Why the 14th Amendment Solves the Debt Ceiling Crisis

If I understand this the Constitution trumps any other law like the debt ceiling.

The debt ceiling raise is needed not for new spending but that that has been already authorized by Congress, ie by law and thus the President has 2 duties:
1) Uphold all laws that have been passed
2) The debt has already been committed to over many years so it is valid and “shall not be questioned.

That makes using the 14th a no brainer.

The Presidential oath also requires the President to protect and defend the Constitution. If he does not follow it as laid out above one could argue you could impeach him as well.

In fact all members of Congress took a similar oath so their inaction to provide the debt ceiling action needed to fund the laws passed by them could be deemed a violation of their oath of office subjecting Boehner in particular to impeachment. Right?

The other issue here is that failure to protect the nation’s financial system from a meltdown is akin to “war” and the President again is bound to protect the nation as well. Keeping the nation from falling into a deeper recession, higher borrowing costs, higher deficits due to a double dip and the world losing faith in the US as a reserve currency makes his inaction on the 14th impeachable to me.

Failure to act has been estimated to cost the US $50B minimum directly for even a few day default due to increased debt rollover costs and as much as a trillion over a decade not to mention higher borrowing costs for consumers and business as well.

The President has put forth $2T in cuts and asked for $400B in tax loopholes being closed. Every deficit reduction plan that Reagan, Bush I and Clinton did required a combination. Why can’t the Repubs simply negotiate in good faith and get this done?

If they do not they will get hung out to dry by the President being forced to act under his Constitutional duty. That surely isn’t going to help them defeat Obama. It might just sew up his re-election before they even have a primary.

If they think he isn’t tough enough to do this. Just remember the Sunday nite we found about Osama or the Somali pirates that were taken out right after he took office.

If he needs to he will act and get the job done as he should, no doubt about it.

Is Not Using the 14th Amendment Grounds For Impeachment?

I am going to approach this Constitutional debate from another angle. That President Obama would risk impeachment by NOT acting under the 14th Amendment to prevent default.

Whether any of us like it or not it this debt ceiling debate is all about the “obligations” that Congress over time has signed into law, not the bonds.

The ceiling raise has nothing to do with future spending, only that which has already been committed to by this and prior sessions of Congress over out history.

We elected them, they act via their Constitutional responsibility passes laws/funding programs, we own it and has the “full faith and credit” of the US behind it. These are all laws that then need to be upheld, ie honored.

The Constitution is by definition the original document plus any and all Amendments to it so trying to separate the two is a specious argument as well.

In PERRY V. UNITED STATES, 294 U. S. 330 (1935)SCOTUS addreses the larger context of debt as “obligations” that further supports the notion that default would be unconstitutional and thus stopping it would be required of the President:

“…The government’s contention thus raises a question of far greater importance than the particular claim of the plaintiff. On that reasoning, if the terms of the government’s bond as to the standard of payment can be repudiated, it inevitably follows that the obligation as to the amount to be paid may also be repudiated. The contention necessarily imports that the Congress can disregard the obligations of the government at its discretion, and that, when the government borrows money, the credit of the United States is an illusory pledge.

We do not so read the Constitution….To say that the Congress may withdraw or ignore that pledge is to assume that the Constitution contemplates a vain promise; a pledge having no other sanction than the pleasure and convenience of the pledgor. This Court has given no sanction to such a conception of the obligations of our government.

The Fourteenth Amendment, in its fourth section, explicitly declares: ‘The validity of the public debt of the United States, authorized by law, * * * shall not be questioned.’ While this provision was undoubtedly inspired by the desire to put beyond question the obligations of the government issued during the Civil War, its language indicates a broader connotation. We regard it as confirmatory of a fundamental principle which applies as well to the government bonds in question, and to others duly authorized by the Congress, as to those issued before the amendment was adopted. Nor can we perceive any reason for not considering the expression ‘the validity of the public debt’ as embracing whatever concerns the integrity of the public obligations.”

The office of the President as “Chief Executive” is empowered by the Constitution that “he shall take Care that the Laws be faithfully executed”.

He is also Constitutionally bound by his oath of office:

“I do solemnly swear (or affirm) that I will faithfully execute the Office of President of the United States, and will to the best of my Ability, preserve, protect and defend the Constitution of the United States.”

This creates a slippery slope for any President. In other words he has no choice in acting per the Constitution lest he violate his oath and for that could be subject to impeachment.

