Free Health Information Management e-Newsletters

APCs Weekly Monitor CDI Strategies Coding Educator HIM Connection HIPAA Weekly Advisor Medicare Weekly Update The RAC Report

HIPAA Weekly Advisor

This e-mail newsletter delivers how-to advice and breaking news on HIPAA regulations each week. Stay informed on timely topics, security news and regulations, and analysis of proposed and final HIPAA rules that will ensure patient information security.

Subscribe »

2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001

HIPAA Weekly Advisor

Issue 51, December 27, 2002

• May we hand out a summary instead of our lengthy notice of privacy practices?

  May we hand out a summary instead of our lengthy notice of privacy practices, as long as we make...

• Tip: Tips for outsourcing VPN implementation and maintenance

  If you decide to hire a vendor or contractor to assist with the implementation and maintenance of...

Issue 50, December 20, 2002

• What actions can an IRB take with respect to disclosures for research?

  What actions can an IRB take with respect to uses and disclosures of PHI for research?

• Tip: Consider using the Web to assist with HIPAA compliance efforts

  Allowing patients to view their medical records and communicate with physicians online will not...

Issue 49, December 13, 2002

• What should be included in the job description for an ISO?

  What should be included in the job description for an information security officer?

Issue 48, December 6, 2002

• Do we need authorization to disclose to an organ procurement organization?

  Do we need a patient's authorization to disclose PHI to an organ procurement organization?

Issue 47, December 27, 2002

• Differences between business associate and chain of trust agreements

  What is the difference between business associate agreements and chain of trust partner agreements?

• Establish marketing policies and procedures now

  If your facility hasn’t developed policies and procedures for marketing under HIPAA’s...

Issue 46, November 22, 2002

• Does the privacy rule cover uses and disclosures for military purposes?

  Does the privacy rule cover uses and disclosures for military purposes?

Issue 45, November 15, 2002

• What does the privacy rule require when faxing records?

  What does the privacy rule require us to do to protect patient's confidentiality when faxing...

Issue 44, November 8, 2002

• Can we ever disclose PHI to the employer without a patient’s authorization?

  Can we ever disclose PHI to the employer of a patient without that patient's authorization?

• Tip: Consult with patients before leaving messages

  It’s not always easy to get in touch with patients. Staff from physician offices, clinics...

Issue 43, November 1, 2002

• What types of communications are not considered marketing?

  What types of communications are not considered "marketing" and therefore do not require patient...

• Tip: Consider the pros and cons of intrusion detection systems

  As you consider installing an intrusion detection system (IDS), take a quick check of your...

• Improve MPI data integrity to prepare for unique identifier rules

  Analyzing your master patient index (MPI) data now will help you improve the accuracy and...

Issue 40, October 10, 2002

• What constitute "health care operations?"

  What constitute "health care operations?"

• Tip: Follow these tips for training volunteers and temporary

  The temporary employee who told police she took medical records home "to organize them" before...

Issue 39, October 4, 2002

• Do "e-signatures" conflict with HIPAA's focus on privacy and security?

  Do "e-signatures" conflict with HIPAA's focus on privacy and security?

• Tip: Don't leave your apps hanging out: Secure architecture for Web applications

  When it comes to establishing remote access to data through Web applications, you can be sure of...

Issue 38, September 26, 2002

• Is JCAHO considered a health oversight agency?

  Are the Joint Commission on Accreditation of Healthcare Organizations and other accrediting...

Issue 37, September 20, 2002

• Can we use sign-in sheets and call waiting patients by name?

  Can we use sign-in sheets and call waiting patients by name?

Issue 36, September 13, 2002

• Can we inform a person we believe has been exposed to a communicable disease?

  If we believe that a person has been exposed to a communicable disease, does the privacy rule...

• Tip: Use a committee to determine whether to accept patients' amendment request

  Accepting patients’ requests for record amendments, determining whether to make the...

Issue 35, September 6, 2002

• How can we ensure that our business associates comply with HIPAA?

  Besides developing business associate agreements, how can we ensure that our business associates...

Issue 34, September 28, 2002

• Under the final privacy rule, what are our duties as a clinical laboratory?

  Under the final privacy rule, what are our duties, as a clinical laboratory, in regards to...

• Consider using exams, posters to reinforce privacy training

  Facilities must complete all privacy training by April 14, 2003. But making sure employees...

Issue 33, August 21, 2002

• Under the final privacy rule, what information can go on white boards?

  Under the final privacy rule, are we permitted to post patient information on white boards?

Issue 32, August 16, 2002

• What information can we disclose to disaster relief organizations?

  What information can we disclose to disaster relief organizations?

Issue 31, June 9, 2002

• Password resets

  How can we reduce the number of calls to our help desk requesting password resets, and how can we...

• Tip: Don't forget to protect PHI on biomedical devices

  Biomedical devices, such as anesthesia units and medical imaging systems are covered by HIPAA if...

Issue 30, August 2, 2002

• Does HIPAA cover deceased individuals?

  Question of the Week: Do all of HIPAA's privacy protections and requirements extend to deceased...

• Consider a clearinghouse for transactions and code sets

  Unlike health plans, providers have options for complying with HIPAA’s transactions and code...

Issue 29, August 26, 2002

• Our hospital has standards for choosing strong passwords, but is that enough?

  Our hospital has standards for choosing strong passwords, but is that enough? How can we be sure...

