Corporate Compliance

Corporate Compliance Articles by Topic: HIPAA

Transmittals and MLN Matters articles: CMS issues transmittal on testing HIPAA transactions following a system change, updates chapter 41 of the Provider Reimbursement Manual, and more

  • Medicare Insider, Issue 47, November 20, 2012

    CMS issues transmittal on testing HIPAA transactions following a system change

HIPAA Q&A: Transporting records to satellite clinic

  • Compliance Monitor, Issue 24, June 13, 2012

    Q: Our physician practice operates a satellite clinic. The practice does not use an electronic...

HIPAA Q&A: Answering service messages

  • Compliance Monitor, Issue 23, June 6, 2012

    Q: Is a physician who uses an answering service and receives unencrypted messages from an answering...

Boston area hospital to pay $750,000 for data breach

  • Compliance Monitor, Issue 22, May 30, 2012

    Failing to keep confidential information secure will cost South Shore Hospital in Weymouth, Mass...

Regulations: HHS issues HIPAA/HITECH regulations, CMS finalizes Medicaid HCAC rule

  • Medicare Insider, Issue 23, June 7, 2011

    On June 1, CMS released a rule to finalize a payment adjustment for provider-preventable...

Other developments: OIG examines HIPAA enforcement

  • Medicare Update for Physician Services, Issue 6, June 2, 2011

    On May 16, the OIG issued a report on CMS’ oversight and enforcement of HIPAA. The OIG...

HITECH accounting of disclosures rule released

  • Compliance Monitor, Issue 22, June 1, 2011

    On May 27 the Department of Health & Human Services (HHS) published a HITECH-required proposed...

Tip: Regulate access to electronic medical records.

  • Compliance Monitor, Issue 22, June 1, 2011

    Employees should only access information when they have a legitimate need to do so.

Other Issuances: CMS advises on SNF consolidated billing, claims processing issues, and more

  • Medicare Insider, Issue 21, May 24, 2011

    On May 16, the OIG issued a report on CMS’ oversight and enforcement of HIPAA. The OIG...

Q&A: Rehiring an employee that was fired for a violating patient confidentiality

  • Compliance Monitor, Issue 19, May 11, 2011

    Q: An employee is terminated for violating patient confidentiality. The organization later...

Large patient information breach list reaches 265

  • Compliance Monitor, Issue 18, May 4, 2011

    The number of entities reporting breaches of unsecured PHI affecting at least 500 individuals to...

Q&A: Whiteboards and HIPAA

  • Compliance Monitor, Issue 17, April 27, 2011

    Q: Is it permissible to list patients by name on whiteboards in the nursing units?

Q&A: Responding to subpoena requests

  • Compliance Monitor, Issue 15, April 13, 2011

    Q: Should we provide a complete copy of a patient’s record when a subpoena requests...

Tip: When and how to use compound authorizations

  • Compliance Monitor, Issue 14, April 6, 2011

    An authorization to use or disclose protected health information (PHI) may be combined with another...

Q&A: Accounting for tumor registry disclosures

  • Compliance Monitor, Issue 13, March 30, 2011

    Q: We are required to report information, including patient account numbers and diagnosis codes, to...

OCR needs $5 million more in FY 2012 for HIPAA enforcement

  • Compliance Monitor, Issue 12, March 23, 2011

    The OCR, the enforcer of the HIPAA privacy and security rules, is asking for an increase of $5.6...

Health Net, Inc., involved in potential HIPAA breach affecting 1.9 million patients

  • Compliance Monitor, Issue 11, March 16, 2011

    For the second time in less than a year, health insurance giant Health Net, Inc., is involved in a...

Q&A: Discussing a family member's medical problems

  • Compliance Monitor, Issue 11, March 16, 2011

    Q: I work in patient financial services at a hospital. Like me, several of my coworkers have...

MGH pays $1M and enters into a CAP to settle potential HIPAA violations

  • Compliance Monitor, Issue 9, March 2, 2011

    The General Hospital Corporation and Massachusetts General Physicians Organization, Inc., (Mass...

HHS imposes first CMP for a HIPAA violation, Cignet will pay $4.3M

  • Compliance Monitor, Issue 9, March 2, 2011

    The HHS Office for Civil Rights (OCR) imposed a civil money penalty (CMP) of $4.3 million to Cignet...