A secondary argument, slightly less compelling, is that in his job as Commander in Chief to protect the nation against any threats could be cited here. A default that plunges the nation into another recession and costs the taxpayers hundreds of billions in additional Federal interest payments and billions more in higher credit card, mortgage and consumer loans threatens the nation as much as any war or attack does. Not acting would weaken the nation considerably and his failure to protect the nation from this sort of “attack” would also be seen as a failure to fulfill his oath.

So the 14th/PERRY V. UNITED STATES makes it clear on the debt’s validity and the fact that it cannot be abrogated in anyway that diminishes the full faith and credit of the nation and its trust with any one owed money via a statute approved by Congress, be it your mom on SS, a cleaning contractor for a federal building or foreign nations holding bonds. All are equally valid and must be honored.

So no action by Congress is illegal and the Debt Ceiling law in any dispute is trumped by the Constitution. In “Perry” Chief Justice Hughes wrote the majority opinion: “We do not so read the Constitution…the Congress has not been vested with authority to alter or destroy those obligations.”

Altering those obligations means that the terms of meeting them cannot be changed in anyway so even a default of a few days or a program to pay bills in some order with revenues is not allowed. So inaction that allows any sort of modification is out of the question as well.

If Obama does not act to avert the crisis if negotiations fail that is a more compelling reason to Impeach than trying to claim that he exceeds his Constitutional power in resolving the crisis using the 14th.

MLR’s, Broker Commissions and “Stockholm Syndrome”

Stockholm Syndrome Poster Child

In 1996 when we first started Employease, the first online benefits administration and       enrollment platform, insurers were eager to meet with us. As it turned out they were not interested in the efficiencies and customer service value we could bring. In fact the main area of interest in every meeting was simply- “How can this help us get rid of brokers”.

The odd dynamic that exists between the product manufacturers – insurers  and healthplans – and their independent sales team, brokers and consultants, has been at work  for at the least the 35 years I have been in the industry.

They are symbiotic enemies like the Road Runner and Wily Coyote. Neither side likes the other at all, even though without agents, brokers and consultants  insurers would fail miserably and without insurers brokers would have nothing to sell. In fact the current system of employer delivered health insurance  would not exist if the insurers had to deal directly with the employer and consumer. They are  not equipped to deliver their products or services in a way that does not need a 3rd party  guardian like a broker.

Fast forward to 2010/2011. Healthcare reform (PPACA) imposes expected Medical Loss Ratios on healthcare insurers to make sure that employer and consumer’s premium dollars go to care and reimbursement not wasted overhead and high executive salaries.

What do the insurers do first to meet their legally required goals? Either drastically reduce commissions to brokers or cut them entirely (Aetna), making the broker responsible for negotiating service fees that the insurer will then add to their monthly bills. And of course they blame it all on the MLR rules of PPACA. Meanwhile they try and ram through rate increases that are not justified again blaming PPACA and have the best year ever for profits.

The NAIC – the 50 state insurance commissioners-  have reviewed the MLR rules and unanimously supported them and refused to exclude commissions from them because sales costs are part of any insurance product’s overhead. They are dead right on this.

Instead of using their clout to fight the insurers industry groups like NAHU, CIAB, UBA, NAIFA, the Big I and others have inexplicably joined forces with the health insurers to try get commissions excluded from the MLR first via the NAIC (they failed) and now through Congress.

Articles vilifying the new healthcare law rife with misrepresentations and hyperbole abound from these groups, especially NAHU who has bought the insurers line completely with lines like this:

“In fact, the health care law is not only causing many businesses to drop or scale back their insurance plans — it’s also preventing them from creating jobs.”

“Unfortunately, there’s not much fat to trim from insurers’ budgets. The health insurance industry posted a slim 2.2 percent profit margin in 2008 — one-fifth the margin enjoyed by the securities industry, and one-tenth that of the pharmaceutical sector.”

Yet while CEO salaries have increased (UHC +$1oMM) and stock option packages have been enriched (Humana,+73M, Aetna former CEO, $50M) those same insurers have eliminated (Aetna) or cut broker’s commissions (all others) at the same time convincing the brokers that Obama and the big bad government were to blame not them.

You can see the details for the major insurers here for the last 5 years. 

The enemy here is not the healthcare reform law but the complacency and dependency that insurers have lulled brokers into with ever higher commissions based on ever higher rates. Do they really believe the insurers should be able to remain fat dumb and happy, have record profits and CEO salaries and not tighten up their wasteful organizations as long as their commissions do not hurt the insurers MLR calculations?

