Health Information Management

Health Information Management Articles by Topic: HIPAA

OCR issues breach and compliance reports to Congress

  • HIM-HIPAA Insider, Issue 25, June 30, 2014

    OCR recently sent two annual reports to Congress that summarize 2011–2012 HIPAA breach and...

Concentra in hot water over HIPAA breach--again

  • HIM-HIPAA Insider, Issue 23, June 16, 2014

    Just months after HHS announced it entered into a $1.7 million resolution agreement with Concentra...

Puerto Rico-based health insurer fined $6.8 million for HIPAA breach

  • HIM-HIPAA Insider, Issue 9, March 3, 2014

    The Puerto Rico Health Insurance Administration (ASES, by its acronym in Spanish) recently imposed...

Ten misconceptions about HIPAA privacy and security rules

  • HIM-HIPAA Insider, Issue 42, October 28, 2013

    With most of the provisions of the HIPAA omnibus rule now in effect, it is important for you to...

Investigation reveals Veterans Administration privacy breaches

  • HIM-HIPAA Insider, Issue 41, October 21, 2013

    Normal 0 false false false EN-US X-NONE X-NONE...

OCR and ONC release model notices of privacy practices

  • HIM-HIPAA Insider, Issue 35, September 23, 2013

    Normal 0 false false false EN-US X-NONE X-NONE...

CMS requests emergency review of HIE breach reporting proposed rule

  • HIM-HIPAA Insider, Issue 32, August 26, 2013

    Normal 0 false false false EN-US X-NONE X-NONE...

Florida health system faces class-action HIPAA suit

  • HIM-HIPAA Insider, Issue 15, April 22, 2013

    Former hospital patient Richard Faircloth fileda class action lawsuit against hospital owner...

Tip: Take steps to comply with HIPAA Omnibus rule

  • HIM-HIPAA Insider, Issue 15, April 22, 2013

    Organizations have until September 23 to get into compliance with the new HIPAA Omnibus rule...

Provider gets 12 years in prison for $10 million Medicare fraud and HIPAA identity theft

  • HIM-HIPAA Insider, Issue 13, April 15, 2013

    The U.S. Attorney’s office in Eastern New York announced April 10 that an owner and officer...

Three security tips to help safeguard PHI

  • HIM-HIPAA Insider, Issue 13, April 15, 2013

    Many healthcare organizations face the challenge of protecting patient records and reducing the...

Lawsuit claims IRS stole 60 million medical records

  • HIM-HIPAA Insider, Issue 12, April 8, 2013

    IRS agents stole 10 million people’s medical records without a warrant – including...

HIPAA Q&A

  • HIM-HIPAA Insider, Issue 11, April 1, 2013

    Do medical supply companies need to have Business Associate Agreements with each facility from...

OCR surveying HIPAA-audited entities about experience

  • HIM-HIPAA Insider, Issue 11, April 1, 2013

    The OCR is taking an interest in how covered entities fare in their HIPAA audits by conducting...

HIPAA Q&A

  • HIM-HIPAA Insider, Issue 10, March 25, 2013

    As a Medicare beneficiary, do you have the right to access the UB-04 form that a hospital submits...

HIPAA/HITECH Omnibus Final Rule: Stay Compliant With 2013 Changes

  • HIM-HIPAA Insider, Issue 9, March 18, 2013

    On Wednesday May 8, join HCPro for an informative audio conference that will help listeners...

Phone company introduces secure medical record exchange

  • HIM-HIPAA Insider, Issue 9, March 18, 2013

    Verizon Communications Inc. (VZ) will introduce the first national service enabling physicians to...

HIPAA Q&A

  • HIM-HIPAA Insider, Issue 9, March 17, 2013

    Chris Apgar, CISSP, CEO and president of Apgar & Associates, LLC answers your HIPAA questions...

Don’t let inadequate security be your downfall

  • HIM-HIPAA Insider, Issue 10, September 10, 2012

    Because staff can move, process, and share patient data on personal cell phones and tiny USB flash...

Texas in early stages of new medical privacy law

  • HIM-HIPAA Insider, Issue 10, September 10, 2012

    The Lone Star state is cracking down on privacy. Texas House Bill 300 went into effect September 1...

Physicians' social network gets $17 million boost

  • HIM-HIPAA Insider, Issue 10, September 10, 2012

    A venture capitalist September 5 with help of some existing investors contributed $17 million to...

Healthcare News: CMS adopts HIPAA unique health plan identifier

  • JustCoding News: Outpatient, Issue 36, September 5, 2012

    Providers will now soon need only one unique health plan identifier when billing insurance...

ICD-10 two-year game plan

  • HIM-HIPAA Insider, Issue 9, August 31, 2012

    HIM professionals have undoubtedly come across action verbs like these since HHS announced on...

HIPAA violations could land medical supplier jail time

  • HIM-HIPAA Insider, Issue 8, August 28, 2012

    A New York medical supplier could go to jail for 10 years for wrongfully disclosing private patient...

Education and training are essential components

  • HIM-HIPAA Insider, Issue 8, August 28, 2012

    Education is giving people the knowledge they need. Training helps them develop the skills that...

Stanford University Medical Center reports stolen computer containing patient information

  • HIM-HIPAA Insider, Issue 7, August 20, 2012

    Stanford University Medical Center has reported a computer containing medical and personal...

Q&A: Access to healthcare information pertaining to a deceased patient

  • HIM-HIPAA Insider, Issue 7, August 20, 2012

    Q: How may an individual obtain access to health records after a patient dies? More specifically...

OCR audits reveal several organizations are failing in HIPAA compliance

  • HIM-HIPAA Insider, Issue 7, August 20, 2012

    Too many healthcare organizations are receiving failing grades for HIPAA compliance, an analysis of...

Boston hospital notifying patients of potential computer data breach

  • HIM-HIPAA Insider, Issue 6, August 13, 2012

    Nearly 4,000 patients’ PHI may have been compromised when a physician’s personal laptop...

Q&A: Releasing information on past services when a patient reaches the age of majority

  • HIM-HIPAA Insider, Issue 6, August 13, 2012

    Q: Can you tell me whether the parent of a patient now over 18 years of age may receive information...

Know where patient information goes: Map the flow of your PHI

  • HIM-HIPAA Insider, Issue 6, August 13, 2012

    If you don't know where all of your PHI is, how can you ensure that you protect it? Linda Sanches...

Hartford hospital: Unencrypted stolen laptop included PHI of 9,500 patients

  • HIM-HIPAA Insider, Issue 5, August 6, 2012

    A third-party subcontractor handling health records of a hospital and home health provider is...

Q&A: Record copies requested from out-of-state parties

  • HIM-HIPAA Insider, Issue 5, August 6, 2012

    Q: We often receive requests from out-of-state ¬attorneys who want us to bill for copies of...

Is California harmonizing privacy laws - or softening them?

  • HIM-HIPAA Insider, Issue 4, July 30, 2012

    Is one of the toughest states for privacy laws softening? Some may say that about...

Secure mobile devices, portable media, and text messages

  • HIM-HIPAA Insider, Issue 4, July 30, 2012

    If HIM professionals needed another reason to be concerned with protected health information (PHI...

OCR posts 17 large HIPAA breaches over past week

  • HIM-HIPAA Insider, Issue 3, July 23, 2012

    The HIPAA privacy and security enforcer has posted 17 breaches affecting 500 or more individuals...

Q&A: HIPAA privacy and deceased patients

  • HIM-HIPAA Insider, Issue 3, July 23, 2012

    Q: Our development office would like a list of deceased patients so it can take these patients off...

What you might not know about OCR HIPAA audits

  • HIM-HIPAA Insider, Issue 3, July 23, 2012

    Elizabeth H. Johnson, Esq., has been keeping an ear close to the ground with respect to ongoing OCR...

OCR releases audit protocol

  • HIM-HIPAA Insider, Issue 2, July 16, 2012

    Want to know what the OCR audits will look like? OCR has let us know.

When it comes to privacy and security, begin with code of conduct, policies, and procedures

  • HIM-HIPAA Insider, Issue 2, July 16, 2012

    Healthcare organizations face increasingly complex privacy and security issues as they cope with...

Alaska's Medicaid to pay $1.7 million for HIPAA violations; second largest settlement to date

  • HIM-HIPAA Insider, Issue 1, July 9, 2012

    Alaska’s Medicaid program has agreed to pay OCR $1.7 million over potential HIPAA Security...

GAO: OCR behind in issuing guidance, lacks future plan for HITECH audits

  • HIM-HIPAA Insider, Issue 1, July 9, 2012

    OCR is behind on issuing required guidance and implementing required oversight capabilities for...

EHR security: It’s everyone’s battle

  • HIM-HIPAA Insider, Issue 1, July 9, 2012

    EHR security-that's an IT thing, right? Sure it is. But is it just an IT thing? Far from it, says...

Notice: Changes to HIM Connection

  • HIM-HIPAA Insider, Issue 27, July 3, 2012

    Thank you for being a loyal HIM Connection subscriber. We wanted to let you know about some changes...

Notice: Changes to HIM Connection

  • HIM-HIPAA Insider, Issue 26, June 26, 2012

    Thank you for being a loyal HIM Connection subscriber. We wanted to let you know about some changes...

Q&A: HIPAA security password problems

  • HIM-HIPAA Insider, Issue 26, June 26, 2012

    Q: Some of our nurses have confessed to me that ¬because we have so many systems and passwords...

OCR director releases 'right to access' memo

  • HIM-HIPAA Insider, Issue 25, June 19, 2012

    OCR’s director released a memorandum May 31 highlighting the importance of a patient’s...

Q&A: Privacy for patients with HIV who are in continuing care

  • HIM-HIPAA Insider, Issue 25, June 19, 2012

    Q: Do caregivers employed by a continuing care retirement community (CCRC) have the right to know...

ONC says HIPAA mega rule out by end of summer

  • HIM-HIPAA Insider, Issue 24, June 12, 2012

    The national coordinator for health information technology says the HIPAA mega rule including...

Privacy, security concerns high in HIEs

  • HIM-HIPAA Insider, Issue 24, June 12, 2012

    At the hospital, instead of filling out multiple forms, the attending physician logs on to a...

HIPAA training materials for state attorneys general now available online

  • HIM-HIPAA Insider, Issue 21, June 11, 2012

    The Office for Civil Rights (OCR) has released its HIPAA enforcement training material developed...

Get your HIPAA privacy program in compliance

  • HIM-HIPAA Insider, Issue 21, June 11, 2012

    If you are a HIPAA privacy officer, it might be looking pretty scary out there, said Adam Greene...

HIPAA Q&A: Level of encryption needed for email

  • HIM-HIPAA Insider, Issue 21, June 11, 2012

    Q. Please explain in an understandable way for nontechnical individuals the necessary level of...

Medical center loses laptop containing ICU patient health information

  • HIM-HIPAA Insider, Issue 23, June 5, 2012

    A laptop containing patient information was reported missing from a local physician office in...

Medical center loses laptop containing ICU patient health information

  • HIM-HIPAA Insider, Issue 20, June 4, 2012

    A laptop containing patient information was reported missing from a local physician office in...

Yes...It's okay to start purging

  • HIM-HIPAA Insider, Issue 20, June 4, 2012

    For a number of reasons, folks seem to be hesitant to purge hard-copy records that are greater than...

Privacy, security concerns high in HIEs

  • HIM-HIPAA Insider, Issue 20, June 4, 2012

    A Boston resident is at a New York Yankees game in the Bronx cheering on his beloved Boston Red...

HIPAA Q&A: HIPAA-mandated software?

  • HIM-HIPAA Insider, Issue 20, June 4, 2012

    Q: A physician is converting from paper charts to an electronic health record (EHR) that is...

Privacy, security concerns high in HIEs

  • HIM-HIPAA Insider, Issue 22, May 29, 2012

    A Boston resident is at a New York Yankees game in the Bronx cheering on his beloved Boston Red...

MA hospital to pay $750,000 to settle data breach allegations

  • HIM-HIPAA Insider, Issue 19, May 28, 2012

    A Massachusetts hospital will pay the state $750,000 in a settlement following a breach of PHI that...

MA hospital worker fired for stealing patient information

  • HIM-HIPAA Insider, Issue 19, May 28, 2012

    A Massachusetts Eye and Ear Infirmary employee did not want to pay her electric bill. So she turned...

Are your workforce members texting PHI?

  • HIM-HIPAA Insider, Issue 19, May 28, 2012

    Belinda Setters, MD, knew she was possibly violating HIPAA regulations. But she had no intention of...

OCR begins HIPAA compliance audits

  • HIM-HIPAA Insider, Issue 18, May 21, 2012

    Mac McMillan, CISSM, has an insider’s look at what it’s like to undergo a HIPAA...

HIPAA conviction stands for former UCLA Healthcare researcher

  • HIM-HIPAA Insider, Issue 18, May 21, 2012

    A HIPAA conviction stands for UCLA Healthcare System researcher Huping Zhou, according to a May 16...

The many days of HIPAA compliance

  • HIM-HIPAA Insider, Issue 18, May 21, 2012

    HIPAA in 2011. Those 365 days were more about bad headlines for organizations. In 2012, we want to...

HIPAA Q&A: TPO disclosures to a business associate

  • HIM-HIPAA Insider, Issue 18, May 21, 2012

    Q. During a recent webinar, a presenter indicated disclosure of PHI to business associates needed...

Manage EHR access and audit controls

  • HIM-HIPAA Insider, Issue 19, May 8, 2012

    HIPAA requires covered entities (CEs) to implement technical policies and procedures for...

Q&A: Encryption levels

  • HIM-HIPAA Insider, Issue 16, April 17, 2012

    Q. Can you please explain in an understandable way for nontechnical individuals what level of...

Data breach in Utah compromises thousands of Medicaid claims

  • HIM-HIPAA Insider, Issue 15, April 10, 2012

    The Utah Department of Technology Services (DTS) reported March 30 a patient information breach...

Data breach in Utah compromises thousands of Medicaid claims

  • HIM-HIPAA Insider, Issue 14, April 9, 2012

    The Utah Department of Technology Services (DTS) reported March 30 a patient information breach...

HIPAA/HITECH final rules in the hands of the Office of Management & Budget

  • HIM-HIPAA Insider, Issue 14, April 3, 2012

    OCR took the final step before publishing final rules on HIPAA/HITECH, sending its rules to the...

Q&A: Using patient PHI in work force disciplinary procedures

  • HIM-HIPAA Insider, Issue 14, April 3, 2012

    Q. A covered entity is required to impose sanctions against workforce members who violate the...

HIPAA Q&A: Encryption levels, disclosures to BA, employee sanctions

  • Briefings on HIPAA, Issue 4, April 1, 2012

    Q. Please explain in an understandable way for nontechnical individuals what level of encryption is...

Hospital undergoes one of first OCR trial audits

  • Briefings on HIPAA, Issue 4, April 1, 2012

    Mac McMillan, CISSM, has an insider’s look at what it’s like to undergo a HIPAA...

Product watch: Data availability with some caveats

  • Briefings on HIPAA, Issue 4, April 1, 2012

    All covered entities (CE) face the question, “Will the data be there when I need it?”

Q&A: HIPAA privacy and HIV information

  • HIM-HIPAA Insider, Issue 13, March 27, 2012

    Q: Must we keep HIV information separately in the medical record?

Stolen laptop at university includes PHI of more than 500 patients

  • HIM-HIPAA Insider, Issue 12, March 26, 2012

    A laptop stolen from a nurse practitioner in Georgia may compromise the personal information of...

CMS publishes guidance on record confidentiality

  • HIM-HIPAA Insider, Issue 12, March 26, 2012

    CMS recently issued further guidance on patient rights to privacy and medical record...

HIPAA Update hot posts

  • HIM-HIPAA Insider, Issue 12, March 26, 2012

    Check out the posts on HIPAA Update that have attracted the most views in the past 30 days, and...

HIPAA Q&A: De-identifying pill bottles

  • HIM-HIPAA Insider, Issue 12, March 26, 2012

    Q. Some of the medications we receive for our assisted living residents are in blister packs...

CMS delays HIPAA Version 5010 enforcement date--again

  • HIM-HIPAA Insider, Issue 12, March 20, 2012

    CMS announced March 15 that it will not enforce the January 1, 2012 HIPAA Version 5010 compliance...

Blue Cross Blue Shield of Tennessee reaches $1.5 million settlement over HIPAA breach

  • HIM-HIPAA Insider, Issue 12, March 20, 2012

    HIPAA compliance 101—policies, training, monitoring, and risk assessments—may have...

HIPAA Q&A: Notice of Privacy Practices

  • HIM-HIPAA Insider, Issue 11, March 19, 2012

    Q. Is there a need to keep the acknowledgment form when we provide a Notice of Privacy Practices...

Experts: Lack of HIPAA basics cost BCBST $18.5 million

  • HIM-HIPAA Insider, Issue 11, March 19, 2012

    HIPAA compliance 101—policies, training, monitoring, and risk assessments—might have...