New York City Health and Hospitals Corp. privacy breach affects 1.7 million

  • Compliance Monitor, Issue 7, February 16, 2011

    The New York City Health and Hospitals Corporation (HHC) must notify 1.7 million patients, hospital...

Q&A: Voice mail

  • Compliance Monitor, Issue 7, February 16, 2011

    Q: May a preadmission nurse leave messages (e.g., “This is a reminder that your surgery is...

Tip: Train your entire staff on HIPAA issues

  • Compliance Monitor, Issue 6, February 9, 2011

    Your full workforce needs privacy and security training, says Kate Borten, CISSP, CISM. That...

Health Net fined $55,000 for data breach

  • Compliance Monitor, Issue 4, January 26, 2011

    Health Net, Inc. agreed to pay the Vermont government $55,000 to resolve charges that the...

Tip: Safeguard against incidental disclosures

  • Compliance Monitor, Issue 4, January 26, 2011

    What the Department of Health and Human Services (HHS) considers a reasonable safeguard against...

Staff members at UMC Tucson fired for inappropriately accessing medical records

  • Compliance Monitor, Issue 3, January 19, 2011

    University Medical Center in Tucson, AZ, fired three clinical support staff members and a...

Tip: Mitigate harmful effects following a patient privacy complaint

  • Compliance Monitor, Issue 2, January 12, 2011

    Investigating privacy complaints and applying sanctions are important aspects of compliance, but...

Q&A: Taping intake and output sheets outside of patient rooms

  • Compliance Monitor, Issue 48, December 22, 2010

    Q: Our nursing staff continues to tape patient intake and output sheets outside of patient...

Tip: Restrict PHI disclosures

  • Compliance Monitor, Issue 47, December 15, 2010

    The HIPAA Privacy Rule requires that access to and disclosure of protected health information (PHI...

Seven CA facilities fined for privacy breaches

  • Compliance Monitor, Issue 45, December 1, 2010

    Six California hospitals and a nursing home must pay a total of nearly $800,000 for failing to...

Five charged for stealing patient information

  • Compliance Monitor, Issue 44, November 24, 2010

    Florida authorities issued a criminal complainant against Albert Anthony Andrulonis, 26; Raushanah...

Q&A: Releasing patient records to insurance companies

  • Compliance Monitor, Issue 44, November 24, 2010

     Q: An insurance company is requesting copies of medical records to review our CPT ®...

Health Net pays $375K to settle data breach

  • Compliance Monitor, Issue 43, November 17, 2010

    Health Net of Connecticut agreed to pay $375,000 to Connecticut Insurance Department for failures...

Hospitals still do not have resources to prevent data breaches

  • Compliance Monitor, Issue 42, November 10, 2010

    Nearly three out of four (71%) of hospitals in the 100- to 600-bed range say they have inadequate...

Q&A: Protect patient information at nursing kiosks

  • Compliance Monitor, Issue 36, September 29, 2010

    Q:  We are planning to install wall-mounted kiosks in our skilled nursing facility to...

Q&A: Criminal and civil penalties

  • Compliance Monitor, Issue 34, September 1, 2010

    Q: How did HITECH change HIPAA’s existing criminal and civil penalties?

Q&A: Releasing records to attorneys

  • Compliance Monitor, Issue 30, August 4, 2010

    Q: When an attorney requests we release all records, must we comply and send all of the...

Q&A: Patient information on the internet

  • Compliance Monitor, Issue 28, July 21, 2010

    Q: One of my colleagues made a website accessible to invitees only. He plans to upload a...

Regulations: CMS proposes OPPS changes, HHS issues HIPAA-HITECH regulations

  • Medicare Insider, Issue 28, July 13, 2010

    On July 8, HHS posted a display copy of a proposed rule to modify HIPAA privacy, security, and...

Q&A: HITECH and third-party insurance policies

  • Compliance Monitor, Issue 20, May 26, 2010

    Q: Does the Health Information Technology for Economic and Clinical Health (HITECH) Act supersede...

Q&A: Leaving voice mail messages

  • Compliance Monitor, Issue 18, May 12, 2010

    Q: May ambulatory surgery center (ASC) staff members leave preoperative messages on patients&rsquo...

Regulations: CMS publishes IPF PPS update for 2011, OCR asks for information on accounting of disclosures

  • Medicare Insider, Issue 18, May 4, 2010

    On May 3, the Office for Civil Rights (OCR) published in the Federal Register a request for...

