- Home
- » Health Information Management Main Page
- » e-Newsletters
- » HIPAA Weekly Advisor
- » e-Newsletters
- » Health Information Management Main Page
Free Health Information Management e-Newsletters
APCs Weekly Monitor CDI Strategies Coding Educator HIM Connection HIPAA Weekly Advisor JustCoding News: Inpatient JustCoding News: Outpatient Medicare Weekly Update The RAC Report
HIPAA Weekly Advisor
This e-mail newsletter delivers how-to advice and breaking news on HIPAA regulations each week. Stay informed on timely topics, security news and regulations, and analysis of proposed and final HIPAA rules that will ensure patient information security.
2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001
HIPAA Weekly Advisor
Issue 35, April 22, 2003
-
HHS issues HIPAA enforcement, research documents
HHS issues HIPAA enforcement, research documents
Issue 26, July 1, 2003
-
Civil rights office receives 637 HIPAA privacy complaints
HHS’ Office for Civil Rights (OCR), which enforces the HIPAA privacy rule, has received 637...
Issue 52, January 3, 2003
-
What is a limited data set?
What is a limited data set? -
Security rule still not finalized
Security rule still not finalized -
Tip: Focus on patient interaction, minimum necessary when training pharmacy staf
If your facility has a pharmacy, its staff probably don’t have to worry about a lot of the... -
Train staff on how to use PHI to protect individuals' health and safety
From time to time, health care providers must consider whether to disclose PHI without a...
Issue 40, October 10, 2003
-
Disclosure for national security or intelligence activities
What are our duties if we are asked to disclose PHI for national security or intelligence... -
HHS to look at HIPAA's impact on sports
HHS to look at HIPAA’s impact on sports -
CMS to focus next roundtable on transactions
CMS to focus next roundtable on transactions
Issue 39, October 3, 2003
-
Call-in scripts and privacy notices
We have patients who call in to renew prescriptions and don’t need to see their physician... -
Group urges HHS to provide more transactions guidance
Group urges HHS to provide more transactions guidance -
OCR adds new authorization FAQs
OCR adds new authorization FAQs -
Avoid these five common pitfalls when preparing for security
The final security rule requires covered entities to analyze their risk to determine what...
Issue 38, September 26, 2003
-
What documentation do the HIPAA regulations require?
What documentation do the HIPAA regulations require? -
BCBS to accept noncompliant transactions after October 16
BCBS to accept noncompliant transactions after October 16 -
OCR to refer criminal cases to DOJ
OCR to refer criminal cases to DOJ -
JCAHO/NCQA to focus BA certification on "business units"
JCAHO/NCQA to focus BA certification on "business units" -
Tip: Take time now to address privacy problem areas
Things may not be as hectic now as they were before April 14, but that doesn’t mean your job...
Issue 37, September 19, 2003
-
How can switchboard operators support HIPAA compliance?
What should facility switchboard operators do when they receive calls asking for a patient's room... -
Medicare to announce contingency plan decision this week
Medicare to announce contingency plan decision this week -
OCR posts combined privacy, security, and enforcement regulations, answers quest
OCR posts combined privacy, security, and enforcement regulations, answers question on notices that...
Issue 36, September 11, 2003
-
What are our duties when we receive a subpoena for medical records or other PHI?
What are our duties when we receive a subpoena for medical records or other PHI? -
Texas pharmacy violates customers' privacy
Texas pharmacy violates customers’ privacy -
Tip: Consider outsourcing parts of your information security
It may be hard to convince some people, but information security in health care isn’t very...
Issue 35, September 5, 2003
-
What exactly does HIPAA require in regards to e-mail?
What exactly does HIPAA require in regards to e-mail security? -
OCR adds new FAQs on accounting for public health access, more
OCR adds new FAQs on accounting for public health access, more -
India to adopt data privacy law
India to adopt data privacy law
Issue 34, September 28, 2003
-
What disclosures can we make in the case of abuse?