Q&A with OCR: We investigate all 500-plus HIPAA breaches

  • HIM-HIPAA Insider, Issue 11, March 19, 2012

    Were it not for the HITECH requirement to report 500-plus breaches to OCR/media, is there a chance...

Manage privacy, security, and mobile devices. Really.

  • HIM-HIPAA Insider, Issue 11, March 13, 2012

    Mobile devices are here to stay-so now you have to manage the risks. "Hang on a minute,"...

Stage 2 won't increase HIPAA requirements

  • Briefings on HIPAA, Issue 4, March 9, 2012

    If your healthcare organization hasn’t yet completed a security risk analysis, you just got...

Respond effectively to data breaches

  • HIM-HIPAA Insider, Issue 10, March 6, 2012

    How your organization responds when breaches happen can make all the difference. If a breach...

Q&A: HIM director access to colleague's medical records

  • HIM-HIPAA Insider, Issue 10, March 6, 2012

    Q: Is it permissible for the HIM director to access the medical records of a colleague who is...

Latest study shows major increase in data breaches

  • HIM-HIPAA Insider, Issue 9, February 28, 2012

    If you thought the healthcare industry was doing a better job protecting patients' PHI, think...

Q&A: Attorney requests and authorization expiration

  • HIM-HIPAA Insider, Issue 52, December 23, 2011

    Q. A patient signed an authorization form eight months ago, and her attorney is now submitting it...

Final rule updating MLR to factor in ICD-10 conversion costs

  • HIM-HIPAA Insider, Issue 52, December 23, 2011

    CMS released a final rule to address the medical loss ratio (MLR) by including provisions for...

CMS alerts providers about HIPAA 5010 transition

  • HIM-HIPAA Insider, Issue 50, December 13, 2011

    On December 1, CMS posted a Special Edition MLN Matters article alerting providers that...

Q&A: Therapy patients that receive phone calls during appointments

  • HIM-HIPAA Insider, Issue 48, November 29, 2011

    Q: I need advice for two scenarios in our small outpatient physical therapy clinic. First, what is...

Sutter Health breach includes medical diagnoses

  • HIM-HIPAA Insider, Issue 48, November 29, 2011

    On November 16, Sutter Health in Sacramento, CA, reported on its website the theft of an...

Six best practices to survive increased enforcement

  • HIM-HIPAA Insider, Issue 47, November 22, 2011

    Before HITECH, covered entities (CE) could pretty much say the government was all bark and no bite...

CMS delays HIPAA 5010 enforcement

  • HIM-HIPAA Insider, Issue 47, November 22, 2011

    CMS’ Office of E-Health Standards and Services (OESS) won’t enforce compliance with the...

OCR officially launches privacy, security audits

  • HIM-HIPAA Insider, Issue 46, November 15, 2011

    The Office for Civil Rights (OCR) formally released its plans for HITECH-required HIPAA privacy and...

Q&A: Is a written warning for a HIPAA violation considered retaliation?

  • HIM-HIPAA Insider, Issue 46, November 15, 2011

    Q: We have a nurse who has twice mailed test results to the wrong patient. Both times the nurse...

Understand the proposed regulation requires HIPAA-covered labs to release test results directly to patients

  • HIM-HIPAA Insider, Issue 46, November 15, 2011

    Patients may have easier access to laboratory results under an HHS proposed rule, "CLIA...

Look to the past for a hint of what's ahead with HIPAA audits

  • HIM-HIPAA Insider, Issue 45, November 8, 2011

    With potential audits looming, smart healthcare organizations should waste no time ensuring HIPAA...

Q&A: Does a faxing error need to be included in an accounting of disclosures?

  • HIM-HIPAA Insider, Issue 43, October 25, 2011

    Q: A fax containing protected health information (PHI) is sent to an incorrect fax number. Did the...

OIG releases HIPAA compliance target areas

  • HIM-HIPAA Insider, Issue 42, October 18, 2011

    The Office of Inspector General (OIG) plans to focus on HIPAA compliance reviews of security...

Q&A: Release of information authorization forms

  • HIM-HIPAA Insider, Issue 42, October 18, 2011

    Q: A patient signed an authorization form in February permitting release of personal health...

Coming soon in MRB

  • HIM-HIPAA Insider, Issue 42, October 18, 2011

    In the November issue of MRB, you’ll find articles on the following topics!

The four steps of HIPAA policy creation

  • HIM-HIPAA Insider, Issue 41, October 11, 2011

    HIPAA policy creation is ultimately a four-step process, says Phyllis A. Patrick, MBA, FACHE, CHC...

Q&A: Physicians and patient privacy

  • HIM-HIPAA Insider, Issue 40, October 4, 2011

    Q: One of the physicians in our practice frequently speaks about patients in the hallway and even...

Take steps to minimize the security risk for wireless devices

  • HIM-HIPAA Insider, Issue 40, October 4, 2011

    Healthcare organizations can protect sensitive patient data in a variety of ways as increasing...

HHS announces new lab/HIPAA rules, new OCR director

  • HIM-HIPAA Insider, Issue 39, September 27, 2011

    Patients may have easier access to lab results under a proposed rule announced by HHS Secretary...

Prepare for a HIPAA audit

  • HIM-HIPAA Insider, Issue 39, September 27, 2011

    How can organizations begin to prepare for a possible HIPAA audit? Recognize that it's all about...

Q&A: Are colleges sending students to our facility for rotations business associates?

  • HIM-HIPAA Insider, Issue 38, September 20, 2011

    Q: Should we obtain business associate agreements with colleges that send students to our hospital...

OCR submits HITECH HIPAA reports to Congress

  • HIM-HIPAA Insider, Issue 37, September 13, 2011

    HHS submitted two reports to Congress as required by the HITECH Act—one on breaches of HIPAA...

Q&A: Are poison control agencies covered entities?

  • HIM-HIPAA Insider, Issue 37, September 13, 2011

    Q: Are poison control agencies considered healthcare providers? Their staff members usually make...

Q&A: HIPAA and discarded PHI found on-site

  • HIM-HIPAA Insider, Issue 36, September 6, 2011

    Q: As a hospital employee, I found a patient wristband on the sidewalk outside the emergency...

Understand the difference between an accounting of disclosures and an access report

  • HIM-HIPAA Insider, Issue 35, August 30, 2011

    The long-awaited notice of proposed rulemaking (NPRM) required by HITECH for accounting of...

Conduct a global HIPAA policy review

  • HIM-HIPAA Insider, Issue 34, August 23, 2011

    If you're looking for a reason to review your organization's policies and procedures, look no...

HIPAA disclosure rule comments highlight provider opposition

  • HIM-HIPAA Insider, Issue 33, August 16, 2011

    The proposed HIPAA privacy disclosures rule would be an administrative and financial burden for...

Q&A: Accounting of disclosures

  • HIM-HIPAA Insider, Issue 33, August 16, 2011

    Q: Must a covered entity (CE) provide an accounting of the following disclosures? A CE...

Coming soon in MRB

  • HIM-HIPAA Insider, Issue 33, August 16, 2011

    In the September issue of MRB, you’ll find articles on the following topics!

Use social media cautiously: Tips to help prevent PHI breaches

  • HIM-HIPAA Insider, Issue 32, August 9, 2011

    Healthcare organizations can protect themselves from PHI breaches associated with the use of social...

Make sense of the accounting of disclosures proposed rule

  • HIM-HIPAA Insider, Issue 32, August 9, 2011

    HHS has released the long-awaited notice of proposed rulemaking (NPRM) on the changes to the HIPAA...

AHIMA says HIPAA access report requirement is a 'significant burden'

  • HIM-HIPAA Insider, Issue 31, August 2, 2011

    The proposed new right for patients to request information on who accessed their health record...

Q&A: Can staff access their own PHI?

  • HIM-HIPAA Insider, Issue 31, August 2, 2011

    Q: Is it permissible to allow hospital employees who have been granted access to PHI through the...

UCLA Health System settles HIPAA violations for $865,500

  • HIM-HIPAA Insider, Issue 30, July 26, 2011

    HHS entered into its third largest settlement for potential HIPAA privacy and security rule...

Q&A: Are staffing agencies business associates?

  • HIM-HIPAA Insider, Issue 30, July 26, 2011

    Q: If a covered entity needs to contract with a staffing agency to provide temporary staff (e.g...

Q&A: 'Friending' patients on Facebook

  • HIM-HIPAA Insider, Issue 29, July 19, 2011

    Q: One of our nurses has “friended” one of our patients on Facebook. Is this allowed?

Best practices to ensure appropriate patient access to their medical records and PHI

  • HIM-HIPAA Insider, Issue 29, July 19, 2011

    Lou Ann Wiedemann, MS, RHIA, FAHIMA, CPEHR, director of professional practice resources at AHIMA in...

Coming soon in MRB!

  • HIM-HIPAA Insider, Issue 29, July 19, 2011

    In the August issue of MRB, you’ll find articles on the following articles and more.

The top five gaps in HIPAA compliance

  • HIM-HIPAA Insider, Issue 28, July 12, 2011

    When Raj Chaudhary, MS, PE, CGEIT, goes into hospitals, he typically finds five HIPAA privacy and...

Q&A: Requests for copies of lab reports

  • HIM-HIPAA Insider, Issue 27, July 5, 2011

    Q: After meeting with physicians to review lab reports, patients often request a copy of their...

Keep EHR security in mind

  • HIM-HIPAA Insider, Issue 26, June 28, 2011

    Don’t forget about protecting security when moving to an EHR. “Electronic health...

Encryption: It's a no-brainer

  • HIM-HIPAA Insider, Issue 25, June 21, 2011

    Encryption is a very simple solution that can help healthcare organizations avoid some of the major...

Coming soon in MRB!

  • HIM-HIPAA Insider, Issue 25, June 21, 2011

    In the July issue of MRB, you’ll find articles on the following articles and more!

Q&A: Surgery schedule posting vs. HIPAA privacy

  • HIM-HIPAA Insider, Issue 24, June 14, 2011

    Q: Posting the surgery schedule has been a recent topic of discussion at our hospital. Who should...

HITECH accounting of disclosures proposed rule released

  • HIM-HIPAA Insider, Issue 23, June 7, 2011

    On May 27 HHS released a display copy of the Accounting of Disclosures proposed rule as required by...

Q&A: Notice of Privacy Practices changes

  • HIM-HIPAA Insider, Issue 23, June 7, 2011

    Q: We were very familiar with Notice of Privacy Practices (NPP) requirements before the enactment...

Q&A: BA contract amendments, HITECH requirements, and indemnification clauses

  • HIM-HIPAA Insider, Issue 22, May 31, 2011

    Q: A covered entity encounters difficulty when executing updated business associate contracts...

HHS publishes HITECH accounting of disclosures proposed rule

  • HIM-HIPAA Insider, Issue 22, May 30, 2011

    The rule will ultimately lay the foundation for what healthcare providers will be accountable for...

OIG reports cite weakness in OCR and ONC efforts to protect ePHI

  • HIM-HIPAA Insider, Issue 21, May 24, 2011

    The Office of the Inspector General released two reports May 17 questioning the efforts of the...

A winning game plan if OCR launches an investigation

  • HIM-HIPAA Insider, Issue 21, May 24, 2011

    Healthcare organizations can learn some important lessons from Cignet Health about how not to...

CMS holds HIPAA 5010 National Testing Day

  • HIM-HIPAA Insider, Issue 20, May 17, 2011

    With the January 1, 2012 HIPAA version 5010 compliance deadline approaching quickly, CMS and the...

Coming soon in MRB!

  • HIM-HIPAA Insider, Issue 20, May 17, 2011

    In the June issue of MRB, you’ll find articles on the following articles and more!

Understand how HIPAA and meaningful use could collide

  • HIM-HIPAA Insider, Issue 19, May 10, 2011

    One possible fallout from an Office for Civil Rights (OCR) increasing HIPAA enforcement action is...

Q&A: PHI faxed to the incorrect phone number

  • HIM-HIPAA Insider, Issue 18, May 3, 2011

    Q: A private individual notified a clinic that he has been receiving faxed protected health...

Create a policy for sharing patient information with law enforcement

  • HIM-HIPAA Insider, Issue 16, April 19, 2011

    Law enforcement officials must follow an established process to acquire information about patients...

Coming soon in MRB

  • HIM-HIPAA Insider, Issue 16, April 19, 2011

    In the May issue of MRB, you’ll find articles on the following topics and more!

As patients get more savvy, address privacy concerns

  • HIM-HIPAA Insider, Issue 15, April 12, 2011

    Here's one trend industry observers say healthcare organizations can expect to see now and in the...

HITECH promises, but does it deliver?

  • HIM-HIPAA Insider, Issue 13, March 29, 2011

    With newfound authority, some state attorneys general (AG) are beginning to take aim at covered...

HIPAA enforcement actions take center stage as breaches, violations, and penalties pile up

  • HIM-HIPAA Insider, Issue 12, March 22, 2011

    HIPAA enforcement actions have been all over the news in the last month. It began with the Office...

Q&A: Privacy of minors with documented substance abuse

  • HIM-HIPAA Insider, Issue 12, March 22, 2011

    Q: A 16-year-old patient has admitted to extensive substance abuse, which is documented in his...

Tips to help ensure HIPAA compliance

  • HIM-HIPAA Insider, Issue 11, March 15, 2011

    As healthcare organizations look to the future, they should focus on ensuring HIPAA compliance...

Coming soon in MRB

  • HIM-HIPAA Insider, Issue 11, March 15, 2011

    In the April issue of MRB, you’ll find articles on the following topics and more!

First civil money penalty for HIPAA Privacy Rule violations

  • HIM-HIPAA Insider, Issue 10, March 8, 2011

    The Office for Civil Rights (OCR), HIPAA privacy and security enforcer, issued its first civil...

Q&A: Privacy and surgery observation

  • HIM-HIPAA Insider, Issue 10, March 8, 2011

    Q. What are the requirements for observing surgery? The observer is neither an employee, family...

Q&A: Is discussing the health of nonpatient relatives a HIPAA violation?

  • HIM-HIPAA Insider, Issue 9, March 1, 2011

    Q. I work in patient financial services at a hospital. Like me, several of my coworkers have aging...

Focus on people to address security concerns

  • HIM-HIPAA Insider, Issue 8, February 22, 2011

    End users—the people in your organization who handle protected health information...

Q&A: What information needs to be compromised to constitute a HIPAA breach?

  • HIM-HIPAA Insider, Issue 7, February 15, 2011

    Q. The Code of Federal Regulations, specifically 45 CFR 160.103, defines protected health...

Coming soon in MRB

  • HIM-HIPAA Insider, Issue 7, February 15, 2011

    In the March issue of MRB, you’ll find articles on the following topics and more!

Your training checkup: How to comply with ongoing HIPAA workforce training requirements

  • HIM-HIPAA Insider, Issue 6, February 8, 2011

    In a November 2010 benchmark study by the Ponemon Institute, 49% of 65 respondents identified lack...

Q&A: Next of kin breach notification

  • HIM-HIPAA Insider, Issue 5, February 1, 2011

    Q. A covered entity received a business associate contract that included breach notification...

Q&A: Consider privacy when leaving preadmission voice mail messages

  • HIM-HIPAA Insider, Issue 4, January 25, 2011

    Q: May a preadmission nurse leave messages (e.g., “This is a reminder that your surgery is...

New Year's resolutions for HIM directors and privacy officers

  • HIM-HIPAA Insider, Issue 3, January 18, 2011

    HIM directors and privacy officers should consider making the following HIPAA-related New...

Q&A: Kaizen events and patient privacy

  • HIM-HIPAA Insider, Issue 2, January 11, 2011

    Q: During a Kaizen event involving mental healthcare, how can we invite public members of the...

Tip: Address inadequate HIPAA Security Rule-required policies and procedures

  • CDI Strategies, Issue 1, January 6, 2011

    CMS detailed seven shortcomings, including old and inadequate policies and procedures, in its 2009...

Q&A: HIPAA and nurse intake and output sheets

  • HIM-HIPAA Insider, Issue 1, January 4, 2011

    Q: Our nursing staff continues to tape patient intake and output sheets outside of patient rooms in...

Keep tabs on digital cameras

  • HIM-HIPAA Insider, Issue 51, December 28, 2010

    You worry about laptop computers and other portable devices being stolen. But what about digital...

Q&A: Releasing records to APS

  • HIM-HIPAA Insider, Issue 50, December 21, 2010

    Q. When is Adult Protective Services (APS) entitled to copies of a patient’s medical record...

Coming soon in Medical Records Briefing

  • HIM-HIPAA Insider, Issue 50, December 21, 2010

    In the January issue of MRB, you’ll find articles on the following topics and more!