Seven steps to comply with the Red Flags Rule

  • Strategies for Health Care Compliance, Issue 5, May 1, 2010

    The focus of the Red Flags Rule is identity theft, said Rebecca Williams, RN, JD, partner and...

Strategies for Health Care Compliance, May 2010

  • Strategies for Health Care Compliance, Issue 5, May 1, 2010

    In this issue of SHCC, you’ll read about steps you can take to comply with the Red Flags Rule...

Q&A: HITECH insurance policies

  • Compliance Monitor, Issue 16, April 28, 2010

    Q: Does HITECH supersede our contracts with third-party health insurance policies if the patient...

Q&A: Releasing patient information to the media

  • Compliance Monitor, Issue 14, April 14, 2010

    Q: Can hospitals notify the media about a patient’s condition without patient authorization?

Federal regulations emphasize encryption, risk assessments

  • Strategies for Health Care Compliance, Issue 4, April 1, 2010

    In October 2009, an orthopedic surgeon at Rhode Island Hospital operated on the wrong finger of a...

Laboratory Compliance Insider, April 2010

  • Laboratory Compliance Insider, Issue 4, April 1, 2010

    Learn how to avoid common errors in the lab, become a more effective and respected manager, how to...

Mammography Regulation and Reimbursement Report, April 2010

  • Mammography Regulation and Reimbursement Report, Issue 4, April 1, 2010

    Some changes are taking place in response to the USPSTF mammography guidelines that were released...

Q&A: Breach of a minor's record

  • Compliance Monitor, Issue 9, March 4, 2010

    Q: Whom should we notify if a minor’s record is breached? For example, a grandparent who...

Strategies for Health Care Compliance March 2010

  • Strategies for Health Care Compliance, Issue 3, March 1, 2010

    In this issue of SHCC, you’ll learn about some breaches at healthcare facilities and how you...

Learn from other healthcare organizations' compliance mistakes

  • Strategies for Health Care Compliance, Issue 3, March 1, 2010

    Major breaches of patient information in 2009 break down into three types: snoopers, hackers, and...

Q&A: Business associate requirements, audit log retention periods, and health plans

  • Strategies for Health Care Compliance, Issue 3, March 1, 2010

    Is there any regulation that defines the retention period for electronic health record (EHR) or...

Five stumbling blocks hinder HIPAA compliance

  • Strategies for Health Care Compliance, Issue 3, March 1, 2010

    Many organizations are focusing on the new privacy and security requirements created by the Health...

Q&A: Covered entities and BA contracts

  • Compliance Monitor, Issue 5, February 3, 2010

    Q: Are covered entities and business associates (BAs) required to revise their BA contracts to...

Amend BA contracts for February HITECH deadline

  • Mammography Regulation and Reimbursement Report, Issue 2, February 1, 2010

    Most importantly, double-check your list of BAs, says Kate Borten, CISSP, CISM, president of The...

Red Flags Rule: Prepare for FTC?s June enforcement date

  • Strategies for Health Care Compliance, Issue 2, February 1, 2010

    Nonetheless, providers subject to the rule’s requirement to develop a program that mitigates...

Strategies for Health Care Compliance, February 2010

  • Strategies for Health Care Compliance, Issue 2, February 1, 2010

    In this issue, we answer your colleagues’ tough HIPAA compliance questions, target key areas...

Q&A: Notice of Privacy Practices

  • Compliance Monitor, Issue 1, January 5, 2010

    Q: If a facility updates its Notice of Privacy Practices (NPP), does it have to redistribute the...

HIPAA Q&A: NPPs, BA contracts, Red Flags Rule, and more

  • Strategies for Health Care Compliance, Issue 1, January 1, 2010

    Learn the answer to this and other tough HIPAA compliance questions.

Develop effective strategies for your breach notification response program

  • Strategies for Health Care Compliance, Issue 1, January 1, 2010

    Be determined and thorough, but also patient as you gather evidence and develop a smart game plan...

Strategies for Health Care Compliance, January 2010

  • Strategies for Health Care Compliance, Issue 1, January 1, 2010

    In this issue, we examine outpatient coding challenges that facilities are still facing. We explain...

Harm thresholds: Opportunity for CEs to be more accountable for PHI, breach mitigation

  • Strategies for Health Care Compliance, Issue 12, December 1, 2009

    When HHS published its interim final rule on breach notifications in the August 24 Federal...