The real question here is are these brokerage groups really that blind to the reality here or are they simply suffering from Stockholm Syndrome –  “… a term used to describe a paradoxical psychological phenomenon wherein hostages express adulation and have positive feelings towards their captors. These feelings are generally considered irrational in light of the danger or risk endured by the victims, who essentially mistake a lack of abuse from their captors as an act of kindness.”

After all the years of dealing with the insurer’s incompetence but still having their incomes go up every year as premiums have increased at double-digit rates this is the only answer I can come up with.

The real enemy are the insurers and their actions, not PPACA, and the sooner brokers realize that and use their collective leverage accordingly to force the insurers to get more efficient the better for them and their clients.

Minimizing Secure Email Hassles for Your Portal Users

In this day and age of password overload all of us are having issues with email users logging into our secure email portals.

Infrequent use of tools like your RadarMail 360/Zix email encryption makes this problem even more frequent.

User error  is 100% of the problems here but to help minimize the issues for people we have implemented the following for our RadarMail 360 shared portal and all of our client’s branded portals if they have authorized it.

1) Simplifying passwords to the bare minimum – 6 characters with no number, letter, Caps requirements

2) Add this text re: password Reserts – “If you are locked out click here to Reset your password.”

3) “Remember Me” – add to the portal to allow users to decide if they want their login name saved

4) Change the link for “Online Help” to “Online Help/FAQs” with this link with more specific FAQ help:

http://www.zixhelp.com/zixport/3.7/en/webhelp/portalhelp.htm

Avoiding Client Spam Filters

When a user is not getting the emails from you or from resetting their password this is a client network spam filter issue or client browser same filter issue – NOT A ZIX ENCRYPTION ISSUE.  To solve this issue be sure that the client has the following domain in their network and Outlook whitelist:smtpout.zixmail.net – which is IP addresses 63.71.8.100 through 63.71.8.109 for inbound mail.

Online Resources

• Also your branded portal User Awareness Site, like mine for shared portal users, should be linked to from your website.
• And you can feel free to use this one page PDF overview as well.
• Of course the easiest way to improve communication with your clients is to get them using ZixMail which you can buy for them or they can buy themselves at the special RadarMail customer addon price of $50/user.

User Browser Options

Short of a user getting on the Zix Network at the user level I would recommend having users review secure browser capabilities and addons in the context of their own company computer, browser, network and HIPAA HITECH security policies.

Depending on the sophistication of the user they can enable login/passwords being remembered in their browsers. If used properly this is the easiest solution but potentially the least secure if used wrong :

Firefox – go to Tools|Options|Security and you can enable saving passwords as well as a “master” password to protect use by an unauthorized user. Best, most secure and easiest to use.

• Other free browser Addons can be reviewed here:

https://addons.mozilla.org/en-US/firefox/search/?q=form+fill&cat=all&lver=any&pid=1&sort=&pp=20&lup=&advanced=

IE 8 – Tools | Internet Options | Content | Auto Complete – no master password so less secure

• Roboform – http://www.roboform.com/platforms/browsers/internet-explorer

Chrome – Click on the “wrench” icon on the upper right corner | Options | Personal Stuff | Form Autofill – NO master password option makes this insecure

• Other free browser Addons with better security can be reviewed here:  https://chrome.google.com/extensions/search?itemlang=&hl=en&q=form+fill

Safari– Preferences | Autofill | Allow login/passwords – no master password makes this insecure.

• Browser plugin – http://lastpass.com/

Opera – Menu Tab | Settings | Preferences | Forms | Password Manager – no master password makes this insecure

Implementing an appropriate solution will not only help with your HITECH compliance activities but a user’s use of the web in general.

If these resources do not help your users then there is really nothing further to be done for them.

As the old adage says, “you can lead a horse to water but you can’t make them drink.” 🙂

Caution – Any of these actions should be reviewed by a user in the context of their corporate security and HIPAA HITECH privacy policies and the links provided by The Industry Radar/RadarMail 360 are solely for information purposes only.

A Snapshot From The Industry Radar World HQ

In case you were wondering what goes on at our bustling headquarters I thought I would share this picture of Rosie our 3 year old pug and Peeps, a lame duckling my 10 year old son is taking care, of as they meet face to face to discuss the day’s news.

Peeps was born with one leg turned backwards and her development is months behind her siblings who are grown white duck, but love and attention is bringing her around. Her wings and feathers are finally growing in and in the not too distant future will hopefully retire to a life on a friend’s farm.