Q&A: Keeping NPP receipt acknowledgments

  • HIM-HIPAA Insider, Issue 49, December 14, 2010

    Q. Do we need to keep the acknowledgment form when we provide a Notice of Privacy Practices (NPP...

Q&A: Releasing records to an insurance company

  • HIM-HIPAA Insider, Issue 48, December 7, 2010

    Q. An insurance company is requesting copies of medical records to review our CPT® coding...

Data breaches cost hospitals $6B annually

  • HIM-HIPAA Insider, Issue 47, November 30, 2010

    Hospitals spend $6 billion annually because of data breaches, and federal regulations enacted under...

Address inadequate HIPAA Security Rule-required policies and procedures

  • HIM-HIPAA Insider, Issue 47, November 30, 2010

    CMS detailed seven shortcomings, including old and inadequate policies and procedures, found in its...

Q&A: Releasing PHI to a collection agency

  • HIM-HIPAA Insider, Issue 46, November 23, 2010

    Q. We released protected health information (PHI) to a collection agency because a patient was...

Get "social," but address privacy concerns: Steps to get you on the social media bandwagon and ensure patient privacy

  • HIM-HIPAA Insider, Issue 46, November 23, 2010

    When it comes to social networking websites, advocates say hospitals can have it both...

Coming soon in Medical Records Briefing

  • HIM-HIPAA Insider, Issue 46, November 23, 2010

    In the December issue of MRB, you’ll find articles on the following topics and more!

Q&A: Using mobile phones and smartphones to communicate patient information

  • HIM-HIPAA Insider, Issue 45, November 16, 2010

    Q. Can staff members communicate patient information via mobile and smartphones?

Train your work force to be HIPAA ready

  • HIM-HIPAA Insider, Issue 44, November 9, 2010

    To effectively train your staff on HIPAA, mix things up and be creative.

Q&A: Sending unencrypted e-mail within a network

  • HIM-HIPAA Insider, Issue 43, November 2, 2010

    Q. Would a covered entity or business associate violate the HIPAA Security Rule if it sends PHI in...

Q&A: Power of attorney and deceased individuals

  • HIM-HIPAA Insider, Issue 42, October 26, 2010

    Q. Is a power of attorney still effective after a patient’s death? I was told that a woman...

Q&A: Verifying admissions for internal staff

  • HIM-HIPAA Insider, Issue 41, October 19, 2010

    Q: If an employee is hospitalized in the facility in which he or she works, does the manager of the...

Coming soon in Medical Records Briefing

  • HIM-HIPAA Insider, Issue 41, October 19, 2010

    In the November issue of MRB, you’ll find articles on the following topics and more!

Tips to keep your information secure

  • HIM-HIPAA Insider, Issue 40, October 12, 2010

    The list of breaches of unsecured PHI on the Office for Civil Rights (OCR) website continues to...

Q&A: HIPAA and video monitoring

  • HIM-HIPAA Insider, Issue 39, October 5, 2010

    Q. The nursing department in my facility wants to install cameras in a few of the patient rooms. It...

Q&A: Releasing information to law enforcement

  • HIM-HIPAA Insider, Issue 38, September 28, 2010

    Q. A patient assaulted another patient while both were at our substance abuse treatment facility...

Accounting for disclosures from EHRs: What you need to know to comply with HITECH requirement

  • HIM-HIPAA Insider, Issue 38, September 28, 2010

    When HITECH was signed into law February 17, 2009, privacy and security officers predicted the...

As attention shifts to HITECH, don't forget about compliance with HIPAA basics

  • HIM-HIPAA Insider, Issue 37, September 21, 2010

    Many HIPAA privacy and security officers now focus on meeting new regulatory requirements under...

Prepare for the HIPAA final rule by focusing on BA relationships

  • HIM-HIPAA Insider, Issue 36, September 14, 2010

    Focus on working relationships with business associates (BA). Sometimes covered entities sign...

Walking the path of ARRA, HIPAA compliance

  • HIM-HIPAA Insider, Issue 36, September 14, 2010

    ARRA brought us an expanded version of HIPAA. Along with it came the clear message that if the last...

Q&A: HITECH changes to HIPAA Security Rule?

  • HIM-HIPAA Insider, Issue 35, September 7, 2010

    Q: Did HITECH change any HIPAA Security Rule implementation specifications from addressable to...

5010 transaction standard testing to begin in January

  • HIM-HIPAA Insider, Issue 34, August 31, 2010

    On August 24, CMS issued a press release to remind to healthcare providers, health plans...

Tip: Get the HIPAA job done, even if you're a solo act

  • HIM-HIPAA Insider, Issue 34, August 31, 2010

    How can privacy and security officers perform their jobs when they don’t have enough hours in...

Coming soon in Medical Records Briefing

  • HIM-HIPAA Insider, Issue 13, August 24, 2010

    In the September issue of MRB, you’ll find articles on the following topics and more!

Q&A: Release of information when a child is in DHS custody

  • HIM-HIPAA Insider, Issue 31, August 10, 2010

    Q: Can a parent access his or her child’s PHI when the child is in the custody of the...

Tip: Consider outsourcing your PHI disposal

  • HIM-HIPAA Insider, Issue 31, August 10, 2010

    Healthcare organizations need to worry about more than just the disposal of paper records. Covered...

Digesting the HIPAA proposed rule: Part 2

  • HIM-HIPAA Insider, Issue 31, August 9, 2010

    Many subcontracted entities handle PHI, and it makes sense to make them BAs by definition and...

Rite Aid to pay $1 million for potential patient privacy breaches

  • HIM-HIPAA Insider, Issue 30, August 3, 2010

    Rite Aid Corporation could have avoided a $1 million fine by simply enforcing its HIPAA policies...

Tip: Consider security of electronic releases of information

  • HIM-HIPAA Insider, Issue 30, August 3, 2010

    Harry B. Rhodes, MBA, RHIA, CHPS, CPHIMS, FAHIMA, director of practice leadership at AHIMA in...

OCR releases final guidance on risk analysis

  • HIM-HIPAA Insider, Issue 29, July 27, 2010

    On July 15 the Office for Civil Rights posted its annual guidance on conducting risk...

Q&A: Notice of privacy practice posting

  • HIM-HIPAA Insider, Issue 29, July 27, 2010

    Q. If we provide laminated copies of our privacy notice on the registration counters, must we post...

Coming soon in Medical Records Briefing

  • HIM-HIPAA Insider, Issue 29, July 27, 2010

    In the August issue of MRB, you’ll find articles on the following topics and more!

Q&A: HIPAA and attorney requests for records

  • HIM-HIPAA Insider, Issue 27, July 13, 2010

    Q. When an attorney requests records and asks that all records be released, must we comply and send...

Q&A: HIPAA and on-campus education for minors

  • HIM-HIPAA Insider, Issue 26, July 6, 2010

    Q: We have a medical unit for a pediatric population. This campus includes a school for educating...

WellPoint Inc. notifies nearly 500,000 of breach

  • HIM-HIPAA Insider, Issue 26, July 5, 2010

    The information – which the Times says stemmed from an online program for customers to...

Make HIPAA a top priority with upper management

  • HIM-HIPAA Insider, Issue 25, June 29, 2010

    Privacy and security officers may face varying challenges to get buy-in from top leaders for HIPAA...

Insurer's breach affects 230,000

  • HIM-HIPAA Insider, Issue 25, June 28, 2010

    A site user accessed confidential information such as medical records and Social Security numbers...

HIPAA Q&A: Updates to NPP?

  • HIM-HIPAA Insider, Issue 25, June 28, 2010

    Learn the answer to this HIPAA compliance question.

TIP: Create consistent laptop use policy for your facility

  • HIM-HIPAA Insider, Issue 25, June 28, 2010

    Organizations can create major problems when they allow staff members to buy or use their own...

Large patient information breach list nears century mark

  • HIM-HIPAA Insider, Issue 24, June 22, 2010

    The Office for Civil Rights' (OCR) list of entities reporting major patient information breaches...

Q&A: HIPAA and requests for report results

  • HIM-HIPAA Insider, Issue 24, June 22, 2010

    Q. We are an MRI facility, and our services are referral-based. We fax MRI reports to referring...

Laptop breaches affecting 500 or more climbing

  • HIM-HIPAA Insider, Issue 24, June 21, 2010

    Of the 95 breaches on the Office for Civil Rights (OCR) website as of June 17, 32, or 34...

State alliance: OCR to release HITECH regs this week

  • HIM-HIPAA Insider, Issue 24, June 18, 2010

    After its sixth annual Academic Medical Center Conference in Chapel Hill, NC, June 7-9, the...

Protect PHI when staff members leave

  • HIM-HIPAA Insider, Issue 23, June 15, 2010

    Establish a procedure to protect PHI when clinical staff members leave your organization. This is...

FTC delays Red Flags Rule enforcement

  • HIM-HIPAA Insider, Issue 22, June 8, 2010

    The Federal Trade Commission (FTC) delayed enforcement of the Red Flags Rule for a fifth time, this...

Q&A: HIPAA-compliant sign-in sheets

  • HIM-HIPAA Insider, Issue 22, June 8, 2010

    Q. Do patient sign-in sheets violate the HIPAA privacy rule? If they don’t, does a...

FTC delays Red Flags Rule enforcement again

  • HIM-HIPAA Insider, Issue 22, June 7, 2010

    The Federal Trade Commission (FTC) delayed enforcement of the Red Flags Rule for a fifth time May...

Stolen laptop contains more than 61,000 patients' information

  • HIM-HIPAA Insider, Issue 22, June 7, 2010

    The Cincinnati Children’s Hospital reported May 28 that a laptop including information...

FUN FACT: Even the Red Sox comply with HIPAA

  • HIM-HIPAA Insider, Issue 22, June 7, 2010

    That’s right.

HIPAA Q&A: HIPAA and occupational health

  • HIM-HIPAA Insider, Issue 22, June 7, 2010

    Q. Please explain the relevance of HIPAA to a hospital’s occupational health department and...

HIPAA Q&A: Donor review

  • HIM-HIPAA Insider, Issue 21, May 31, 2010

    Learn the answer to this challenging HIPAA compliance scenario.

Lawsuit: Red Flags Rule violates doctor/patient relationship

  • HIM-HIPAA Insider, Issue 21, May 31, 2010

    The lawsuit seeks to prevent the FTC from defining physicians as “creditors” whenever...

Workgroup: Mandate encryption for provider information exchanges

  • HIM-HIPAA Insider, Issue 21, May 31, 2010

    “When information is exposed in transmission, it ought to be encrypted,” Deven McGraw...

OCR building HIPAA audit plan with outside help

  • HIM-HIPAA Insider, Issue 21, May 31, 2010

    The Office for Civil Rights (OCR), which carries out for the Department of Health & Human...

OCR issues guidance on risk analysis

  • HIM-HIPAA Insider, Issue 20, May 25, 2010

    On May 7 the Office for Civil Rights (OCR) issued a series of guidance documents dealing with risk...

Seven steps to comply with the Red Flags Rule

  • HIM-HIPAA Insider, Issue 20, May 25, 2010

    If you don’t have an identity theft prevention program in place, take action now. The Federal...

Coming soon in Medical Records Briefing

  • HIM-HIPAA Insider, Issue 20, May 25, 2010

    In the June issue of MRB, you’ll find the following articles.Click here for more information...

'Private practices' will be unmasked on large breaches website

  • HIM-HIPAA Insider, Issue 20, May 24, 2010

    A spokesperson from the Office for Civil Rights (OCR), which enforces the HIPAA privacy and...

HIPAA Update blog series: Laptop security

  • HIM-HIPAA Insider, Issue 20, May 24, 2010

    Most experts say you must encrypt your laptops and portable devices.

Q&A: Accidental sharing of PHI with other healthcare providers

  • HIM-HIPAA Insider, Issue 19, May 18, 2010

    Q: We inadvertently sent a clinical note to the wrong healthcare provider. Must we conduct a risk...

Q&A: HITECH vs. third-party payer policies: Who wins?

  • HIM-HIPAA Insider, Issue 18, May 11, 2010

    Q. Does HITECH supersede our contracts with third-party health insurance policies if the patient...

HHS: HIPAA regulations to come this month

  • HIM-HIPAA Insider, Issue 17, May 4, 2010

    The timing of the release of proposed HIPAA regulations per the HITECH Act became a little clearer...

Cost-effective ways to ensure HIPAA compliance

  • HIM-HIPAA Insider, Issue 17, May 4, 2010

    Jaspinder Grewal is a self-described “techie” who knows that developing cost-effective...

Medical Records Briefing, May 2010

  • HIM Briefings, Issue 5, May 1, 2010

    This month's issue includes an article on the EHR certification proposed rule, as well as advice...

Pre-test security application compatibility, effectiveness before purchase; HIPAA compliance at stake

  • Briefings on HIPAA, Issue 5, May 1, 2010

    As with laptop and desktop computers, smartphones are also the target of malware that can damage...

De-identification standard moves to forefront at OCR

  • Briefings on HIPAA, Issue 5, May 1, 2010

    Many healthcare organizations have pondered these questions. Now OCR has turned its attention to...

Clipboard permissible but not best sign-in option

  • Briefings on HIPAA, Issue 5, May 1, 2010

    Account numbers reported to the state are considered patient-identifiable information. Therefore...

Use these cost-effective ways to ensure compliance

  • Briefings on HIPAA, Issue 5, May 1, 2010

    Jaspinder Grewal is a self-described "techie" who knows that developing cost-effective...

Briefings on HIPAA, May 2010

  • Briefings on HIPAA, Issue 5, May 1, 2010

    In this issue of BOH, you’ll learn some cost-effective ways to ensure HIPAA compliance, what...

OCR list discloses large patient data breaches

  • Health Information Compliance Insider, Issue 5, May 1, 2010

    Encrypting ePHI could help keep your facility off the OCR’s list of patient data breaches on...

Health Information Compliance Insider, May 2010

  • Health Information Compliance Insider, Issue 5, May 1, 2010

    In this issue of HICI, you'll read about steps you can take to avoid being one of the facilities...

Cascade official shares lessons learned from CMS HIPAA security audit

  • HIM-HIPAA Insider, Issue 16, April 27, 2010

    Ten covered entities (CE) found themselves in CMS’ crosshairs when the federal government...

HIPAA Q&A: Office staff in physician offices

  • HIM-HIPAA Insider, Issue 16, April 26, 2010

    Q. Our hospital is considering allowing staff members in private physician offices to access our...

Weigh in on HIPAA Update blog

  • HIM-HIPAA Insider, Issue 16, April 26, 2010

    Start blogging about HIPAA with your colleagues today!

OCR will post names of 'individuals' who report breaches affecting 500 or more

  • HIM-HIPAA Insider, Issue 16, April 26, 2010

    Currently, OCR does not post the names of such entities (namely sole practitioners) who report...

Large patient information breaches skyrocket

  • HIM-HIPAA Insider, Issue 16, April 26, 2010

    HITECH requires OCR to make public any breaches affecting 500 or more individuals. OCR will...

HCPro survey: Breach notification requirements are top HITECH challenge; BA contracts also a concern

  • HIM-HIPAA Insider, Issue 15, April 20, 2010

    Have you wondered what has been the biggest challenge for healthcare providers since enactment of...

Privacy Act protects some practices with patient data breaches

  • HIM-HIPAA Insider, Issue 15, April 19, 2010

    A spokesperson from OCR writes in an e-mail to HIPAA Update that OCR considers private...

BCBS of TN hard drive theft now threatens 1 million customers

  • HIM-HIPAA Insider, Issue 15, April 19, 2010

    “As of April 2, 2010, a total of 998,422 current and former members have been identified as...

HITECH regulations may come soon -- or four months from now

  • HIM-HIPAA Insider, Issue 15, April 19, 2010

    OIRA has 90 days to review the regulations, though the head of the submitting agency can extend...

Q&A: HIPAA and friendly follow-ups

  • HIM-HIPAA Insider, Issue 14, April 13, 2010

    Q. An emergency department (ED) nurse at a hospital and trauma center saw the name of an...

Q&A: HIPAA and media

  • HIM-HIPAA Insider, Issue 13, April 6, 2010

    Q. Which HIPAA requirements are applicable with respect to notifying the media about a...

Connecticut AG uses HITECH power again

  • HIM-HIPAA Insider, Issue 13, April 5, 2010

    Three months ago, Blumenthal announced he was suing Health Net of Connecticut, Inc., after the...

Case involving breaches of PHI worth watching

  • Briefings on HIPAA, Issue 4, April 1, 2010

    Connecticut Attorney General Richard Blumenthal sued Health Net of Connecticut, Inc., for failing...

HIPAA Q&A: Give media limited patient information; HITECH protects paper PHI in addition to electronic information

  • Briefings on HIPAA, Issue 4, April 1, 2010

    A patient underwent diagnostic testing in the hospital where she was employed. She received a copy...

Failure to conduct risk assessment is risky business

  • Briefings on HIPAA, Issue 4, April 1, 2010

    The HIPAA security rule requires this type of assessment. However, many healthcare organizations...