What disclosures can we make if we believe that a patient is or has been the victim of abuse... -
Hospital worker arrested for stealing patient records
Hospital worker arrested for stealing patient records -
AHA urges CMS to provide more transactions guidance
AHA urges CMS to provide more transactions guidance -
Tip: Look for these qualifications when designating an ISO
According to Rick Ensenbach CISSP, CISA, CISM, director of information security at GE Retail Sales... -
Keep a close eye on privacy when preparing for security enforcement
The Office for Civil Rights (OCR) won’t enforce HIPAA’s security rule, but security...
Issue 33, August 22, 2003
-
Does HIPAA prohibit faxing?
Does HIPAA prohibit faxing? Does the privacy rule say that utility bills or social security cards... -
DSS Research among first to apply for JCAHO/NCQA privacy certification
DSS Research among first to apply for JCAHO/NCQA privacy certification -
OCR warns about misleading marketing for HIPAA training
OCR warns about misleading marketing for HIPAA training
Issue 32, August 14, 2003
-
For payment information, can we only disclose to covered entities?
When we are disclosing information for our own payment purposes, can we only disclose it to another... -
CMS announces two more HIPAA roundtables
CMS announces two more HIPAA roundtables -
Almost one quarter of providers still out of compliance, survey shows
Almost one quarter of providers still out of compliance, survey shows -
Tip: Include trading partner provisions in business associate contracts
The final security rule eliminated chain-of-trust agreements and required covered facilities to add...
Issue 31, August 8, 2003
-
Are wireless local area networks really that insecure?
Are wireless local area networks really that insecure? -
Delaware becomes one of first HIPAA-compliant states
Delaware becomes one of first HIPAA-compliant states
Issue 30, August 1, 2003
-
Can we combine patient authorizations?
Can we combine patient authorizations? -
OCR provides privacy resources for small providers
OCR provides privacy resources for small providers -
Tip: Train staff on these key HIPAA security points now
Organizations have until 2005 to comply with the security rule’s training requirement, but... -
Lee Memorial calls on a hippie named Chip for some help with training
With your staff members’ busy work schedules, it’s not always easy for them to take...
Issue 29, July 25, 2003
-
How can I prove that we need to have a signed authorization?
Our hospital provides outpatient lab services for local physicians. Typically, we send results to... -
CMS to focus on voluntary compliance, complaints for TCS
CMS to focus on voluntary compliance, complaints for TCS -
AHIMA updates privacy, confidentiality statement to include security
AHIMA updates privacy, confidentiality statement to include security
Issue 28, July 18, 2003
-
Provider services to patients over the internet--direct or indirect treatment?
If a provider offers services to patients over the Internet, is that considered a direct or... -
JCAHO's 2004 IM standards more consistent with HIPAA
JCAHO’s 2004 IM standards more consistent with HIPAA -
OCR posts conference presentations, new FAQs on drug rebate programs
OCR posts conference presentations, new FAQs on drug rebate programs
Issue 27, July 11, 2003
-
How can PHI be used in peer review and credentialing activities?
How can PHI be used in peer review and credentialing activities? Currently, our meeting minutes use... -
OIG posts report on providers' TCS compliance efforts
OIG posts report on providers’ TCS compliance efforts -
Privacy group comments on first installment of enforcement rule
Privacy group comments on first installment of enforcement rule
Issue 26, July 3, 2003
-
Does HIPAA allow us to continue to report vital statistics?
Does HIPAA allow us to continue to report vital statistics, such as births and deaths? -
Privacy group posts two new resources
Privacy group posts two new resources -
HIPAA committee urges HHS to monitor effects of privacy rule
HIPAA committee urges HHS to monitor effects of privacy rule -
Maintain compliance with ongoing efforts
Your facility could have policies and procedures for every privacy rule requirement. But those...
Issue 25, July 27, 2003
-
How can I prevent staff members from installing personal wireless access points?