Rosie cannot quite figure her out but tries to play with her when she is in her cage by pawing at her only to be met with a snap from Peep’s bill.

Now that our kids are back in school my wife is in charge of Peeps during the day.

Peeps likes to watch TV and has learned from the dogs barking how to verbalize her own needs like food, water etc….honestly….it is quite something to see.

HITECH E&O? – Are you covered? Likely Not..

The recent legal action in the University of Idaho vs. Colorado Casualty and United Insurance Brokers has caused me to do a little research on the issue of insurance for cyber crime, data breaches etc.

The results are not pretty from the stand point of firms having coverage today for any type of data breach expenses, liabilities, fines etc.

Here are 2 links for you to reference but likely you are “naked” on this cover right now:

http://www.privacy-insurance.com/FAQs.aspx

Insurer Denies $3.3M Data Breach Payment Due to BA Negligence

If this were your client where would find $3.3 million dollars to settle their claim let alone the penalties that HHS will apply?

You can read the details here of Colorado Casualty vs. University of Idaho / Perpetual Storage.

Bottom line is that most standard policies do not cover cyber losses and neither does your E&O policy as we have written about before.

“At the same time, the University is seeking in its lawsuit to bring its insurance broker and adviser into the litigation, alleging they were “careless, negligent, and made various negligent misrepresentations about Perpetual’s insurance coverage from Colorado Casualty.”

Aon reviews this case from an insurance perspective here.

Preventing breaches in the first place is key by getting compliant and encrypting ALL data whether “at rest” or “in motion”.

Lesson – your business and livelihood is one mistake away from disappearing if you are not compliant.

We can help you quickly and cost effectively….contact us now

What do Rodney Dangerfield, AON/Hewitt and ADP/Workscape Have in Common?

A tsunami has hit the world of healthcare and employee benefits in the last 4 days and most of you don’t even realize it.

The new Business Associate rules put out last Friday and now the announcement of the Workscape acquisition by ADP and the Aon/Hewitt merger/acquisition are a fundamental change in the way the industry functions going forward.

The root cause of it? Simple..

Healthcare Reform (PPACA) ! That is right. Or Obamacare if you want to use that acronym.

There are 2 fundamental issues at the core of healthcare reform focused on reducing cost and improving quality and both are intertwined and depend on reliable, accurate and secure information on employees and their dependents:

• “Administrative Simplification” – i.e. by 2014 all transactions by law will need to be electronic and interchangeable. This goes from enrollment, through billing, eligibility, claims adjudication, rating, renewals etc.
• “Electronic Health Records” – requiring a system that is secure and confidential is mandatory and starts long before a single healthcare encounter with all the data above.

Think of the entire benefits/healthcare lifecycle. It is all drive by the same data – or subsets of it – that relate to insureds and their families. Combining these 2 concepts together creates a supply chain for the information that drives the entire industry, and is at it’s core one of the reasons that the “system” is so inefficient, paper driven and wasteful.

So a “dialtone” of standardized data to drive reform is the key driver here and there are billions to be made in being part of that solution.

So how do these 3 events come together under this?

Le’ts start with brokers as Business Associates. Brokers/agents are the Rodney Dangerfield of the benefits industry –  they get “no respect”.  The work they do is largely misunderstood and undervalued and many – esp. insurers – see them as simply a cost drain to the entire industry.

This view is utter nonsense.

As HIPAA HITECH, and especially after last week’s new rules, the Federal government now formally recognizes, respects and holds agents/brokers to the same standards as insurers when it comes to managing client data i.e. PHI.

Most importantly they also now face the same legal and financial penalties. Now they have “respect” and systemic accountability as major cogs in the healthcare/benefits information supply chain for small employers through the 2000 – 3000 employee market.

Our second item is the ADP acquisition of the large employer benefits administration outsourcing vendor Workscape. ADP has been building its infrastructure in the space for years including Employease  (mid market) 4 years ago and Workscape adds clients and capabilities in the large end of the market. It is not coincidental that Workscape, who has struggled to find profitability and could never achieve the escape velocity to go public, is a major competitor to both Aon and Hewitt in outsourcing.

At various times over the past decade ADP and Aon have danced with partnering but have both been too closely tracking the same plans to be partners. ADP has opened up its own semi-stealth insurance broker operation and Aon had been a major brokerage partner of Employease. At its core though ADP is a still a huge data processing machine and a darn good one.

So now ADP, whose core data is payroll, the real lifeblood of any business, has added more heft to its offerings across the large market segment. ADP excels at managing huge amounts of time sensitive, personal and financial data and exchanging it electronically.