Cascade official shares lessons learned from CMS HIPAA security audit

  • Briefings on HIPAA, Issue 4, April 1, 2010

    Cascade Healthcare Community, a three-hospital health system headquartered in Bend, OR, was one of...

Briefings on HIPAA, April 2010

  • Briefings on HIPAA, Issue 4, April 1, 2010

    In this issue of BOH, you’ll learn what to expect from a government audit in terms of HIPAA...

Case involving breaches of PHI worth watching

  • Health Information Compliance Insider, Issue 4, April 1, 2010

    Connecticut Attorney General Richard Blumenthal sued Health Net of Connecticut, Inc., for failing...

Seven steps to comply with the Red Flags Rule

  • Health Information Compliance Insider, Issue 4, April 1, 2010

    The focus of the Red Flags Rule is identity theft, said Rebecca Williams, RN, JD, partner and...

Health Information Compliance Insider, April 2010

  • Health Information Compliance Insider, Issue 4, April 1, 2010

    In this issue of HICI, you'll read about steps you can take to comply with the Red Flags Rule ahead...

Changes coming for HIM in wake of healthcare reform bill

  • HIM-HIPAA Insider, Issue 12, March 30, 2010

    Now that the Senate and House have put the finishing touches on the newly signed...

Q&A: HIPAA and census data

  • HIM-HIPAA Insider, Issue 12, March 30, 2010

    Q. Census workers are requesting information about the residents of our group homes to conduct an...

HIPAA Q&A: Physicians treating family members

  • HIM-HIPAA Insider, Issue 12, March 29, 2010

    Securing the charts of family members in a locked receptacle or cabinet is a wise precaution...

Covered entity gets requests for BA agreements

  • HIM-HIPAA Insider, Issue 12, March 29, 2010

    It seems that BA documents are being used inappropriately, or as a “catch all, just in...

Speaking of OCR transparency on breach reports

  • HIM-HIPAA Insider, Issue 12, March 29, 2010

    He asks questions in the piece about which doctors were involved in the incident, were they in the...

Industry insiders question not revealing violators of health information breaches

  • HIM-HIPAA Insider, Issue 12, March 29, 2010

    In cases where OCR does not have written consent, it will cite the entity on its Web site as...

Q&A: Notification requirements when a privacy breach occurs involving a minor

  • HIM-HIPAA Insider, Issue 10, March 16, 2010

    Q. Whom should we notify if a minor’s record is breached? For example, a grandparent who...

Coming soon in Medical Records Briefing

  • HIM-HIPAA Insider, Issue 10, March 16, 2010

    In the April issue of MRB, you’ll find the following articles, and more! EHR beat...

Don't succumb to off-site, out-of-mind record storage

  • HIM-HIPAA Insider, Issue 9, March 9, 2010

    Space is at a premium for many hospitals. Most campuses simply don’t have enough space to...

Adapt HIPAA internal sanctions policy to comply with HITECH

  • HIM-HIPAA Insider, Issue 9, March 9, 2010

    Providers know that HIPAA requires them, as covered entities, to impose sanctions consistently...

Access-privacy balance could prove elusive for hospitals

  • HIM-HIPAA Insider, Issue 9, March 8, 2010

    The experts in the room audibly grumbled when talk turned to interoperability and privacy. It's a...

HITECH survey: providers remain concerned about HIPAA breach notification

  • HIM-HIPAA Insider, Issue 9, March 8, 2010

    We can give you a pretty good idea after seeing the results of HCPro’s HIPAA and HITECH...

Proposed HITECH rule for business associates will come soon, says OCR lawyer

  • HIM-HIPAA Insider, Issue 9, March 8, 2010

    Per HITECH, BAs must comply with the HIPAA Security Rule and the use and disclosure provisions of...

HIPAA Q&A: Authorization on insurance

  • HIM-HIPAA Insider, Issue 9, March 5, 2010

    Learn the answer to this HIPAA compliance question.

Q&A: HITECH enforcement delays

  • HIM-HIPAA Insider, Issue 8, March 2, 2010

    Q: Has HITECH enforcement been delayed?

Medical Records Briefing, March 2010

  • HIM Briefings, Issue 3, March 1, 2010

    This month's issue includes an article on EHR meaningful use standards and what hospitals should do...

Adapt HIPAA internal sanctions policy to comply with HITECH; consider penalty tiers for violations

  • Briefings on HIPAA, Issue 3, March 1, 2010

    HITECH establishes new penalty tiers, so providers should revise their sanction policies now.

HIPAA Q&A: Terminate contract if vendor denies records request; patient also can be liable for lost records

  • Briefings on HIPAA, Issue 3, March 1, 2010

    When breaches occur, you are required to notify the affected patients or their legal...

Product watch: Take a secure trip to Aruba's wireless solution

  • Briefings on HIPAA, Issue 3, March 1, 2010

    The wireless and the wired environment are each subject to potentially significant security...

New regional privacy advisors provide guidance and education for covered entities and business associates

  • Briefings on HIPAA, Issue 3, March 1, 2010

    OCR has established privacy advisors in each of its regional offices to provide HIPAA privacy and...

Ensure that your business associates comply with HITECH security and privacy

  • Briefings on HIPAA, Issue 3, March 1, 2010

    Don't wait for OCR to publish all the HITECH implementation rules before taking action, Apgar said...

Briefings on HIPAA, March 2010

  • Briefings on HIPAA, Issue 3, March 1, 2010

    In this issue of BOH, you'll learn some final checklist items for HITECH compliance and how to...

Tips for revising your HIPAA internal sanctions policy

  • HIM-HIPAA Insider, Issue 7, February 23, 2010

    As healthcare organizations begin adapting their HIPAA internal sanctions policies to comply with...

HIPAA Q&A: Authorization on release of records

  • HIM-HIPAA Insider, Issue 7, February 22, 2010

    Learn the answer to this challenging HIPAA compliance question.

HIPAA compliance questions regarding HITECH

  • HIM-HIPAA Insider, Issue 7, February 22, 2010

    As your organization works to comply with breach notification regulations and sets up a “harm...

Top HIPAA lessons for hospital leaders

  • HIM-HIPAA Insider, Issue 7, February 22, 2010

    It’s a good time for the C-Suite to be involved in HIPAA compliance.

Q&A: HITECH requirements for business associate contracts

  • HIM-HIPAA Insider, Issue 6, February 16, 2010

    Q: Are covered entities and BAs required to revise their BA contracts? Do contracts executed prior...

Business associates could pay for breaches

  • HIM-HIPAA Insider, Issue 5, February 9, 2010

    Business associates can be directly liable for a breach of unsecured protected health information...

Q&A: EHR audit log retention

  • HIM-HIPAA Insider, Issue 5, February 9, 2010

    Q. We use numeric patient account numbers that cannot be tied back to a patient except by a...

Coming soon in Medical Records Briefing

  • HIM-HIPAA Insider, Issue 5, February 9, 2010

    In the March issue of MRB, you’ll find the following articles, and more! EHR beat...

HIPAA Q&A: Recognizing a physician's voice

  • HIM-HIPAA Insider, Issue 5, February 8, 2010

    Learn the answer to this tough HIPAA compliance question.

Meaningful use calls for meaningful risk analysis

  • HIM-HIPAA Insider, Issue 5, February 8, 2010

    The proposed rule for the Medicare and Medicaid EHR incentive states that in Stage 1 of meeting the...

Highlights from the 18th Annual National HIPAA Summit

  • HIM-HIPAA Insider, Issue 5, February 8, 2010

    Check out our blog posts about these topics discussed during the summit on our HIPAA Update blog:

Take our HIPAA survey

  • HIM-HIPAA Insider, Issue 5, February 8, 2010

    Please take 5-10 minutes of your time to complete this 11-question survey regarding HIPAA and...

Q&A: EHR audit log retention

  • HIM-HIPAA Insider, Issue 5, February 2, 2010

    Q. Does any regulation define the retention period for EHR or electronic medical record audit logs?

Briefings on HIPAA, February 2010

  • Briefings on HIPAA, Issue 2, February 1, 2010

    In this issue of BOH, you'll learn some final checklist items for HITECH compliance and how to...

New meaningful use interim standards require encryption capabilities

  • HIM-HIPAA Insider, Issue 4, February 1, 2010

    The EHR standards simply enable you to carry out certain aspects of HIPAA and HITECH better, such...

Proactive training: Educate staff members, patients in fight against medical identity theft at your facility

  • Health Information Compliance Insider, Issue 2, February 1, 2010

    Booz Hamilton Allen, a McLean, VA–based firm that was commissioned in 2008 by the Office of...

Find capital now; gain  stimulus funds later

  • Health Information Compliance Insider, Issue 2, February 1, 2010

    The Health Information Technology for Economic and Clinical Health (HITECH) Act gave approximately...

Health Information Compliance Insider®, February 2010

  • Health Information Compliance Insider, Issue 2, February 1, 2010

    Inside: Find capital now; gain  stimulus funds later Proactive training: Educate staff members...

Integrate identity theft into staff member training

  • HIM-HIPAA Insider, Issue 4, January 26, 2010

    Educate your patients about playing an active role in fighting medical identity theft, make your...

HIPAA Q&A: Family members who are physicians

  • HIM-HIPAA Insider, Issue 3, January 25, 2010

    Learn the answer to this challenging HIPAA scenario.

Answers to HITECH questions

  • HIM-HIPAA Insider, Issue 3, January 25, 2010

    With the help of some HITECH experts, we tracked down answers to two of the questions:

CMS HIPAA 5010 call

  • HIM-HIPAA Insider, Issue 3, January 25, 2010

    The call, formally titled “HIPAA Version 5010 National Provider Call: CMS’ approach for...

HIPAA Q&A: Radiology images

  • HIM-HIPAA Insider, Issue 2, January 18, 2010

    Learn the answer from this tough HIPAA compliance question.

Security breach puts 500,000 BlueCross members’ data at risk

  • HIM-HIPAA Insider, Issue 2, January 18, 2010

    The hard drives were reportedly stolen from a leased office in a Chattanooga strip mall that once...

Questions on business associates and HITECH

  • HIM-HIPAA Insider, Issue 2, January 18, 2010

    HCPro, Inc. hosted the January 14 audio conference, “Business Associate Action Plan: Comply...

Tip: Check on your BAs

  • HIM-HIPAA Insider, Issue 2, January 18, 2010

    Make sure your BAs know they are expected to comply with the HITECH regulations. Some...

Tip: Assess privacy vulnerabilities for social networking sites

  • HIM-HIPAA Insider, Issue 1, January 5, 2010

    Trendy social networking sites such as Facebook, TwitterTM, MySpaceTM, and blogs pose enough of a...

Proactive training: Educate staff members, patients in fight against medical identity theft at your facility

  • Briefings on HIPAA, Issue 2, January 1, 2010

    Booz Allen Hamilton, a McLean, VA–based firm that was commissioned in 2008 by the Office of...

Consider SenditCertified to help ensure secure PHI transmissions

  • Briefings on HIPAA, Issue 2, January 1, 2010

    SenditCertified offers a unique solution: It supports the encryption of transmitted PHI that meets...

Q&A: Business associate requirements, audit log retention periods, and more

  • Briefings on HIPAA, Issue 2, January 1, 2010

    Is there any regulation that defines the retention period for electronic health record (EHR) or...

Learn from other healthcare organizations' mistakes; Review the top breaches of 2009 and how you can prevent the same at your facility

  • Briefings on HIPAA, Issue 2, January 1, 2010

    Major breaches of patient information in 2009 break down into three types: snoopers, hackers, and...

A final checklist to help meet the HITECH deadline

  • Briefings on HIPAA, Issue 2, January 1, 2010

    Under HITECH—approved as part of the American Recovery and Reinvestment Act—business...

Medical Records Briefing 2009 index

  • HIM Briefings, Issue 1, January 1, 2010

    This index of MRB articles provides readers with the date and page of each story in the newsletter...

HIPAA refresher: Protecting privacy when using social networking sites, working with minors, and more

  • HIM Briefings, Issue 1, January 1, 2010

    Encourage staff members to review HIPAA privacy guidelines by testing them with several questions.

Assess privacy vulnerabilities for social networking sites

  • Briefings on HIPAA, Issue 1, January 1, 2010

    Determine whether and how you’re vulnerable, as well as whether revising your policies and...

HITECH compliance deadline one month away

  • Briefings on HIPAA, Issue 1, January 1, 2010

    Chris Apgar, CISSP, and John R. Christiansen, JD, answered questions regarding BA contracts during...

HITECH, major settlements, EHRs, and more: Looking back on 2009, ahead to 2010

  • Briefings on HIPAA, Issue 1, January 1, 2010

    BOH revisits the most significant events of 2009 and explores their potential effect in 2010.

Briefings on HIPAA, January 2010

  • Briefings on HIPAA, Issue 1, January 1, 2010

    In this issue of BOH, you’ll learn what some organizations are doing to address the risks of...

Responding to identity theft a three-step process

  • Health Information Compliance Insider, Issue 1, January 1, 2010

    The Federal Trade Commission’s Red Flags rule, existing HIPAA laws, and the new Health...

Red Flags rules: FTC enforcement date finally arrives … at least for now

  • Health Information Compliance Insider, Issue 1, January 1, 2010

    Nonetheless, providers subject to the rule’s requirement to develop a program that mitigates...

HIPAA in the headlines in 2009: Anticipate impact in 2010

  • Health Information Compliance Insider, Issue 1, January 1, 2010

    Specific developments weren’t mere flashes in the pan; experts say the ripple effect will...

Health Information Compliance Insider®, January 2010

  • Health Information Compliance Insider, Issue 1, January 1, 2010

    Inside: Anticipate impact in 2010 FTC enforcement date finally arrives … at least for...

Find the right contract vendor

  • HIM-HIPAA Insider, Issue 52, December 29, 2009

    Covered entities must carefully select and contract with software vendors and investigate the...

HIPAA Q&A: HIPAA compliance documentation

  • HIM-HIPAA Insider, Issue 49, December 28, 2009

    Learn the answer to this tough HIPAA compliance question.

Two HITECH compliance tips

  • HIM-HIPAA Insider, Issue 49, December 28, 2009

    Use these tips to prepare for HITECH compliance.

Red Flags rules: FTC enforcement date finally arrives . . . at least for now

  • HIM-HIPAA Insider, Issue 51, December 22, 2009

    The Federal Trade Commission (FTC) now says it will enforce the Red Flags rule June 1, 2010, seven...

Weigh in with your colleagues on HIPAA Update

  • HIM-HIPAA Insider, Issue 48, December 21, 2009

    Go to our HIPAA Update blog and see the posts with the most comments over the last month.

HIPAA Q&A: Summer help

  • HIM-HIPAA Insider, Issue 48, December 21, 2009

    Learn the answer to this tough HIPAA compliance question.

TIP: Create written policies

  • HIM-HIPAA Insider, Issue 48, December 21, 2009

    Prepare written policies that address the process for internal reporting. Consider what potential...

Two tips on HITECH compliance

  • HIM-HIPAA Insider, Issue 48, December 21, 2009

    HITECH states covered entities must incorporate the new provisions into their BA contracts.

Flurry of HIPAA activity expected over next three months

  • HIM-HIPAA Insider, Issue 50, December 15, 2009

    The Office for Civil Rights (OCR) likely will publish a draft or interim final rule outlining the...

Breach notification requirements

  • HIM-HIPAA Insider, Issue 50, December 15, 2009

    Q: If a breach of PHI occurs and the business associate (BA) or covered entity does not have...

HIPAA audio conference recording available

  • HIM-HIPAA Insider, Issue 47, December 14, 2009

    This HIPAA internal sanctions audio conference may help you get your policy in line with the HITECH...

HIPAA Q&A: Breach notification

  • HIM-HIPAA Insider, Issue 47, December 14, 2009

    Learn the answer to this HIPAA compliance scenario.

TIP: Create security incident response team

  • HIM-HIPAA Insider, Issue 47, December 14, 2009

    You are only as good as the team you form for security breach notification.

HITECH compliance tips as you await federal guidance

  • HIM-HIPAA Insider, Issue 47, December 14, 2009

    Experts told HIPAA Weekly Advisor they expect OCR, the HHS agency that enforces the HIPAA privacy...

Updating the Notice of Privacy Practice

  • HIM-HIPAA Insider, Issue 49, December 8, 2009

    Q. If we update our Notice of Privacy Practice (NPP), do we need to redistribute it to existing...

Exercise due diligence; find the right vendor

  • Briefings on HIPAA, Issue 12, December 1, 2009

    Covered entities must carefully select and contract with software vendors and investigate the...

HIPAA Q&A: NPPs, BA contracts, Red Flags Rule, and more

  • Briefings on HIPAA, Issue 12, December 1, 2009

    Learn the answer to this and other tough HIPAA compliance questions.

