Tip: Use OCR privacy and security guidance as a framework
HIPAA Weekly Advisor, April 13, 2009
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
As part of its December 2008 Privacy and Security Toolkit, the OCR discussed how the privacy rule facilitates electronic health information exchange (HIE) in a networked environment.
The guidance, found in “The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information,” establishes privacy and security principles for stakeholders engaged in the electronic exchange of health information.
“It probably reassured some people that they really can do health information exchange in compliance with HIPAA,” says John R. Christiansen, JD, of Christiansen IT Law, in Seattle.
But while it is helpful, it is a framework alone, Christiansen adds, comparing it to an architectural blueprint that may state “a house should have indoor plumbing and electricity.”
“But if I’m going to actually build a house in compliance with these principles, I still need to know how to install the plumbing so the toilet doesn’t back up whenever it’s flushed, and how to wire the house so it doesn’t burn down when I turn on the lights,” he says. “These principles don’t tell us how to do that.”
Instead, organizations should use these principles to better understand how they can exchange information and care for patients more efficiently.
Editor’s note: This is an excerpt from an article in the April edition of the HCPro, Inc. newsletter Health Information Compliance Insider.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Related Products
-
Guide to HIPAA Auditing, Second Edition
This new edition of a best-selling book delivers the hands-on tools and guidance you need to conduct effective in-house...
-
HIPAA Training Handbook for Business Associates
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
HIPAA Handbook for Executive, Administrative and Corporate Staff
Train all of your staff members with this handbook and others in the 2009 HIPAA Handbook Series. Ensure they understand...
-
The No-Hassle Guide to HIPAA Policies: A Privacy and Security Toolkit
HIPAA regulations require extensive documentation—likely more than you've done in the past. Changing the way you look...
-
The HIPAA and HITECH Toolkit
The HIPAA and HITECH Toolkit is a valuable resource that helps both CEs and BAs understand and meet the HITECH Act's...
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched