RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Larry Medina <[log in to unmask]>
Reply To:
Records Management Program <[log in to unmask]>
Date:
Thu, 22 Jul 2010 14:27:21 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (51 lines)
Well, tried to send this reply twice earlier this week and I see it never
made it to the List.


A quick Google search turned up DOZENS of snake oil sales organizations
offering to train and certify an organization's 'compliance' with HIPAA and
even some of them that would offer 'certificates saying you comply', but for
the most part, these aren't worth the paper they're printed on.  The prices
ranged from $14.95 to multiple thousands of dollars for these services.

Directly from the DHHS Website:

http://bit.ly/a2RvJd

(in part)

"A covered entity may make the business decision to have an external
organization perform these types of services. It is important to note that
HHS does not endorse or otherwise recognize private organizations’
“certifications” regarding the Security Rule, and such certifications do not
absolve covered entities of their legal obligations under the Security Rule.
Moreover, performance of a “certification” by an external organization does
not preclude HHS from subsequently finding a security violation."

So the suggestion would be to become very familiar with the HHS Privacy and
Security Rules http://bit.ly/adt5tk  and identify, based on the services
your organization provides, the extent of YOUR responsibilities for
compliance.  

Make a clear list of those to use for a template for training existing staff
and new staff as they are added, and use this same list as a checklist to
determine how well the systems you have in place comply with the necessary
requirements.  Establish a program for regular (at least annual)
self-assessments of your compliance and keep a log of the training
activities for your staff, and then you too can openly state that you are
certified.  

Based on the HHS guidance, a self-certification is equally as valuable as
one provided by an outside organization... in fact, it may have even greater
value, because you have the background information that cites what your
requirements are and how you meet them.

 Larry
[log in to unmask]
[Yes, it's really me =) ]

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2