Kevin is at the Healthcare Information and Management Systems Society (HIMSS) Conference in New Orleans this
week.  Here is his latest blog posting he
wrote for the Xchange Conference group:

Are You Hip To HIPAA 3.0 HITECH
And The Omnibus Rule?

By Kevin McDonald – EVP & Director of Compliance Practices

The U.S.
Department of Health & Human Services (HHS) released a new rule on Jan. 17
to protect patient privacy and secure health information established under the
Health Insurance Portability and Accountability Act of 1996 (HIPAA) and run by
The Office of Civil Rights.

With this new
rule, The Omnibus Final Rule, protected payers and providers should no longer
have any doubt that they are liable under HIPAA. To be sure, you only need to
answer yes to a couple of the following questions:

  1. Do you
    receive, create, maintain or transmit Protected Health Information (PHI)
    for or from a covered entity (CE)?
  2. Are you a
    VAR, MSP, integrator or other, providing IT or related services to CEs or
    one of their Business Associates that involves the ability to access PHI
    in any manner?
  3. Are you a hosting
    service, storage or other vendor that has PHI residing in your network,
    even if you do not access the information?

here for the rest of the story