Strategies for Health Care Compliance, December 2009

  • Strategies for Health Care Compliance, Issue 12, December 1, 2009

    In this issue of SHCC, you’ll learn about what a benchmark on your coders’ productivity...

Q&A: How CMS responds to HIPAA complaints

  • Compliance Monitor, Issue 45, November 11, 2009

    Q: How does CMS handle a Health Insurance Portability and Accountability Act (HIPAA) complaint once...

Regulations: CMS displays OPPS, MPFS final rules for 2010, and more

  • Medicare Insider, Issue 45, November 3, 2009

    On October 30, CMS released a display copy of the OPPS final rule for CY 2010.

New BA requirements call for new contract language

  • Strategies for Health Care Compliance, Issue 11, November 1, 2009

    Understanding the new risks, responsibilities, and requirements presents a complex challenge for...

Experts: Expect more enforcement as Office for Civil Rights role expands

  • Strategies for Health Care Compliance, Issue 11, November 1, 2009

    “The move means a trigger has been pulled to be more aggressive with compliance actions and...

Strategies for Health Care Compliance, November 2009

  • Strategies for Health Care Compliance, Issue 11, November 1, 2009

    In this issue of SHCC, you’ll learn what it means to you now that OCR is assuming oversight...

Regulations: CMS issues IPPS correction, OCR publishes HIPAA proposal

  • Medicare Insider, Issue 42, October 13, 2009

    On October 7, CMS issued a correction in the Federal Register to its previously issued IPPS final...

Regulations: OCR issues privacy rule proposal, CMS correct IRF PPS final rule

  • Medicare Insider, Issue 41, October 6, 2009

    On October 1, the Office for Civil Rights (OCR) issued a display copy of proposals to modify the...

Interim final rule: Timeline, breach summary will provide significant challenges for covered entities

  • Strategies for Health Care Compliance, Issue 11, October 1, 2009

    Adjusting to some of the new requirements will be difficult, but other aspects of the rule...

Q&A: Hospice communication, home computer use, outgoing mail, and more

  • Strategies for Health Care Compliance, Issue 10, October 1, 2009

    Learn the answer to your important HIPAA privacy and security compliance questions.

The rising cost of a privacy breach

  • Strategies for Health Care Compliance, Issue 10, October 1, 2009

    The cost of a privacy breach far exceeds any fines authorized by the Health Information Technology...

Strategies for Health Care Compliance, October 2009

  • Strategies for Health Care Compliance, Issue 10, October 1, 2009

    In this issue of SHCC, you’ll learn the real cost of a privacy breach. You’ll find out...

Tip: Build trust with the Notice of Privacy Practices

  • Compliance Monitor, Issue 38, September 23, 2009

    Noncompliance with HIPAA regulations can result in several steep penalties. Misuse of patient...

Q&A: Breach notification, summer help, HIPAA compliance

  • Strategies for Health Care Compliance, Issue 9, September 1, 2009

    Learn the answer to this and other challenging HIPAA compliance questions from your colleagues.

Create a culture of HIPAA compliance

  • Strategies for Health Care Compliance, Issue 9, September 1, 2009

    HIPAA may not be fun to teach, learn, or execute because of its complexity, but it needn’t be...

Strategies for Health Care Compliance, September 2009

  • Strategies for Health Care Compliance, Issue 9, September 1, 2009

    In this issue of Strategies for Health Care Compliance, we’ll take a look at unnecessary...

Q&A: Documenting HIPAA compliance

  • Compliance Monitor, Issue 33, August 19, 2009

    Q: What auditing and documentation is necessary to demonstrate HIPAA compliance?

Q&A: Notifying patients after a faxing mistake

  • Compliance Monitor, Issue 31, August 5, 2009

    Q: A secretary in our pathology department faxed a report to a physician’s office. After...

HIPAA Security Rule enforcement now falls under Civil Rights office

  • Compliance Monitor, Issue 31, August 5, 2009

    By Dom Nicastro, for HealthLeaders Media   The secretary of HHS shifted enforcement of the...

Major privacy breaches: How to respond to their unique challenges

  • Strategies for Health Care Compliance, Issue 8, August 1, 2009

    the government, via the Health Information Technology for Economic and Clinical Health (HITECH...

