS Program is presented by compliance and cyber security expert, Ali Pabrai. The CSCS program is offered in several cities across the USA – check the schedule on-line at www.ecfirst.com or bring the program on-site and have it tailored for your environment.