Finally we turn to Aon and Hewitt, the largest insurance broker in the world and Hewitt, the high brow consulting and outsourcing giant for the Fortune 2000. Aon has struggled mightily in getting its outsourcing act together and its consulting arm has been lacking growth but it has tens of thousands of employer customers across the spectrum from small to super jumbo that it works with everyday in the benefits information supply chain.

Their strength, like the agents/brokers above is as “trusted advisor” not as a data processor like ADP. Let’s not forget that Russ  Fradin, CEO of Hewitt had been a senior exec for years at ADP and would be well aware of their long term strategy of data management as well seeing the world from the perch of a world class consulting firm.

So we have 2 heavyweights – one a Borgian payroll data colossus that is not especially attuned to client relationships and the other a broker and “trusted advisor”  to their clients with  significant healthcare/benefits data and process management focus and experience.

If we are to have a trusted infrastructure for managing PHI for payroll, HR, benefits and healthcare et al maybe it will likely end up looking like the credit card space. 3 players – Visa, Mastercard and American Express ( and a few others) tie together a trusted system that helps make our lives seamless from credit cards to banking to ATM withdrawals around the world.

And what about the agents and brokers and their clients? Well those that survive the changes in the industry will  now be respected players at the table representing millions of employers and insured lives? What networks will they join or use?

How about an HR benefits/healthcare ATM system…hmmmm, seems like I first wrote about in 1999 and again here in 2003… how much is that worth or are small spiffs on billions of transactions worth to a company?

Stay tuned, more consolidation and change is coming, all because of the modernization and imperative of healthcare in this country with tens of billions of dollars of revenue at stake as well as the very survival of many intermediaries and vendors in this huge space.

New HITECH Rules (NPRM) – Total Clarity for Brokers as BA’s

” Business Associates Get HIPAA Alert” – This post by Rebecca Herold and other privacy experts hit the highlights of this major change here.

We add specifics for brokers below.

The End of the Status Quo

I have been baffled at the lack of compliance I am seeing the market from brokers of all sizes.

It seems that many of you were confused by HITECH and others simply do not believe it will be enforced and many simply were playing Ostrich trying to ignore the law.

Yesterday HHS released clarifications (243 pages of mind numbing reading) of HIPAA HITECH that should end any speculation for a broker what the expectations, requirements and penalties for non compliance are.

We have pulled out relevant quotes for you to review but the bottom line is that your are fully accountable for compliance in the protection of PHI in your possession in any form and for the compliance of your employees and any subcontractors you might have that touch PHI. Penalties for non compliance are step and can be both civil and criminal and will be enforced.

Lets start with what HITECH is really all about…

HITECH is About Healthcare Reform and Cost Containment

“.. Department of Health and Human Services (HHS or The Department) guiding principles is that the benefits of health IT can only be fully realized if patients and providers are confident that electronic health information is kept private and secure. HHS’s goal…is to improve the nation’s health care system by enabling health information to follow the patient wherever and whenever it is needed…to ensure that this electronic exchange of health information is built on a foundation of privacy, and security.”

Comment – This is about healthcare reform and creating an electronic infrastructure that can be trusted like we trust the ATM, banking and credit card networks and will drive quality up and costs down more than almost anything else that can be done in the short (3-5 yr) term

Commitment

“Administration-wide commitment to make sure no one has access to your personal information unless you want them to…  that supports building Americans’ rights to consent and control over PHI into electronic health systems and data exchange.”

Comment – these rules are here to stay and states also are creating their own

Business Associates = Covered Entities = Same Rules = Same Penalties

“The proposed rule would extend liability for failure to comply with the Privacy and Security Rules directly to business associates and business associate subcontractors in a manner similar to how they now apply to covered entities. The proposed rule would subject business associates to many of the same standards and implementation specifications, and to the same penalties, that apply to covered entities under the Security Rule and to some of the same standards and implementation specifications, and to the same penalties, that apply to covered entities under the Privacy Rule.”

Comment – For the system to work ALL players – large or small- have to be held accountable to the same standards. If there were any questions as to whether BA’s were subject to the same rules as carriers this ends that.

