Home Health & Hospice Week
Get Expert Help For Your Security Policy
Follow the right framework to create and update your policy.
As you wade through the murky waters of HIPAA Security Rule compliance, your security policy should not only chart your voyage, but it should also serve as your lighthouse for when you drift off-course. But for your security policy to become such a vital and reliable document, you need to first understand the framework for all that the policy must include.
According to HIPAA expert Jim Sheldon-Dean of Lewis Creek Systems, your basic security policy framework should look like this:
Four Basic Policies (or Policy Types):
1. Security Management Process
• Include enabling language in your policy.
• Define details in your procedures.
• Include as much documentation as possible.
And if you need help drafting your security policy or ensuring that it remains compliant, Sheldon-Dean points out that you can get help from the following resources:
The SANS Institute’s Security Policy Project: Includes a short primer for developing security policies, along with samples and guidance: www.sans.org/resources/policies.
New York University HIPAA security policies: Provides model security policies with a good level of detail, and many of the concepts are directly transferable: www.nyu.edu/its/policies/#hipaa.
The National Institute of Standards and Technology (NIST) Computer Security Incident Handling Guide (SP 800-61 Revision 2): Provides a practical guide to responding to incidents and establishing a computer security incident policy and process: csrc.nist.gov/publications/nistpubs/800-61rev2/SP800-61rev2.pdf.
NIST ITL Bulletin (September 2012): Focuses on the revised SP 800-61: csrc.nist.gov/publications/nistbul/itlbul2012_09.pdf.
2. Information Access Controls
3. Data Management (Contingency-Backup-Retention)
4. User Policy
Enlist Resources For Compliance Help
Home Health & Hospice Week
- Reimbursement:
PECOS Edits Are Upon You
Edits are based on Jan. 6 ‘From’ dates. You may have some extra weeks before [...] - Edits:
Ready Your PECOS Response Plan
Be prepared to turn away referrals from noncompliant physicians. Hopefully the vast majority of your [...] - Documentation:
Focus On These 7 Qualities To Boost Documentation
Support medical necessity, codes or risk denials. You already know that when the clinical record [...] - OASIS:
Watch for Under-Documented OASIS, Billing Areas
Be sure your documentation backs up your OASIS responses and resulting claims, especially with these [...] - Patient Privacy:
Implement An Information Security Management Process Before It's Too Late
Tip: Run your data security like a business. With so many reimbursement and regulatory changes [...] - HIPAA:
Get Expert Help For Your Security Policy
Follow the right framework to create and update your policy. As you wade through the [...] - HIPAA:
Follow This HIPAA Security Process Checklist
As you’re preparing your information security management process, keep this checklist from Jim Sheldon-Dean of [...] - Industry Note:
MedPAC Lobbies For Lower Home Health Payment Rates
Advisory body pushes home health copayment once again. Declining utilization and profit margins aren’t enough [...] - Industry Note:
MedPAC Wants A Rate Freeze For Hospices In 2015
Hospices have often gotten a pass from the Medicare Payment Advisory Commission — but not [...] - Industry Note:
OIG Calls For More Home Health Cuts
Add the HHS Office of Inspector Gene-ral to the list of organizations that want lower [...] - Industry Note:
Newspaper Exposé Slams For-Profit Hospices For Long-Stay, Ineligible Patients
Expect hospice payment reform to get on an even faster track, thanks to a high-profile [...] - Industry Note:
Comment On Hospice Drug Coverage Guidance ASAP
If you were slammed by the holidays and didn’t have time to comment on Medicare’s [...]