HHS unveils online breach notification forms; experts say they’re ‘straightforward,’ user-friendly

  • Briefings on HIPAA, Issue 12, December 1, 2009

    HHS will begin enforcing the breach notification provisions around February 22, 2010. The forms...

Develop effective strategies for your breach notification response program

  • Briefings on HIPAA, Issue 12, December 1, 2009

    Be determined and thorough, but also patient as you gather evidence and develop a smart game plan...

Briefings on HIPAA, December 2009

  • Briefings on HIPAA, Issue 12, December 1, 2009

    In this issue of BOH, you’ll learn the right steps to take when finding and contracting with...

HHS unveils online breach notification forms; experts say they’re ‘straightforward,’ user-friendly

  • Health Information Compliance Insider, Issue 12, December 1, 2009

    The forms ended speculation about how HHS wanted covered entities to submit breach notifications to...

Limit your risk; address snooping problems swiftly, harshly

  • Health Information Compliance Insider, Issue 12, December 1, 2009

    Covered entities must strive to protect PHI against employees who snoop with preparation, strong...

Develop effective strategies for your breach notification response program

  • Health Information Compliance Insider, Issue 12, December 1, 2009

    Be determined and thorough, but also patient as you gather evidence and develop a smart game plan...

Health Information Compliance Insider®, December 2009

  • Health Information Compliance Insider, Issue 12, December 1, 2009

    Synopsis for full issue: In this issue of HICI, you’ll read how to effectively manage your...

Know these eight tips to ensure secure PHI

  • HIM Briefings, Issue 12, December 1, 2009

    HHS’ message is clear: Breaches of electronic protected health information (PHI) should not...

Medical Records Briefing, December 2009

  • HIM Briefings, Issue 12, December 1, 2009

    The December issue of MRB is full of time-saving tips and information for HIM directors. This...

Tips to ensure secure PHI

  • HIM-HIPAA Insider, Issue 48, December 1, 2009

    HIM directors play a key role in collaborating with IT staff members to ensure acceptable...

Limit your risk; address snooping problems swiftly

  • HIM-HIPAA Insider, Issue 48, December 1, 2009

    HIPAA privacy and security officers must face the reality that employees may misuse their access to...

HHS launches new health IT blog

  • HIM-HIPAA Insider, Issue 45, November 30, 2009

    HITECH provides new resources to improve healthcare through advances in health IT and provides...

Hospital's patient information sold

  • HIM-HIPAA Insider, Issue 45, November 30, 2009

    That private information – including names, birth dates, Social Security numbers and injuries...

HIPAA Q&A: Group talk

  • HIM-HIPAA Insider, Issue 45, November 30, 2009

    Learn the answer to this tough HIPAA compliance question from your colleague.

TIP: Establish safeguards to prevent a breach

  • HIM-HIPAA Insider, Issue 45, November 30, 2009

    If the BA is an agent of the CE, the CE is considered to have notice of the breach at the time the...

Consider using HHS' online breach notification forms

  • HIM-HIPAA Insider, Issue 47, November 24, 2009

    HHS unveiled its online breach reporting forms one week after its interim final rule on breach...

Protecting PHI stored in Microsoft applications

  • HIM-HIPAA Insider, Issue 46, November 17, 2009

    Q. How should we manage the tracking/logging of PHI that may be stored in standard Microsoft...

TIP: Avoid vague education on communication devices, Web sites

  • HIM-HIPAA Insider, Issue 43, November 16, 2009

    You can protect your organization by investing in communication devices such as BlackBerry®...

HIPAA Update hot posts

  • HIM-HIPAA Insider, Issue 44, November 16, 2009

    See the posts that get your HIPAA colleagues talking.

New HIPAA whitepaper!

  • HIM-HIPAA Insider, Issue 43, November 16, 2009

    Check out our new whitepaper, our third on HITECH-related regulations and laws.

Q&A: HIPAA and social networking

  • HIM-HIPAA Insider, Issue 45, November 10, 2009

    Q: I am beginning to hear about HIPAA violations occurring on popular Internet sites (e.g...

Limit your risk; address snooping problems swiftly

  • HIM-HIPAA Insider, Issue 45, November 10, 2009

    HIPAA privacy and security officers must face the reality that employees may misuse their access to...

HIPAA Q&A: Diagnostic test results

  • HIM-HIPAA Insider, Issue 42, November 9, 2009

    Learn the answer to this HIPAA compliance question.

Guidance on HIPAA implications of H1N1

  • HIM-HIPAA Insider, Issue 42, November 9, 2009

    “Many of these documents help clear up questions on whether the subsequent 1135 waivers...

Red Flags Rule enforcement delayed to June 1

  • HIM-HIPAA Insider, Issue 42, November 9, 2009

    The previous delay announcement—from August 1 enforcement to November 1—came in July...

New HIPAA whitepaper!

  • HIM-HIPAA Insider, Issue 42, November 9, 2009

    Check out our latest HIPAA white paper regarding provisions in the HITECH Act.

HIPAA Q&A: Red Flags Rule

  • HIM-HIPAA Insider, Issue 41, November 2, 2009

    Learn the answer to this tough compliance question.

BA contract addendum

  • HIM-HIPAA Insider, Issue 41, November 2, 2009

    Does anyone have a sample of an addendum that can be added to our BA agreement that puts us into...

Add your feedback on HHS 'harm threshold'

  • HIM-HIPAA Insider, Issue 41, November 2, 2009

    Want to add your feedback on HHS' new harm threshold?

Enforcement interim final rule published in FR

  • HIM-HIPAA Insider, Issue 41, November 2, 2009

    The interim final rule becomes effective November 30. HHS has invited public comments on the...

Update: Economy slowing growth of electronic health record implementation in hospitals

  • Health Information Compliance Insider, Issue 11, November 1, 2009

    With the rapidly changing healthcare landscape, the study’s authors continue to follow up on...

AAHC: Privacy rule directly affects multisite research, subject participation

  • Health Information Compliance Insider, Issue 11, November 1, 2009

    Rebecca Herold, CISSP, CIPP, CISM, CISA, privacy, security, and compliance consultant at Rebecca...

Harm thresholds: Opportunity for CEs to be more accountable for PHI, breach mitigation

  • Health Information Compliance Insider, Issue 11, November 1, 2009

    The rule’s “harm threshold” provision provides CEs an avenue to avoid reporting a...

Health Information Compliance Insider®, November 2009

  • Health Information Compliance Insider, Issue 11, November 1, 2009

    In this issue of HICI, you’ll read how one paper’s authors believe the Privacy Rule...

Dell responds with positive changes

  • Briefings on HIPAA, Issue 11, November 1, 2009

    We found Dell to be significantly lacking in its abil¬ity or willingness to provide the support...

Harm thresholds: Opportunity for CEs to be more accountable for PHI, breach mitigation

  • Briefings on HIPAA, Issue 11, November 1, 2009

    The rule’s “harm threshold” provision provides CEs an avenue to avoid reporting a...

New contract requirements raise questions

  • Briefings on HIPAA, Issue 11, November 1, 2009

    Covered entities can be BAs. Rely on the regulatory experts in your field. I can’t speak for...

HIPAA Q&A: Business associate agreements, social networking sites, donor information

  • Briefings on HIPAA, Issue 11, November 1, 2009

    Learn the answer to this and more important HIPAA compliance questions.

Experts: Hospitals not the place for personal e-mail, social networking sites

  • Briefings on HIPAA, Issue 11, November 1, 2009

    Regardless of how you respond to these privacy and security vulnerabilities, understanding the...

HIPAA happenings

  • HIM Briefings, Issue 11, November 1, 2009

    The privacy and security changes pursuant to the Health Information Technology for Economic and...

Medical Records Briefing, November 2009

  • HIM Briefings, Issue 11, November 1, 2009

    Inside: Education, credentials just two of many factors that affect salary Ensure that BA...

Briefings on HIPAA, November 2009

  • Briefings on HIPAA, Issue 11, November 1, 2009

    In this issue of BOH, you’ll learn how some providers are offsetting the dangers posed by...

Ask these questions in your harm threshold risk assessment

  • HIM-HIPAA Insider, Issue 40, October 26, 2009

    Ask these questions during your risk assessment to determine the level of harm to victims of a...

Speaking of HIPAA ...

  • HIM-HIPAA Insider, Issue 40, October 26, 2009

    See what your HIPAA privacy and security colleagues are talking about on the HIPAA Update blog.

Experts: exemption from Red Flags Rule not necessary

  • HIM-HIPAA Insider, Issue 40, October 26, 2009

    The House of Representatives filed a bill October 8 that would exempt a healthcare practice with 20...

HIPAA Q&A: Fundraising

  • HIM-HIPAA Insider, Issue 39, October 19, 2009

    Learn the answer to this challenging HIPAA compliance question.

Thousands of doctors' information on stolen laptop

  • HIM-HIPAA Insider, Issue 39, October 19, 2009

    Lisa Martinelli, Highmark, Inc.'s chief privacy officer, told the Tribune-Review the information...

Add your feedback on HHS 'harm threshold'

  • HIM-HIPAA Insider, Issue 39, October 19, 2009

    Add your feedback to a hot-button issue -- HHS' HIPAA harm threshold in the interim final rule on...

Small healthcare entities may be exempt from Red Flags Rule

  • HIM-HIPAA Insider, Issue 39, October 19, 2009

    The Red Flags Rule, which will be enforced beginning November 1, requires healthcare entities...

Congressmen disagree with HHS 'harm standard'

  • HIM-HIPAA Insider, Issue 38, October 12, 2009

    The Congressmen say this concept was explicitly rejected when they crafted the American Recovery...

HIPAA Q&A: Taking PHI home

  • HIM-HIPAA Insider, Issue 37, October 5, 2009

    Q. Several weeks ago, some security specialists indicated that their staff members take paper PHI...

New rules protect patients' genetic information

  • HIM-HIPAA Insider, Issue 37, October 5, 2009

    In part, the rule ensures that genetic information is not used to deny healthcare coverage and will...

Lawyer: Providers not ready for HITECH compliance

  • HIM-HIPAA Insider, Issue 37, October 5, 2009

    “People are shell-shocked,” says Blustein, partner and co-chair of Garfunkel Wild &...

HHS posts forms for breach notification

  • HIM-HIPAA Insider, Issue 37, October 5, 2009

    HHS releases the step-by-step reporting form for breach notification.

HIM directors' salaries on the rise, but profession isn't exempt from poor economy

  • HIM Briefings, Issue 10, October 1, 2009

    HIM director salaries are on the rise, according to HCPro’s MRB salary survey. Half of the...

EHRs, incentives on the horizon

  • Health Information Compliance Insider, Issue 10, October 1, 2009

    The biggest difference between the two is that the patient has access to and the ability to change...

Experts: Expect more enforcement as OCR role expands

  • Health Information Compliance Insider, Issue 10, October 1, 2009

    OCR now will determine whether HIPAA security standards preempt any state laws, impose financial...

Demonstrate differences in EHRs and PHRs

  • Health Information Compliance Insider, Issue 10, October 1, 2009

    The Health Information Technology for Economic and Clinical Health (HITECH) Act includes financial...

EHRs, incentives on the horizon

  • Briefings on HIPAA, Issue 10, October 1, 2009

    : The Health Information Technology for Economic and Clinical Health (HITECH) Act includes...

HIPAA Q&A: Health plans, remote workers, and more

  • Briefings on HIPAA, Issue 10, October 1, 2009

    Learn the answer to this and more HIPAA compliance questions from your peers.

Interim final rule: Significant challenges for BAs, covered entities

  • Briefings on HIPAA, Issue 10, October 1, 2009

    Adjusting to some of the new requirements will be difficult, but other aspects of the rule...

Briefings on HIPAA, October 2009

  • Briefings on HIPAA, Issue 10, October 1, 2009

    In this issue of BOH, you’ll learn of the challenges stakeholders face in adopting EHRs and...

The meaning of meaningful use and its future

  • HIM-HIPAA Insider, Issue 39, September 29, 2009

    Nothing is concrete, but the fog surrounding meaningful use—its eventual definition...

Breach notification compliance deadline has passed

  • HIM-HIPAA Insider, Issue 36, September 28, 2009

    The compliance date on HHS' interim final rule on breach notification has passed. Are you ready to...

Tip: Build trust with the Notice of Privacy Practices

  • HIM-HIPAA Insider, Issue 36, September 28, 2009

    Don't forget to dish out those Notice of Privacy Practices.

HIPAA Update hot posts

  • HIM-HIPAA Insider, Issue 36, September 28, 2009

    What's hot on the HIPAA Update blog?

Revisit your sanctions policy with HITECH in mind

  • HIM-HIPAA Insider, Issue 36, September 8, 2009

    The Health Information Technology for Economic and Clinical Health (HITECH) Act provides a...

Medical Records Briefing, September 2009

  • HIM Briefings, Issue 9, September 1, 2009

    This month’s issue covers a wide variety of topics of interest to HIM directors. Our cover...

Briefings on HIPAA September 2009

  • Briefings on HIPAA, Issue 9, September 1, 2009

    In this issue of BOH, you’ll read about how privacy and security officers play a role in...

The meaning of meaningful use and its future

  • Briefings on HIPAA, Issue 9, September 1, 2009

    HHS will review the recommendations and release a proposed rule by the end of the year. The content...

Revisit your sanctions policy with HITECH Act in mind

  • Briefings on HIPAA, Issue 9, September 1, 2009

    Review, or even rewrite, your policy if you think it’s outdated, says Dena Boggan, CPC, CMC...

Q&A: Radiology images, contact with patient?s father, faxing pathology reports, and more

  • Briefings on HIPAA, Issue 9, September 1, 2009

    If a patient asks our radiology department for a CD of his study images for his or her use, must...

INFOSweep service helps ensure PHI destruction on copiers

  • Briefings on HIPAA, Issue 9, September 1, 2009

    The service should be of interest to covered entities and business associates that require secure...

Minnesota health system trains staff members and tracks participation success via an online system

  • Briefings on HIPAA, Issue 9, September 1, 2009

    Colleagues John Jensen and Ross T. Janssen, Esq., CISSP, knew they needed a training system that...

Money, money, money: Privacy breaches get costly

  • HIM-HIPAA Insider, Issue 35, September 1, 2009

    The cost of a privacy breach far exceeds any fines authorized by the Health Information for...

Q&A: Contacting patients by mail

  • HIM-HIPAA Insider, Issue 32, August 31, 2009

    Learn the answer to this tough HIPAA compliance question.

Business associates -- who are you?

  • HIM-HIPAA Insider, Issue 32, August 31, 2009

    Business associates need to know who they are regarding HIPAA rules. Covered entities do, too.

HHS releases interim final rule for breach notification, secure PHI

  • HIM-HIPAA Insider, Issue 34, August 25, 2009

    HHS released an interim final rule regarding breach notification and the acceptable methods for...

FTC issues final breach notification rule for electronic health information

  • HIM-HIPAA Insider, Issue 31, August 24, 2009

    The rule was issued under the mandate from Congress in the American Recovery and Reinvestment Act...

Check out our new HIPAA Update blog!

  • HIM-HIPAA Insider, Issue 33, August 18, 2009

    Since HIPAA first took effect in 2003, HCPro, Inc. has been an industry leader in privacy and...

Privacy and security breaches: Make your sanctioning message loud and clear

  • HIM-HIPAA Insider, Issue 33, August 18, 2009

    Hospitals should take a tiered approach when establishing sanction policies that consider various...

Check out our new HIPAA Update blog!

  • HIM-HIPAA Insider, Issue 30, August 17, 2009

    You will find all these training resources on our new blog, HIPAA Update.

Sebelius shifts HIPAA security rule enforcement to Civil Rights Office

  • HIM-HIPAA Insider, Issue 32, August 11, 2009

    The secretary of HHS shifted enforcement of the HIPAA security rule from CMS to the Office for...

Q&A: E-mail communication

  • HIM-HIPAA Insider, Issue 29, August 10, 2009

    Learn the answer to this challenging HIPAA scenario.

OCR: The HIPAA enforcer?

  • HIM-HIPAA Insider, Issue 29, August 10, 2009

    Now that OCR has the HIPAA Security Rule under its umbrella, does that mean more enforcement?

Check out our new HIPAA Update blog!

  • HIM-HIPAA Insider, Issue 29, August 10, 2009

    Welcome to our new HIPAA Update blog -- your one-stop shopping for HIPAA privacy and security...

Red Flags deadline moved to November 1

  • HIM-HIPAA Insider, Issue 31, August 4, 2009

    On July 29, the Federal Trade Commission announced that—for a third time—it has pushed...

KP Bellfower unsure if it will appeal second fine connected to Octomom

  • HIM-HIPAA Insider, Issue 28, August 3, 2009

    The hospital was also hit with a $250,000 fine on May 15 for similar privacy violations against...