Q&A: Amendments to records generated prior to April 2003

  • Compliance Monitor, Issue 29, July 22, 2009

    Q: I’ve been receiving requests for amendments resulting from records generated prior to...

Compliance update: FTC moves Red Flags Rule compliance deadline to August 1

  • Strategies for Health Care Compliance, Issue 7, July 1, 2009

    The FTC announced in early May that it has delayed enforcement of the rule. This delay will give...

Risk and reward: Assess vulnerabilities now; avoid breaches later

  • Strategies for Health Care Compliance, Issue 7, July 1, 2009

    Risk assessment is an important and necessary task for every ¬organization. It can mean the...

Strategies for Health Care Compliance, July 2009

  • Strategies for Health Care Compliance, Issue 7, July 1, 2009

    This month in Strategies for Health Care Compliance, we’ll take a look at some of the issues...

Transmittals and MLN Matters articles: CMS re-issues OPPS update, released MLN Matters article for never events NCDs, and more

  • Medicare Insider, Issue 27, June 30, 2009

    On June 26, CMS instructed contractors to make system changes required for implementation of the...

Q&A: How would you construct a letter to inform patients about stolen PHI?

  • Compliance Monitor, Issue 25, June 24, 2009

    Q: How would you construct a letter to inform patients about stolen Protected Health Information?

Q&A: HIPAA and cell phones

  • Compliance Monitor, Issue 23, June 10, 2009

    Q: I keep hearing rumors that the Department of Health and Human Services (HHS) will modify HIPAA...

HIPAA takes priority

  • Mammography Regulation and Reimbursement Report, Issue 5, May 1, 2009

    Facilities should begin to bolster their HIPAA policies and procedures and training programs in...

Hospital employee lost patient information on a subway train

  • Compliance Monitor, Issue 12, March 25, 2009

    A Massachusetts General Hospital employee left paperwork that contained protected health...

Tip: Retain patient emails

  • Compliance Monitor, Issue 8, February 25, 2009

    HIPAA requires covered entities to manage electronic protected health information , including that...

Q&A: Releasing a former inmate's medical record

  • Compliance Monitor, Issue 3, January 21, 2009

    Q: We treat many patients who come from a state prison. When these patients come to our facility...

Featured Audit Plan: HIPAA privacy and security compliance assurance plan

  • Healthcare Auditing Weekly, Issue 2, January 13, 2009

    Looking for a particular audit plan that may help make your job easier? Turn to the “Audit...

Q&A: Police tips

  • Compliance Monitor, Issue 1, January 7, 2009

    Q: Say a police officer provided the name of a woman with a drug problem to a facility as a heads...

Q&A: Overhead paging

  • Compliance Monitor, Issue 91, December 24, 2008

    Q: Is overhead paging of a patient by name back to a clinic or hospital area a HIPAA violation?

Employees fired after snooping in news anchor's medical records

  • Healthcare Auditing Weekly, Issue 47, December 16, 2008

    An Arkansas hospital fired six employees in October for illegally accessing patient medical records.

OIG calls CMS out for lack of action in HIPAA enforcement

  • Healthcare Auditing Weekly, Issue 41, November 4, 2008

    The OIG blasted CMS for its limited enforcement of the Health Insurance Portability and...

Tip: Review your procedures for access patient information in an emergency

  • Healthcare Auditing Weekly, Issue 41, November 4, 2008

    Tip: Review your procedures for access patient information in an emergency

Other Issuances: OIG issues review of HIPAA security enforcement, reports on high-dollar payments

  • Medicare Insider, Issue 44, November 4, 2008

    On October 30, the OIG issued a review of CMS’ oversight of the HIPAA security rule. The OIG...

MLN Matters articles: CMS issues articles on lab NCD edits, FY 2009 IPPS changes

  • Medicare Insider, Issue 41, October 14, 2008

    CMS released two MLN Matters articles last week related to transmittals previously announced in...

Transmittals and MLN Matters articles: CMS issues OPPS, NCCI updates, and more

  • Medicare Insider, Issue 38, September 23, 2008

    On September 19, CMS released the fourth quarter update to the NCCI edits.

Regulations: HHS publishes ICD-10, HIPAA transactions proposed rules, and more

  • Medicare Insider, Issue 35, September 3, 2008

    On August 22, HHS published the ICD-10 proposed rule in the Federal Register. As reported in the...