BA=BA Subcontractors=Same Rules = Same Penalties (NEW)

“Additionally, business associates would also be required to obtain satisfactory assurances in the form of a business associate agreement from subcontractors that the subcontractors will safeguard any protected health information in their possession. If the business associate learns of a pattern of activity or practice of a subcontractor that constitutes a material breach or violation of the contract, the business associate would be required to make reasonable attempts to repair the breach or correct the violation. If unsuccessful, the business associate would be required to terminate the contract, if feasible. In addition, a business associate would be required to furnish any information the Secretary requires to investigate whether the business associate is in compliance with the regulations.”

Comment – Just like a carrier is ultimately on the hook for BA behavior, you are on the hook for anyone you work with using PHI being compliant.

What Compliance Means:

“We assume that business associates in compliance with their contracts would have already:

1. designated personnel to be responsible for
2. formulating the organization’s
   1. privacy and
   2. security policies,
3. performed a risk analysis, and
4. invested in hardware and software to prevent and monitor for
   1. internal and
   2. external breaches of protected health information.”

Comment – These 4 clear steps are what is expected of all BA’s, CE’s and subcontractors of the BA (new rule)

Contractual Compliance Accountability

“We expect that most business associates make a good-faith effort to follow the terms of their contracts and comply with current security and privacy standards.”

Comment – If you have signed BA agreements with your clients and insurers your compliance is assumed and expected.

Legal and Financial Consequences Clarified

“For those business associates that have not already adopted HIPAA-compliant privacy and security standards for protected health information, the risk of criminal and/or civil monetary penalties may spur them to increase their efforts to comply with the privacy and security standards.”

Comment – Failure to be compliance to meet your contractual obligations are subject to both criminal and civil penalties

Expectations for Getting Compliant

Regardless of the reason, to avoid the risk of the far more serious penalties in this proposed rule, we expect that business associates and subcontractors that have been lax in their complying with the privacy and security standards may now take steps to enhance their security procedures and strengthen their policies for protecting the privacy of the protected health information under their control.

Comment – Clear direction that getting compliant is NOT an option

No “Turtle” Defense

“Moreover, a covered entity or business associate cannot assert an affirmative defense associated with its “lack of knowledge” if such lack of knowledge has resulted from its failure to inform itself about compliance obligations or to investigate received complaints or other information indicating likely noncompliance.”

Comment – Hiding in your shell. i.e. Ignorance real or pretended will not be defense against criminal and civil penalties

You Own Your Organization’s Behavior

“A business associate is liable, in accordance with the federal common law of agency, for a civil money penalty for a violation based on the act or omission of any agent of the business associate, including a workforce member or subcontractor, acting within the scope of the agency.”

Comment – You own any issues coming out of your employees behavior so train them well.

Specific Rules for Security and Privacy

“A covered entity or business associate must comply with the applicable standards, implementation specifications, and requirements of this subpart with respect to electronic protected health information of a covered entity.”

Comment – No option in meeting the standards

Administrative Standards Clarified

“Administrative safeguards are administrative actions, and policies and procedures, to manage the selection, development, implementation, and maintenance of security measures to protect electronic protected health information and to manage the conduct of the covered entity’s or business associate’s workforce in relation to the protection of that information.”

” A covered entity or business associate must, in accordance with § 164.306:

(A) Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.

(C) Sanction policy (Required). Apply appropriate sanctions against workforce members who fail to comply with the security policies and procedures of the coveredentity or business associate.

(2) Standard: Assigned security responsibility. Identify the security official who is responsible for the development and implementation of the policies and procedures required by this subpart for the covered entity or business associate.

Comment – Clarity!

Physical Safeguards Clarified

Physical safeguards are physical measures, policies, and procedures to protect a covered entity’s or business associate’s electronic information systems and related buildings and equipment, from natural and environmental hazards, and unauthorized intrusion.

Comment – Clarity!

Security Standards Apply to BA’s Just Like CE’s

Ҥ 164.306 Security standards: General rules.

(a)  General requirements. Covered entities and business associates must do the following:

(1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity or business associate creates, receives, maintains, or transmits.”

Comment – Clarity!

New Privacy Website Launched

http://www.hhs.gov/healthprivacy/index.html

Comment – all the details are and will be here

Action Steps

Your business is dependent upon trust and relationships and if a major breach occurs due to your lack of compliance your business and livelihood will be gone.

Getting your house in order with a risk assessment, the proper policies and procedures and the encryption needed to protect PHI is not that hard or expensive with our Compliance Radar and RadarMail 360 solutions.

Let us help you….

Hardest Working Male Benefits Consultant Spotted at Hub!

The HWMBC out working everyone all over the world with Hub International!

How come Gallagher is only using the 2nd HWMBC on their site? They are a bigger company! 🙂