Q&A: Keeping a record of HIPAA training files

  • HIM-HIPAA Insider, Issue 28, August 3, 2009

    Learn the answer to your tough HIPAA privacy and security questions.

Red Flags Rule deadline pushed back again

  • HIM-HIPAA Insider, Issue 28, August 3, 2009

    Red Flags was supposed to go into effect on November 1, 2008, but it was pushed back to May 1...

HIPAA happenings: Privacy and security breaches: Make your sanctioning message loud and clear to ensure compliance

  • HIM Briefings, Issue 8, August 1, 2009

    Covered entities (CE) and business associates (BA) are not required to follow HHS guidance...

Medical Records Briefing, August 2009

  • HIM Briefings, Issue 8, August 1, 2009

    This month’s issue covers a wide variety of topics of interest to HIM directors. Our cover...

Create a culture of compliance

  • Briefings on HIPAA, Issue 8, August 1, 2009

    HIPAA may not be fun to teach, learn, or execute because of its complexity, but it needn’t be...

Q&A: Breach notification, summer help, HIPAA compliance

  • Briefings on HIPAA, Issue 8, August 1, 2009

    A: If the fax included the patient’s Social Security number, you probably need to inform the...

The long road to justice after a privacy breach

  • Briefings on HIPAA, Issue 8, August 1, 2009

    Ingersoll’s story, which she shared at the 2008 HIPAA Summit in Boston, is an example of how...

Rhode Island health information exchange blazes consumer-driven path

  • Briefings on HIPAA, Issue 8, August 1, 2009

    The Rhode Island health information exchange (HIE), named “currentcare,” will go live...

Briefings on HIPAA, August 2009

  • Briefings on HIPAA, Issue 8, August 1, 2009

    In this issue of BOH, you’ll read about one healthcare worker’s battle to fight a...

AAHC: HIPAA privacy rule has significant effect on research administration, processes

  • Health Information Compliance Insider, Issue 8, August 1, 2009

    Colleagues John Jensen and Ross T. Janssen, Esq., CISSP, knew they needed a training system that...

Case study: Create a culture of HIPAA compliance

  • Health Information Compliance Insider, Issue 8, August 1, 2009

    HIPAA may not be fun to teach, learn, or execute because of its complexity, but it needn’t be...

Case study: Create a culture of HIPAA compliance

  • HIM-HIPAA Insider, Issue 30, July 28, 2009

    You’re a HIPAA expert and a trainer in a hospital, which means two things are certain: You...

Health information exchanges see 40% growth from previous year

  • HIM-HIPAA Insider, Issue 27, July 27, 2009

    In 2009 and 2010, HIEs are expected to see new opportunities with the American Recovery and...

Tips to get your business associates to comply with HIPAA

  • HIM-HIPAA Insider, Issue 27, July 27, 2009

    The language in your business associate agreement should require the BA to notify the covered...

Q&A: Active duty members on the move

  • HIM-HIPAA Insider, Issue 26, July 20, 2009

    The answers to your toughest HIPAA questions.

HHS hiring health information privacy specialists

  • HIM-HIPAA Insider, Issue 26, July 20, 2009

    HHS is hiring privacy specliasts. What does this mean for enforcement?

Hospital slapped with second six-figure fine -- again

  • HIM-HIPAA Insider, Issue 26, July 20, 2009

    This hospital did not learn from its first privacy mistake.

Minnesota health system trains staff and tracks participation success via an online system

  • Health Information Compliance Insider, Issue 8, July 16, 2009

    Perhaps the most revealing results pertained to research administration and processes, where the...

Ensure red flag compliance before August 1

  • HIM-HIPAA Insider, Issue 28, July 14, 2009

    The Federal Trade Commission (FTC) developed the Red Flags Rule pursuant to the Fair and Accurate...

Physician resistance remains obstacle to EHRs

  • HIM-HIPAA Insider, Issue 24, July 6, 2009

    Now that hospitals have a draft of the meaningful use criteria that the Health Information...

Major privacy breaches: How to respond to their unique challenges with notifying patients, government

  • Health Information Compliance Insider, Issue 7, July 1, 2009

    All organizations must develop a plan for every scenario, even the nightmares you’d prefer...

Compliance update: FTC moves Red Flags Rule compliance deadline to August 1

  • Health Information Compliance Insider, Issue 7, July 1, 2009

    The FTC announced in early May that it delayed enforcement of the rule to give creditors and...

Breach notification requirements: FTC, HHS move forward with PHR breach notification guidelines

  • Health Information Compliance Insider, Issue 7, July 1, 2009

    The Health Information Technology for Economic and Clinical Health (HITECH) Act specifies the...

Health Information Compliance Insider®, July 2009

  • Health Information Compliance Insider, Issue 7, July 1, 2009

    In this issue of HICI, you’ll learn about where HHS is in terms of defining unsecure PHI...

Major privacy breaches: How to respond to their unique challenges with notifying patients, government

  • Briefings on HIPAA, Issue 7, July 1, 2009

    All organizations must develop a plan for every scenario, even the nightmares you’d prefer...

Q&A: Hospice communication, home computer use, outgoing mail, and more

  • Briefings on HIPAA, Issue 7, July 1, 2009

    Learn the answer to this and more of your challenging HIPAA questions.

HIPAA and the HITECH Act: HHS proposed guidance offers framework for securing PHI

  • Briefings on HIPAA, Issue 7, July 1, 2009

    The new HHS guidance, which is still at the draft stage, provides acceptable encryption and...

Hospitals may put patients in control of record sharing

  • Briefings on HIPAA, Issue 7, July 1, 2009

    “What if the decision to share information is the patient’s rather than the...

Release of information to patients and minimum necessary requirements

  • HIM-HIPAA Insider, Issue 26, June 30, 2009

    Q: When patients ask us to release their entire record, must we restrict disclosure to the minimum...

Ensure confidentiality when faxing patient information

  • HIM-HIPAA Insider, Issue 26, June 30, 2009

    HIPAA does not address faxing patient information specifically, but does protect it under the...

CMS issues fact sheet on HITECH Act

  • HIM-HIPAA Insider, Issue 23, June 29, 2009

    Want to know all about the HITECH? CMS has a fact sheet for you.

Q&A: Hospice scenario

  • HIM-HIPAA Insider, Issue 23, June 29, 2009

    Get your answers to the toughest HIPAA questions from your colleagues.

HIPAA 5010 requires IT to do more with fewer resources

  • HIM-HIPAA Insider, Issue 23, June 29, 2009

    HIPAA 5010 is part of a growing laundry list of chores for providers out there today.

Many business associates not ready to comply with HIPAA

  • HIM-HIPAA Insider, Issue 23, June 29, 2009

    Are business associates ready to comply with HITECH? Do you know who your BAs are? Some covered...

Sneak peek: White paper examines HIPAA and business associates

  • HIM-HIPAA Insider, Issue 22, June 22, 2009

    What do you and your BAs need to know about new HIPAA laws? Here's a small slice.

Q&A: X-ray results

  • HIM-HIPAA Insider, Issue 22, June 22, 2009

    The answers to your tough HIPAA compliance questions.

Meaningful use first draft could guide final definition

  • HIM-HIPAA Insider, Issue 22, June 22, 2009

    The final definition of "meaningful use" could be quite different when CMS issues a...

TIP: Include Red Flags requirements in any new BA agreement

  • HIM-HIPAA Insider, Issue 21, June 15, 2009

    Here's a tip on complying with the Red Flags Rule: Get it into your contract with a business...

HIPAA 5010 is one small, but necessary step toward ICD-10

  • HIM-HIPAA Insider, Issue 21, June 15, 2009

    Before ICD-10, there's the HIPAA Version 5010. And you must be ready to comply.

Health Information Exchange will allow patients to share medical information

  • HIM-HIPAA Insider, Issue 21, June 15, 2009

    Rhode Island patients can share their information with their state -- if they want to.

Plan for the future and trust that your revamped policies are sound

  • HIM-HIPAA Insider, Issue 23, June 9, 2009

    As technology grows, evolves, and spawns newer versions of itself, security and privacy challenges...

Q&A: Billing department

  • HIM-HIPAA Insider, Issue 20, June 8, 2009

    The HIPAA privacy rule addresses disclosure of PHI for treatment and payment purposes and permits...

CVS works on patient privacy improvements following fine

  • HIM-HIPAA Insider, Issue 20, June 8, 2009

    CVS promises it is working diligently on protecting patients' privacy.

Red Flags Rule: Comply now, avoid lawsuit later

  • HIM-HIPAA Insider, Issue 20, June 5, 2009

    Red Flags Rule -- comply today. Be thankful you avoided public scrutiny tomorrow.

BA agreements: Consider additions to new contracts

  • HIM-HIPAA Insider, Issue 22, June 2, 2009

    The American Recovery and Reinvestment Act of 2009 hit business associates (BA) hard because they...

Understand the requirements for the privacy, security, and integrity of health information: IM.02.01.01 and IM.02.01.03

  • HIM Briefings, Issue 6, June 1, 2009

    Although the privacy, security, and integrity of health information have not been subjected to...

Health Information Compliance Insider®, June 2009

  • Health Information Compliance Insider, Issue 6, June 1, 2009

    In this issue of HICI, you?ll learn about the small changes you can make now to BA contracts in...

Medical Records Briefing, June 2009

  • HIM Briefings, Issue 6, June 1, 2009

    This month’s issue is full of time-saving tips and guidance. Our EHR beat column features one...

Q&A: Airlines calls

  • HIM-HIPAA Insider, Issue 19, June 1, 2009

    Your answer to a HIPAA compliance question.

TIP: Put plan into action to comply with HITECH

  • HIM-HIPAA Insider, Issue 19, June 1, 2009

    Here's a few ways to get started with compliance of HITECH.

HITECH UPDATE: HIPAA enforcement promises, but lacks specifics

  • HIM-HIPAA Insider, Issue 19, June 1, 2009

    HHS has issued a report on what it's done since the American Recovery and Reinvestment Act of 2009...

Tenet employee charged with theft, HIPAA violations

  • HIM-HIPAA Insider, Issue 19, June 1, 2009

    A Tenet Healthcare Corp. employee faces charges of access device fraud, criminal HIPAA violations...

Briefings on HIPAA June 2009

  • Briefings on HIPAA, Issue 6, June 1, 2009

    In this issue of BOH, you’ll learn how an effective risk assessment can be a money-saver (and...

Plan for the future and trust that your revamped policies are sound

  • Briefings on HIPAA, Issue 6, June 1, 2009

    You don’t have to know everything about new technology at once. Instead, start by following...

Risk and reward: Assess vulnerabilities now; avoid breaches later

  • Briefings on HIPAA, Issue 6, June 1, 2009

    Risk assessment is a process intended to protect the enterprise, its assets, and its ability to...

Q&A: Hospice staff, remote paperwork, and more

  • Briefings on HIPAA, Issue 6, June 1, 2009

    The answers to your challenging HIPAA questions.

AAHC: Privacy rule an obstacle course for biomedical research; HIPAA must be revisited

  • Briefings on HIPAA, Issue 6, June 1, 2009

    In January, the AAHC published The HIPAA Privacy Rule: Lacks Patient Benefit, Impedes Research...

CMS explains the importance of HIPAA 5010

  • HIM-HIPAA Insider, Issue 21, May 26, 2009

    CMS issued a special edition Medlearn Matters article (SE0904) that provides an overview of the...

Hackers breach college database

  • HIM-HIPAA Insider, Issue 18, May 18, 2009

    Another breach of PHI by computer hackers has a university scrambling to notify people of 160,000...

Q&A: Retention of medical records

  • HIM-HIPAA Insider, Issue 18, May 18, 2009

    The answers to your tough HIPAA questions.

REMINDER: Make your comments heard by HHS

  • HIM-HIPAA Insider, Issue 18, May 18, 2009

    Let your thoughts be heard about unsecure PHI with HHS.

Review new AHIMA practice brief on sanction guidelines for privacy and security breaches

  • HIM-HIPAA Insider, Issue 19, May 12, 2009

    AHIMA released a new practice brief May 2 that addresses the importance of creating a united...

HITECH Act: Understand the changes to BA agreements

  • HIM-HIPAA Insider, Issue 18, May 5, 2009

    President Obama’s American Recovery and Reinvestment Act of 2009—specifically Title...

Medical Records Briefing May 2009

  • HIM Briefings, Issue 5, May 1, 2009

    This month’s issue is full of time-saving tips and guidance related to

Crack down on unauthorized uses and disclosures with your EHR?s audit log

  • HIM Briefings, Issue 5, May 1, 2009

    If you’re thinking about taking advantage of the incentive payments under the American...

Make medical identity theft prevention a top priority

  • HIM Briefings, Issue 5, May 1, 2009

    Medical identity theft is an ugly reality for healthcare organizations, patients, and payers...

Red Flags Rule enforcement delayed until August 1

  • HIM-HIPAA Insider, Issue 18, May 1, 2009

    The Federal Trade Commission (FTC) has extended the Red Flags Rule enforcement deadline to August 1...

HHS outlines ways to secure PHI, create safe harbor against security breach notification

  • HIM-HIPAA Insider, Issue 17, April 28, 2009

    HHS published guidance April 17 that identifies the technologies and methodologies that render...

Crack down on unauthorized use and disclosure of PHI with your EHR's audit log

  • HIM-HIPAA Insider, Issue 17, April 28, 2009

    If you’re thinking about taking advantage of the incentive payments for EHR implementation...

Q&A: Patient photographs

  • HIM-HIPAA Insider, Issue 15, April 27, 2009

    How do you comply with HIPAA working with patient photographs?

HITECH UPDATE: Check your current system against HHS draft guidance

  • HIM-HIPAA Insider, Issue 15, April 27, 2009

    Miss HHS' draft guidance on securing PHI? We've got it.

Business associates: HIPAA survey

  • HIM-HIPAA Insider, Issue 15, April 27, 2009

    How should your business associates be trained? We want to know.

Groups oppose HHS Secretary nominee

  • HIM-HIPAA Insider, Issue 15, April 27, 2009

    Senators are scheduled to vote on President Barack Obama's nomination for Secretary of HHS early...

Comment on security breach notification rule that targets personal health records

  • HIM-HIPAA Insider, Issue 16, April 21, 2009

    If you’ve got an opinion on the proposed rule to require vendors of a personal health record...

Review new FTC Red Flag rule guidance

  • HIM-HIPAA Insider, Issue 16, April 21, 2009

    The Federal Trade Commission (FTC) published a guide, Fighting Fraud with the Red Flags Rule: A...

HITECH UPDATE: HHS misses deadline for definition of unsecured PHI

  • HIM-HIPAA Insider, Issue 14, April 20, 2009

    Looking for a new definition of unsecured protected health information?

Q&A: Diagnostic test results

  • HIM-HIPAA Insider, Issue 14, April 20, 2009

    Learn the answers to your toughest HIPAA questions.

How should business associates train staff members?

  • HIM-HIPAA Insider, Issue 14, April 20, 2009

    Business associates must be trained on the HIPAA Security Rule. We want to know what you think is...

Comment on security breach notification rule that targets personal health records

  • HIM-HIPAA Insider, Issue 14, April 20, 2009

    The FTC will publish an interim final regulation no later than August 17, which is 180 days after...

Enforcement reaches new level: HITECH Act features stiffer penalties for privacy breaches

  • HIM-HIPAA Insider, Issue 15, April 14, 2009

    It’s just one part of the much-publicized American Recovery and Reinvestment Act of 2009, but...

Tip: Use OCR privacy and security guidance as a framework

  • HIM-HIPAA Insider, Issue 13, April 13, 2009

    Organizations should use these OCR principles to better understand how they can exchange...

Red Flags Rule guidance published

  • HIM-HIPAA Insider, Issue 13, April 13, 2009

    Red Flags Rule compliance is May 1. Here's a report the FTC released to get you on track.

Q&A: Accessing your own information

  • HIM-HIPAA Insider, Issue 14, April 13, 2009

    Learn the answer to this important HIPAA compliance question.

HITECH UPDATE: How should business associates train staff members?

  • HIM-HIPAA Insider, Issue 14, April 13, 2009

    How are business associates going to train staff members in light of the new HIPAA laws?

World Privacy Forum publishes HIPAA guide for patients

  • HIM-HIPAA Insider, Issue 14, April 7, 2009

    The World Privacy Forum announced its publication of a comprehensive HIPAA privacy guide written...

Employees fired for viewing mother of eight's records

  • HIM-HIPAA Insider, Issue 13, April 6, 2009

    Here's what happens when a few staff members get nosey with a patient's record.

TIP: Review your 'hospice' signs for cars

  • HIM-HIPAA Insider, Issue 13, April 6, 2009

    Any time you have a car with a sign that mentions you volunteer at a hospice, it could affect a...

HIPAA and the HITECH Act: Get your breach notification ready

  • HIM-HIPAA Insider, Issue 13, April 6, 2009

    The HITECH calls for breach notification requirements for covered entities and business associates...