Issue 28, July 19, 2002

• Are records held by a business associate part of our "designated record set"?

  Are records held by a business associate part of our "designated record set"?

Issue 27, July 12, 2002

• How would the proposed privacy changes affect marketing?

  How would the proposed privacy changes affect marketing?

Issue 26, July 3, 2002

• Tip: Check out these transactions and code set resources

  Use these resources to help implement your transactions and code sets compliance plan.

Issue 25, July 28, 2002

• How do proposed changes affect research?

  How would the proposed privacy changes affect how our facility conducts research?

• Ask these questions when conducting departmental privacy self-assessments

  A privacy gap analysis should be one of the first steps every privacy officer takes on the road to...

Issue 24, June 21, 2002

• Can patients require our facility to send mail to alternative locations?

  As a health care provider, is our facility required to honor requests by patients to send mail to...

Issue 23, June 14, 2002

• What should we include in our BA agreements?

  We are in the process of identifying our facility's business associates. What should we include in...

Issue 22, June 7, 2002

• Requirements for using or disclosing psychotherapy notes

  What is required for using or disclosing psychotherapy notes-consent or authorization?

Issue 21, June 28, 2002

• What is the best way to select secure passwords?

  HIPAA suggests using passwords to ensure secure access to computers. What is the best way to select...

• Privacy officers' salaries vary widely; responsibilities still unclear

  Privacy officials’ salaries range from as low as $30,000 to as high as $124,500, and most...

Issue 20, June 24, 2002

• Obligations when staff don’t comply

  What obligations do we have if we find that a member of our workforce is not complying with our...

• Work with department managers to provide job-specific privacy training

  Work with department managers to provide job-specific privacy training

Issue 19, May 17, 2002

• Staff at our facility often use PDAs. How can we prevent security breaches?

  Staff at our facility often use PDAs. How can we prevent security breaches?

Issue 18, May 10, 2002

• What are "affiliated covered entities"?

  What are "affiliated covered entities"? Which group health plans are not required to designate a...

Issue 17, May 3, 2002

• Can an addendum make an existing BA contract HIPAA-compliant?

  Can we add an addendum to an existing business associate contract to make it HIPAA compliant? Who...

• Include your facility's notice of privacy practices with general admission forms

  Include your facility's notice of privacy practices with general admission forms

Issue 16, April 26, 2002

• Verifying identity for disclosures

  What are we required to do, if anything, to verify the identity of a person seeking disclosure of...

• Compare HIPAA with state privacy laws before conducting a gap analysis

  If you conduct a gap analysis by comparing your practices with HIPAA’s regulations, and then...

Issue 15, April 19, 2002

• HIPAA’s inspect and copy requirement

  Our hospital has had a procedure for patients to request a copy of their medical record for a long...

Issue 14, April 11, 2002

• What are our obligations for training employees under HIPAA?

  What are our obligations for training employees under HIPAA?

Issue 13, April 5, 2002

• No EMR--What should our HIPAA concerns be?

  We are a small rural hospital and we do not have electronic medical records. What areas of HIPAA do...

• Train office managers to keep physicians HIPAA-compliant

  Train office managers to keep physicians HIPAA-compliant

Issue 12, March 28, 2002

• Authority of the Secretary of the Department of Health and Human Services (HHS)

  Does the Secretary of the Department of Health and Human Services (HHS) have any authority to...

• Protect patient information with an effective data recovery plan.

  Protect patient information with an effective data recovery plan.

Issue 11, March 22, 2002

• How can we determine who our business associates are?

  How can we determine who our business associates are?

Issue 10, March 15, 2002

• Is there such a thing as a defective authorization?

  Is there such a thing as a defective authorization? Under what circumstances can an individual...

Issue 9, March 8, 2002

• Who receives privacy training, and what should they learn?

  Who should receive privacy training and what information should be covered in the training sessions?

• Tip: Use these three easy ways to keep track of HIPAA news

  Tip: Use these three easy ways to keep track of HIPAA news

Issue 8, March 1, 2002

• Do we have to make every amendment?

  Are we obligated to agree to all amendments sought by an individual to his/her protected health...

• Know how HIPAA affects members of clergy

  Most facilities would not humor someone who asked for the name of every patient in their directory...

Issue 7, February 22, 2002

• How can we effectively train business associates to be HIPAA-compliant?

  How can we effectively train business associates to be HIPAA-compliant?

Issue 6, February 15, 2002

• Sharing PHI with patient care-taker

  Can protected health information regarding the whereabouts of the patient; i.e., that the patient...

Issue 5, February 8, 2002

• Clergy rights and HIPAA

  Under HIPAA, are the rules for accessing patient information the same for members of clergy?

Issue 4, February 1, 2002

• Pick the bet HIPAA consultant.

  So many HIPAA consultants have appeared overnight. How can my facility determine which one will...

• Follow these steps for conducting a privacy gap analysis

  Follow these steps for conducting a privacy gap analysis

Issue 3, January 24, 2002

• Where to begin with a privacy gap analysis?

  My facility is in the process of conducting a privacy gap analysis, but we're not sure where to...

Issue 2, January 18, 2002

• HIPAA and daily operations on the internet

  What are the security risks associated with using the Internet to assist with a hospital's daily...

Issue 1, January 10, 2002

• Can the privacy officer be held liable if there is a privacy breach?

  Can the privacy officer be held liable if there is a privacy breach? Do we have to display our...