Q&A: Text messaging

  • HIM-HIPAA Insider, Issue 13, April 6, 2009

    Are you text messaging information about patients? Know the answers regarding HIPAA concerns.

Q&A: Workers' compensation, minors' privacy, and more

  • Briefings on HIPAA, Issue 4, April 1, 2009

    Learn the answers to the toughest questions on HIPAA from our experts

HIE guidance just a framework for successful compliance

  • HIM-HIPAA Insider, Issue 13, March 31, 2009

    As part of its December 2008 Privacy and Security Toolkit, the Office for Civil Rights discussed...

Report: 1.5% of hospitals have EHRs

  • HIM-HIPAA Insider, Issue 12, March 30, 2009

    Patients must have EHRs by 2014. About only 1.5% of hospitals have them, a new study says.

TIP: Know the basics of data encryption

  • HIM-HIPAA Insider, Issue 12, March 30, 2009

    If you are looking to encrypt your data on patient records, here are some basic things to know.

HIPAA and the HITECH Act: Know all the provisions

  • HIM-HIPAA Insider, Issue 12, March 30, 2009

    Know the major provisions in the HITECH Act? How about these, too?

Q&A: State-prison patients

  • HIM-HIPAA Insider, Issue 12, March 30, 2009

    After a person is released from prison is it a HIPAA violation to release the patient’s...

Security breach exposes 1,000 SSNs

  • HIM-HIPAA Insider, Issue 11, March 23, 2009

    An electronic security breach may have exposed 1,000 Social Security Numbers.

HIPAA and the HITECH Act: Mark these important dates

  • HIM-HIPAA Insider, Issue 11, March 23, 2009

    Mark these important dates down on your HIPAA calendar.

Q&A: Funeral homes

  • HIM-HIPAA Insider, Issue 11, March 23, 2009

    Funeral homes can call your covered entity with requests for patient information. How do you handle...

HIPAA, patient labels, and armbands

  • HIM-HIPAA Insider, Issue 11, March 17, 2009

      Q. Is it a breach of patient privacy and confidentiality if we print the patient’s...

Mark it down: Red flags rule compliance deadline is May 1

  • HIM-HIPAA Insider, Issue 11, March 17, 2009

    Medical identity theft is an ugly reality for healthcare organizations, patients, and payers...

Got a HIPAA case study?

  • HIM-HIPAA Insider, Issue 10, March 16, 2009

    Got a success story regarding your HIPAA compliance or training program? Let us know.

TIP: Provide ongoing contract maintenance with your BA

  • HIM-HIPAA Insider, Issue 10, March 16, 2009

    Business associates have new compliance requirements regarding the HIPAA Security Law. Here are a...

Google admits to privacy breach

  • HIM-HIPAA Insider, Issue 10, March 16, 2009

    Google made a mistake you do not want to at your facility regarding software and patient records.

HIPAA and the HITECH Act: Know the level of penalties

  • HIM-HIPAA Insider, Issue 10, March 16, 2009

    The federal goverment changed the penalties for privacy breaches. Here's how the break down.

Q&A: Working with police

  • HIM-HIPAA Insider, Issue 10, March 16, 2009

    Does your facility come in contact with police warning you about patients who are addicted to...

TIP: Check out new FAQs about disposing PHI

  • HIM-HIPAA Insider, Issue 9, March 9, 2009

    Got PHI questions? The Office for Civil Rights (OCR) may have your answer.

Q&A: Incarcerated spouse

  • HIM-HIPAA Insider, Issue 9, March 9, 2009

    Learn the answer to this HIPAA question from one of our readers.

Obama looks to Kansas governor to lead HHS

  • HIM-HIPAA Insider, Issue 9, March 9, 2009

    U.S. President leaned toward Kansas to find his pick as for the new head of HHS.

Understand the economic stimulus package’s effect on HIPAA

  • HIM-HIPAA Insider, Issue 9, March 3, 2009

    On February 17, U.S. President Barack Obama signed into law a $787 billion economic American...

Healthcare operations: How to approach HIPAA privacy rule ambiguity

  • HIM-HIPAA Insider, Issue 9, March 3, 2009

    When the OCR revised the HIPAA privacy rule in 2003, it specified accepted uses and disclosures for...

Q: Do patients need to renew HIPAA acknowledgements every year?

  • HIM-HIPAA Insider, Issue 8, March 2, 2009

    Q: Do patients need to renew HIPAA acknowledgements every year?

Report issued on privacy protections applicable to electronic information

  • HIM-HIPAA Insider, Issue 8, March 2, 2009

    The economic stimulus package approved on Feb. 17 included billions of dollars for health...

Reno judge says HIPAA doesn't prevent physician from sharing PHI

  • HIM-HIPAA Insider, Issue 8, March 2, 2009

    HIPAA doesn’t prevent attorneys from questioning physicians about their patients&rsquo...

Tip: Comply with PCI DSS to help ensure the security of your patients' financial information

  • HIM-HIPAA Insider, Issue 8, March 2, 2009

    The Payment Card Industry Security Standards Council updated its Payment Card Industry Data...

Tip: Get your 'board' on board by being prepared

  • HIM-HIPAA Insider, Issue 6, February 23, 2009

    At some point, you will need to present an idea to your board of directors. Here’s one way to...

Understand the economic stimulus package's effects on HIPAA

  • HIM-HIPAA Insider, Issue 6, February 23, 2009

    U.S. President Barack Obama signed into law last week an economic stimulus Act that has major...

Q&A: prescription records

  • HIM-HIPAA Insider, Issue 6, February 23, 2009

    Q. May a spouse obtain the prescription records of an incarcerated spouse without written...

CVS to pay $2.25 million settlement for potential privacy breaches

  • HIM-HIPAA Insider, Issue 6, February 23, 2009

    CVS will pay the price for potential privacy breaches on millions of patients’ records.

Take care when releasing protected health information to a funeral home

  • HIM-HIPAA Insider, Issue 7, February 17, 2009

    Q. Funeral homes sometimes call requesting a deceased patient’s Social Security number (SSN...

New HHS Web site

  • HIM-HIPAA Insider, Issue 5, February 16, 2009

    HHS launched a new Web site including content on HIPAA regulations under a user-friendly format.

Tip: Get your 'board' on board

  • HIM-HIPAA Insider, Issue 5, February 16, 2009

    Most providers will need to present an idea to their board of directors. Here’s one tip to...

Q&A: Notices of privacy practices

  • HIM-HIPAA Insider, Issue 5, February 16, 2009

    Q. Do notices of privacy practices (NPP) apply to business associates of a covered entity, such as...

Economic stimulus bill set to arrive on Obama's desk

  • HIM-HIPAA Insider, Issue 5, February 16, 2009

    The only step left to approve a $787 billion economic stimulus bill is President Barack...

PHRs: New consumer-driven trend can lead to better care, but also privacy challenges

  • HIM-HIPAA Insider, Issue 6, February 10, 2009

    As healthcare continues its push toward more transparency, consumers are taking a more proactive...

Tip: Make HIPAA training fun

  • APCs Insider, Issue 6, February 6, 2009

    Mandatory HIPAA training usually generates the same excitement as a trip to the dentist. Sure, you...

Implement safeguards to prevent medical identity theft

  • HIM-HIPAA Insider, Issue 5, February 3, 2009

    You’ve undoubtedly seen the headlines and silently hoped it wouldn’t happen to your...

Address data encryption in 2009

  • HIM-HIPAA Insider, Issue 5, February 3, 2009

    Eat better, go to the gym more often, and take up a hobby; these are all fine New Year’s...

Tip: Make HIPAA training fun

  • HIM-HIPAA Insider, Issue 3, February 2, 2009

    Want to make your HIPAA training a little more fun? Use the example of this facility and bring...

Q&A: Overhead paging

  • HIM-HIPAA Insider, Issue 3, February 2, 2009

    Q. Is overhead paging a patient by name back to a clinic or hospital area a HIPAA violation? Learn...

HHS releases final medical identity theft report

  • HIM-HIPAA Insider, Issue 3, February 2, 2009

    The consumer should be the key focus for consideration of prevention, detection, and remediation of...

VA agrees to pay $20 million to settle identity theft suit

  • HIM-HIPAA Insider, Issue 3, February 2, 2009

    The VA must pay its veterans -- $20 million. The department settled a class-action lawsuit by five...

Report: HIPAA privacy rule negatively affects research

  • HIM-HIPAA Insider, Issue 3, February 2, 2009

    The healthcare industry needs to be better on research. We can start by revising the HIPAA privacy...

Confront ROI challenges: Proceed with caution in situations involving sensitive conditions

  • HIM Briefings, Issue 2, February 1, 2009

    Sensitive scenarios require extra attention when releasing protected health information. Ensure...

AHIMA practice brief provides general ROI guidance

  • HIM Briefings, Issue 2, February 1, 2009

    When it comes to release of information (ROI), there is no one-stop shop that provides HIM...

Updated CoP reflect privacy, security, EHRs, and more

  • HIM Briefings, Issue 2, February 1, 2009

    EHRs, patient safety, privacy, and security are among the common themes in official updates to the...

ONC releases final report on medical identity theft

  • HIM-HIPAA Insider, Issue 4, January 27, 2009

    On January 15, the Office of the National Coordinator for Health Information Technology released a...

Updated CoP reflect privacy, security, EHRs, and more

  • HIM-HIPAA Insider, Issue 4, January 27, 2009

    EHRs, patient safety, privacy, and security are among the common themes in official updates to the...

Tip: Use these agenda items for office training

  • HIM-HIPAA Insider, Issue 2, January 26, 2009

    You can never have enough HIPAA privacy and security training at your facility -- especially your...

WV health department warns patients of identity theft

  • HIM-HIPAA Insider, Issue 2, January 26, 2009

    A West Virginia town’s health department officials identified a former temporary billing...

Insurer must show policy to prevent PHI breach

  • HIM-HIPAA Insider, Issue 2, January 26, 2009

    BlueCross sent “explanation of benefit” forms to members in November that also featured...

Take advantage of newly-released medical identity theft resources

  • HIM-HIPAA Insider, Issue 3, January 20, 2009

    If you missed the October 15, 2008 day-long medical identity theft town hall meeting sponsored by...

NIST releases guide to protect confidentiality of PII

  • HIM-HIPAA Insider, Issue 1, January 19, 2009

    Get your information on protecting the confidentiality of PII from NIST via its new release.

HHS releases update to Surgeon General's 'New Family Health History Tool'

  • HIM-HIPAA Insider, Issue 1, January 19, 2009

    Consumers will be happy with this update as far as sharing their family health history.

Tip: Avoid these pitfalls at physician practices

  • HIM-HIPAA Insider, Issue 1, January 19, 2009

    Physicians’ offices are not bereft of HIPAA compliance issues.

Data privacy in 2009: Expect stepped up red-flag enforcement

  • HIM-HIPAA Insider, Issue 1, January 12, 2009

    Red flag -- get ready for red flag identity theft rules, which are mandatory May 1, 2009.

Officials to launch PHR Choice program this week

  • HIM-HIPAA Insider, Issue 1, January 12, 2009

    Americans want more of a choice with healthcare, and HHS is ready to give it to them.

Privacy/security job titles

  • HIM-HIPAA Insider, Issue 1, January 12, 2009

    You need to know if the roles of your privacy and security officers are compliant. Find out here.

TIP: Keep an eye on legislation in new Congress

  • HIM-HIPAA Insider, Issue 1, January 12, 2009

    The Obama era begins this month. You should begin watching his Congress now.

Review new HHS draft model PHR privacy notice

  • HIM-HIPAA Insider, Issue 1, January 6, 2009

    On December 15, the Department of Health and Human Services (HHS) announced its initiation of the...

One health system implements a patient portal as a first step toward a fully integrated PHR

  • HIM Briefings, Issue 1, January 1, 2009

    Care New England, a three-hospital system in Rhode Island, was familiar with the acronym PHR...

Benchmarking survey: PHRs remain unchartered territory for some

  • HIM Briefings, Issue 1, January 1, 2009

    Personal health records (PHR) can literally change the world. Sound a bit lofty? Kerry Weems...

Form a discovery response team to effectively implement legal holds

  • HIM-HIPAA Insider, Issue 51, December 30, 2008

    The first step in creating a legal hold plan is the formation of a discovery response team.

TIP: How to set up your 'honeypots'

  • HIM-HIPAA Insider, Issue 51, December 15, 2008

    Last week’s issue discussed the use of “honeypots,” fictitious medical records...

Employee posts remarks about patients on Web site

  • HIM-HIPAA Insider, Issue 51, December 15, 2008

    An employee of a McKees Rocks, PA, OB/GYN office who posted unfavorable comments about patients on...

Massachusetts patients' information lost on stolen computer

  • HIM-HIPAA Insider, Issue 51, December 15, 2008

    A laptop containing the PHI of approximately 50 patients was stolen from Salem (MA) Hospital, the...

Breach notification

  • HIM-HIPAA Insider, Issue 51, December 15, 2008

    Q. It’s my understanding that HIPAA doesn’t require breach notification except through...

Tip: Use 'honeypots' to catch snooping employees

  • HIM-HIPAA Insider, Issue 50, December 8, 2008

    Some facilities use “honeypots” as bait to catch snooping staff members who are in...

Data Privacy Day

  • HIM-HIPAA Insider, Issue 50, December 8, 2008

    The International Association of Privacy Professions and Intel have teamed up to dedicate January...

Report on FERPA and HIPAA

  • HIM-HIPAA Insider, Issue 50, December 8, 2008

    The Departments of Education and HHS recently issued guidance on the Family Educational Rights and...

Health plans

  • HIM-HIPAA Insider, Issue 50, December 8, 2008

    A. A health plan can use Microsoft Outlook to exchange PHI with network physicians, but only if it...

A sweet tool to monitor snooping staff

  • APCs Insider, Issue 49, December 5, 2008

    To catch snooping staff, some hospitals and other HIPAA-covered entities use fictitious medical...

Educators call for Electronic Health Records protection

  • HIM-HIPAA Insider, Issue 48, December 1, 2008

    Two professors at Case Western Reserve University in Cleveland have called for increasing oversight...

Cover your ground on remote access employees

  • HIM-HIPAA Insider, Issue 48, December 1, 2008

    Your remote access employees must follow company protocol for HIPAA compliance. In fact, you should...

Healthcare employee fired after leaving laptop unattended

  • HIM-HIPAA Insider, Issue 48, December 1, 2008

    Vandals stole an unattended laptop that included health information of 100,000 patients from the...

Media inquiries

  • HIM-HIPAA Insider, Issue 48, December 1, 2008

    Q. A member of the media contacts a hospital to inquire about a particular patient and identifies...

Certified career boosters: How credentials help you

  • Health Information Compliance Insider, Issue 12, December 1, 2008

    All you need is a few dollars, a few classes, and a passing exam grade, and those few letters...

Ensure safe transfer of PHI when selling a practice

  • Health Information Compliance Insider, Issue 12, December 1, 2008

    Every day, in every industry, businesses are bought and sold, new management replaces old...

Honeypots: A sweet tool you can use to monitor snooping staff members

  • Health Information Compliance Insider, Issue 12, December 1, 2008

    It doesn’t matter whether a staff member peeks at the medical record of Tiger Woods, John...

Health Information Compliance Insider December 2008

  • Health Information Compliance Insider, Issue 12, December 1, 2008

    Health Information Compliance Insider® December 2008 Inside: Honeypots: A sweet tool you can...

Home secure home: Mitigate remote access risks

  • Briefings on HIPAA, Issue 12, December 1, 2008

    Your healthcare facility today probably allows or has pondered the idea of allowing employees to...

Certified career boosters: How credentials help you

  • Briefings on HIPAA, Issue 12, December 1, 2008

    All you need is a few dollars, a few classes, and a passing exam grade, and those few letters...

Honeypots: A sweet tool for monitoring snooping

  • Briefings on HIPAA, Issue 12, December 1, 2008

    It doesn’t matter whether a staff member peeks at the medical record of Tiger Woods, John...

Lax enforcement? Not under the OIG’s watch

  • Briefings on HIPAA, Issue 12, December 1, 2008

    The Office of Inspector General (OIG) recently criticized CMS’ lack of HIPAA security rule...

Tip: Disaster preparedness

  • HIM-HIPAA Insider, Issue 47, November 24, 2008

    You can never be too prepared for a disaster at your facility – for not only tornados...

AHIMA provides ROI guidelines

  • HIM-HIPAA Insider, Issue 47, November 24, 2008

    The American Health Information Management Association (AHIMA) released an article aimed at helping...

Taking vitals

  • HIM-HIPAA Insider, Issue 47, November 24, 2008

    Q. Do nurses violate HIPAA when they give patients injections or take their vital signs in public...

Consider AHA-endorsed tools to protect against medical identity theft

  • HIM-HIPAA Insider, Issue 45, November 18, 2008

    The American Hospital Association (AHA) announced in a November 4 press release that it has...

Tip: Ensure that staff members' cell phone use is compliant

  • HIM-HIPAA Insider, Issue 46, November 17, 2008

    Transmitting PHI via cell phone or BlackBerry—whether verbally, via text message, or...

NIST releases guidelines for cell phone and PDA security

  • HIM-HIPAA Insider, Issue 46, November 17, 2008

    The National Institute of Standards and Technology (NIST) released publication SP 800-124...

AHA endorses tool to protect against medical identity theft

  • HIM-HIPAA Insider, Issue 46, November 17, 2008

    The American Hospital Association (AHA) announced in a November 4 press release that it has...

Jury duty

  • HIM-HIPAA Insider, Issue 46, November 17, 2008

    A. Answering the court’s questions with the minimum information necessary would not have...

Protect ePHI in light of new OIG report

  • HIM-HIPAA Insider, Issue 44, November 11, 2008

    The Office of Inspector General (OIG) issued a final report October 27 reviewing CMS’ HIPAA...

Tip: Update and practice your disaster plan with staff members

  • HIM-HIPAA Insider, Issue 45, November 10, 2008

    Frequent practice is essential to protecting patient information, maintaining business operations...

AHIMA reiterates importance of protecting privacy and security of health records

  • HIM-HIPAA Insider, Issue 45, November 10, 2008

    The recent rash of privacy and security breaches involving high-profile victims illustrates the...

OIG calls HIPAA security rule oversight and enforcement ineffective

  • HIM-HIPAA Insider, Issue 45, November 10, 2008

    The Office of Inspector General (OIG) issued a largely critical final report October 27 reviewing...

Registration area

  • HIM-HIPAA Insider, Issue 45, November 10, 2008

    Q. We have a new registration area with a counter where patients sit when registering and signing...

What steps must we follow when disciplining employees involved in a privacy breach?

  • HIM-HIPAA Insider, Issue 43, November 4, 2008

    Ask the expert: What steps must we follow when disciplining employees involved in a privacy breach?

Use AHA sample policy to jump start compliance with red flag rules

  • HIM-HIPAA Insider, Issue 43, November 4, 2008

    On October 24 the American Hospital Association (AHA) published a sample policy hospitals can use...

Tip: Staff training is critical in preventing identity theft and complying with FTC 'Red Flags' rule

  • HIM-HIPAA Insider, Issue 44, November 3, 2008

    Your healthcare organization may already have an identity theft policy in place to mitigate the...

NIST releases revised resource guide for implementing the HIPAA security rule

  • HIM-HIPAA Insider, Issue 44, November 3, 2008

    The National Institute of Standards and Technology (NIST) released publication SP 800-66 Revision...

Q. Does HIPAA prohibit nursing departments from keeping patient care flow sheets in closed folders in patient rooms?

  • HIM-HIPAA Insider, Issue 44, November 3, 2008

    A. Flow sheets should contain the minimum necessary information because they may be accessible to...

Discipline with the intent to educate when responding to HIPAA violations to minimize future incidents

  • Health Information Compliance Insider, Issue 11, November 1, 2008

    Despite the thoroughness of your policies and procedures, the effectiveness of your training, and...

Disaster preparedness: Design, update, and practice your disaster recovery and business continuity plans

  • Health Information Compliance Insider, Issue 11, November 1, 2008

    Disasters aren’t a threat only in areas susceptible to tornados, earthquakes, hurricanes...

Keep cell phone use compliant

  • Health Information Compliance Insider, Issue 11, November 1, 2008

    People use cell phones to chat with friends and family, send text messages, and photograph each...

Health Information Compliance Insider, November 2008

  • Health Information Compliance Insider, Issue 11, November 1, 2008

    Inside: Keep cell phone use compliant Disaster preparedness: Design, update, and practice your...

HIPAA: Transcription, breaches, and PHI for research

  • HIM Briefings, Issue 11, November 1, 2008

    Q. May a transcriptionist type a medical report pertaining to a visit between the physician and a...

Understand the details of personal health records to serve as a valuable patient resource

  • HIM Briefings, Issue 11, November 1, 2008

    This scenario is becoming increasingly common: A patient presents to the HIM department and...

Flag identity theft as federal rule takes effect

  • HIM Briefings, Issue 11, November 1, 2008

    Although identity theft is often associated with exploited credit cards, patients can also be...

Briefings on HIPAA, November 2008

  • Briefings on HIPAA, Issue 11, November 1, 2008

    Inside: Flag identity theft as federal rule takes effect Q&A: Handle flower deliveries, media...

Flag identity theft as federal rule takes effect

  • Briefings on HIPAA, Issue 11, November 1, 2008

    Although identity theft is often associated with exploited credit cards, patients can also be...

Q&A: Handle flower deliveries, media requests, and more

  • Briefings on HIPAA, Issue 11, November 1, 2008

    Learn the answers to the toughest HIPAA questions on privacy and security.

Disaster preparedness: Design, update, practice your plan

  • Briefings on HIPAA, Issue 11, November 1, 2008

    Disasters aren’t a threat only in areas susceptible to tornados, earthquakes, hurricanes...

Confront release of information challenges

  • Briefings on HIPAA, Issue 11, November 1, 2008

    Occasionally, special situations arise in which a patient may be unable to execute an authorization...

Trust in CellTrust’s Mobile Healthcare Solution messaging

  • Briefings on HIPAA, Issue 11, November 1, 2008

    Mobile devices, especially smart phones, have become increasingly important in healthcare.

Discipline with the intent to educate

  • Briefings on HIPAA, Issue 11, November 1, 2008

    Despite the thoroughness of your policies and procedures, the effectiveness of your training, and...

Nevada, Massachusetts, other states enacting regulations to prevent data breaches

  • HIM-HIPAA Insider, Issue 43, October 27, 2008

    Thanks to new legislation, protecting people’s data is now of primary importance in several...

Study examines costs, benefits of unique patient identifiers

  • HIM-HIPAA Insider, Issue 43, October 27, 2008

    Providing every person with a unique patient identification number would be worth the high price...

FTC suspends enforcement of red flags medical identity theft rule

  • HIM-HIPAA Insider, Issue 43, October 27, 2008

    The Federal Trade Commission (FTC) has extended the red flags medical identity theft rule...

Q. Our state health department mails surveys to patients about their HIV status.

  • HIM-HIPAA Insider, Issue 43, October 27, 2008

    Q. Our state health department mails surveys to patients about their HIV status. The exterior of...

Nurse fired after publicizing altercation with law enforcement over patient privacy

  • HIM-HIPAA Insider, Issue 42, October 20, 2008

    San Juan Regional Medical Center has terminated the employment of a nurse who publicized an...

Experts says medical identity theft legislation may be on the horizon

  • HIM-HIPAA Insider, Issue 42, October 20, 2008

    Experts attending the October 15 Medical Identity Theft Town Hall sponsored by the Office of the...

Atlanta hospital patients' outsourced data made public

  • HIM-HIPAA Insider, Issue 42, October 20, 2008

    Human error—not hackers—is apparently to blame in a security breach that affected 45...

Q. Our organization received information indicating that medical personnel must attend at least 50 hours of HIPAA training annually.

  • HIM-HIPAA Insider, Issue 42, October 20, 2008

    Q. Our organization received information indicating that medical personnel must attend at least 50...

NIST releases information security testing and assessment guide

  • HIM-HIPAA Insider, Issue 41, October 13, 2008

    The National Institute of Standards and Technology (NIST) released the publication SP 800-115...

GAO report reviews advantages, risks of IT in healthcare

  • HIM-HIPAA Insider, Issue 41, October 13, 2008

    Advances in information technology (IT) can improve the quality and other aspects of healthcare...

OCR addresses HIPAA privacy during a national or public emergency

  • HIM-HIPAA Insider, Issue 41, October 13, 2008

    The OCR recently posted an FAQ regarding the status of the privacy rule during a national or public...

Q. What are the reporting requirements when a company laptop computer containing specially protected health information, such as mental health data, is stolen?

  • HIM-HIPAA Insider, Issue 41, October 13, 2008

    Q. What are the reporting requirements when a company laptop computer containing specially...

Schwarzenegger approves new patient privacy legislation

  • HIM-HIPAA Insider, Issue 40, October 6, 2008

    California Governor Arnold Schwarzenegger has signed legislation creating an oversight office to...

OIG to continue monitoring privacy and security oversight, enforcement

  • HIM-HIPAA Insider, Issue 40, October 6, 2008

    The Office of Inspector General (OIG) will continue monitoring CMS and OCR HIPAA security rule and...

Federal 'red flag' identity theft rule takes effect

  • HIM-HIPAA Insider, Issue 40, October 6, 2008

    Effective November 1, hospitals must have a plan to detect, mitigate, and prevent red flags that...

Q. We decided to improve physical security by distributing visitor badges to visitors and patients.

  • HIM-HIPAA Insider, Issue 40, October 6, 2008

    Q. We decided to improve physical security by distributing visitor badges to visitors and patients...

Attention to detail, information exchange process makes Oregon DHS a compliance success story

  • Health Information Compliance Insider, Issue 10, October 1, 2008

    Kyle Miller, CISSP, has spent nearly three decades in information technology (IT), including work...

Offshoring a potentially risky cost saver for organizations

  • Health Information Compliance Insider, Issue 10, October 1, 2008

    Outsourcing medical billing, coding, and transcription overseas yields significant savings for...

HIPAA compliance in the ER

  • Health Information Compliance Insider, Issue 10, October 1, 2008

    The emergency room (ER) is one place where unpredictability is the norm, where critical and...

Briefings on HIPAA October 2008

  • Briefings on HIPAA, Issue 10, October 1, 2008

    Inside: Keep your staff members’ e-mail private and secure HIPAA and the use of electronic...

Keep your staff members’ e-mail private and secure

  • Briefings on HIPAA, Issue 10, October 1, 2008

    In an era of instant connectivity, many physicians find that sending PHI and other confidential...

HIPAA and the use of electronic signatures and delivery

  • Briefings on HIPAA, Issue 10, October 1, 2008

    My friends in the e-commerce world tell me that they continually run into representatives of HIPAA...

Q&A: Visitor badges, stolen laptops, and more

  • Briefings on HIPAA, Issue 10, October 1, 2008

    Q. What are the reporting requirements when a company laptop containing specially protected health...

Attention to detail, information exchange process makes Oregon DHS a compliance success story

  • Briefings on HIPAA, Issue 10, October 1, 2008

    Kyle Miller, CISSP, has spent nearly three decades in information technology (IT), including work...

HIPAA in the ER: Exceptions, suggestions for compliance in a chaotic clinical setting

  • Briefings on HIPAA, Issue 10, October 1, 2008

    The emergency room (ER) is one place where unpredictability is the norm, where critical and...

GAO says HHS still has work to do in ensuring health IT privacy

  • HIM-HIPAA Insider, Issue 39, September 29, 2008

    The Government Accountability Office (GAO) on September 17 released a report on HHS’ work to...

Hospital employees fired for taking, posting photos online

  • HIM-HIPAA Insider, Issue 39, September 29, 2008

    Two staff members guilty of taking patient photographs with cell phones and posting them on MySpace...

OCR releases privacy rule disclosure guides for providers and patients

  • HIM-HIPAA Insider, Issue 39, September 29, 2008

    HHS’ Office for Civil Rights has published two guides (one for healthcare providers...

Q. Is it a HIPAA violation to display thank-you letters from patients or their families on a bulletin board or other type of display in a public area where visitors can read them?

  • HIM-HIPAA Insider, Issue 39, September 29, 2008

    Q. Is it a HIPAA violation to display thank-you letters from patients or their families on a...

Colorado hospital reports patient information lost or stolen

  • HIM-HIPAA Insider, Issue 38, September 22, 2008

    Boulder Community Hospital has notified police that copies of patient intake forms are...

EDS Corp. to pay $250,000 for mailing blunder

  • HIM-HIPAA Insider, Issue 38, September 22, 2008

    EDS Corp. of Texas will pay $250,000 as part of a settlement for a mailing mistake that resulted in...

CMS reminds providers how to keep NPPES records updated, secure

  • HIM-HIPAA Insider, Issue 38, September 22, 2008

    CMS reminds healthcare providers with NPIs that have records in the National Plan and Provider...

Q. A father takes his child to the dentist. The child is a covered party under the father's insurance policy.

  • HIM-HIPAA Insider, Issue 38, September 22, 2008

    Q. A father takes his child to the dentist. The child is a covered party under the father’s...

NIH blocks public access to DNA database to protect privacy

  • HIM-HIPAA Insider, Issue 37, September 15, 2008

    National Institute of Health (NIH) officials have removed two databases containing patient DNA...

ASCs to include ordering/referring physician names, NPIs on claims for diagnostic radiology services

  • HIM-HIPAA Insider, Issue 37, September 15, 2008

    CMS has issued MLN Matters 6129 (based on Transmittal R5172CP), which clarifies changes affecting...

HHS Town Hall to focus on medical identity theft

  • HIM-HIPAA Insider, Issue 37, September 15, 2008

    HHS’ Office of the National Coordinator for Health Information Technology will sponsor a Town...

Q. If an employer pays for employee physicals or consultations that are performed for employment purposes, do patients (employees) have a right to access the records as they would if they had paid for the services?

  • HIM-HIPAA Insider, Issue 37, September 15, 2008

    Q. If an employer pays for employee physicals or consultations that are performed for employment...

Six Alzheimer's patients are victims in alleged identity theft scheme

  • HIM-HIPAA Insider, Issue 36, September 8, 2008

    Six Alzheimer’s patients at Brookside Assisted Living in Buford, GA, are victims of identity...

California legislation aims to safeguard patient information

  • HIM-HIPAA Insider, Issue 36, September 8, 2008

    The California Senate has approved a plan to protect patient privacy with new oversight and greater...

CMS posts HIPAA compliance review examples

  • HIM-HIPAA Insider, Issue 36, September 8, 2008

    CMS will post sample findings and lessons learned from the security compliance reviews it began...

Q: May staff members in the home health field e-mail patient information if they use initials only?

  • HIM-HIPAA Insider, Issue 36, September 8, 2008

    Q: May staff members in the home health field e-mail patient information if they use initials only?

Minimize mistakes when responding to the media

  • Briefings on HIPAA, Issue 9, September 1, 2008

    It doesn’t matter whether your facility is located in a large U.S. metropolitan area or a...

Covered entity pays for a potential HIPAA violation

  • Briefings on HIPAA, Issue 9, September 1, 2008

    HHS has thrown down the gauntlet; HIPAA violations may now come with a price. HHS and Seattle-based...

Q&A: What HIPAA requires when you sell your practice, do educational mailings, e-mail PHI, and more

  • Briefings on HIPAA, Issue 9, September 1, 2008

    Editor’s note: Brandt is president of Brandt & Associates, Inc., a healthcare consulting...

Train billing and coding staff members on HIPAA

  • Briefings on HIPAA, Issue 9, September 1, 2008

    Coding and billing staff members don’t have much face-to-face interaction with patients, but...

Briefings on HIPAA September 2008

  • Briefings on HIPAA, Issue 9, September 1, 2008

    Inside: Avoid the ‘dirty little secret’ inside healthcare Limit data leakage with...

Transition to ICD-10 to include HIPAA electronic transaction standards update

  • HIM-HIPAA Insider, Issue 35, September 1, 2008

    On August 22, HHS announced a proposed regulation to replace the ICD-9 code sets now used to report...

Swedish hospital suspends nurse who posted surgery photos on Facebook

  • HIM-HIPAA Insider, Issue 35, September 1, 2008

    A Stockholm hospital has suspended one of its nurses upon learning that she posted 14 photographs...

Healthcare staff frequent participants in medical identity theft

  • HIM-HIPAA Insider, Issue 35, September 1, 2008

    Healthcare staff frequent participants in medical identity theft

Q. One of our physical therapy providers may sell his practice and has inquired whether HIPAA is a consideration with respect to his patients in this situation.

  • HIM-HIPAA Insider, Issue 35, September 1, 2008

    Q. One of our physical therapy providers may sell his practice and has inquired whether HIPAA is a...

What you may not know about HIPAA but probably should

  • Health Information Compliance Insider, Issue 9, September 1, 2008

    Editor's note: This is HICI's second installment of little-known HIPAA facts from industry...

Train billing and coding staff members on HIPAA

  • Health Information Compliance Insider, Issue 9, September 1, 2008

    Editor's note: This is the fifth and final article in a series highlighting HIPAA training needs...

Minimize mistakes when responding to the media

  • Health Information Compliance Insider, Issue 9, September 1, 2008

    It doesn't matter whether your facility is located in the largest U.S. metropolitan area or a small...

Health Information Compliance Insider, September 2008

  • Health Information Compliance Insider, Issue 9, September 1, 2008

    Inside: Minimize mistakes when responding to the media; Train billing and coding staff...