How can I prevent staff members from installing their own personal wireless access points on the... -
Civil rights office receives 637 HIPAA privacy complaints
Civil rights office receives 637 HIPAA privacy complaints -
HIPAA committee requests transactions and code sets enforcement delay
HIPAA committee requests transactions and code sets enforcement delay -
Tip: Analyze preemption statutes for psychotherapy notes and HIPAA
Take a close look at state laws before developing policies and procedures for complying with the...
Issue 24, June 20, 2003
-
Can we ask a patient why he or she is requesting a confidential communication?
Can we ask a patient why he or she is requesting a confidential communication? -
AHA calls for more informal enforcement procedures for TCS
AHA calls for more informal enforcement procedures for TCS -
NCQA, JCAHO to launch privacy certification program for business associates
NCQA, JCAHO to launch privacy certification program for business associates -
WA man errantly receives PHI via fax
WA man errantly receives PHI via fax
Issue 23, June 12, 2003
-
Automated management tools
Are there any automated management tools that contain questions, checklists, etc., for conducting a... -
Survey shows more than half of organizations lack privacy resources, have polici
Survey shows more than half of organizations lack privacy resources, have policies too difficult to... -
Tip: Convey these five key points about HIPAA privacy to your
April 14 has come and gone, but privacy compliance efforts are far from over. Many facilities will...
Issue 22, June 6, 2003
-
Is patient authorization required for medical suitability determinations?
Is patient authorization required to disclose information for medical suitability determinations? -
Wisconsin appeals court rules paramedic violated patient's privacy
Wisconsin appeals court rules paramedic violated patient’s privacy -
Security rule's addressable specifications require more documentation
Security rule’s addressable specifications require more documentation
Issue 21, June 28, 2003
-
Do you have to track disclosures which do not require authorizations?
Do you have to track (for an accounting) disclosures made under 164.512 of the privacy rule, which... -
HHS to publish proposed modifications to TCS rule, final health plan identifiers
HHS to publish proposed modifications to TCS rule, final health plan identifiers rule, and more -
DOT provides guidance on drug and alcohol testing
DOT provides guidance on drug and alcohol testing -
HHS releases first installment of enforcement rule
The Office for Civil Rights (OCR) encourages voluntary compliance by covered entities, but it can...
Issue 20, May 23, 2003
-
What are our duties, if any, if a BA misuses PHI?
What are our duties, if any, if we believe that one of our business associates has misused PHI? -
AHA calls for TCS contingency plan
AHA calls for TCS contingency plan -
CMS to hold TCS, security roundtables
CMS to hold TCS, security roundtables
Issue 19, May 15, 2003
-
Privacy notices for testing without an office visit
We are a cardiology practice that has several stand-alone testing facilities. Is it necessary to... -
URAC approves security accreditation standards
URAC approves security accreditation standards -
Tip: Don't allow contingency plan testing to disrupt patient
Organizations may be reluctant to test their contingency plans, fearing the risk of medical errors...
Issue 18, May 9, 2003
-
What are the requirements for maintaining HIPAA-related policies and procedures?
What are the privacy rule requirements for maintaining HIPAA-related policies and procedures? -
FL hospice sued for violating patients' privacy
FL hospice sued for violating patients’ privacy -
Survey shows facilities most concerned with business associate agreements
Survey shows facilities most concerned with business associate agreements
Issue 17, May 2, 2003
-
What are the requirements for a risk analysis?
What are the requirements for a risk analysis according to the final HIPAA security rule? -
HHS publishes correction to enforcement rule
HHS publishes correction to enforcement rule -
Fourth Circuit upholds constitutionality of privacy rule
Fourth Circuit upholds constitutionality of privacy rule -
How Casa Grande Regional complies with minimum necessary requirements
The privacy rule’s minimum necessary standard requires staff members to only use PHI...
Issue 16, April 24, 2003
-
Can we ever disclose PHI to a patient's employer without authorization?
Can we ever disclose PHI to a patient's employer without authorization? -
Survey shows almost half of facilities have not addressed all privacy requiremen
Survey shows almost half of facilities have not addressed all privacy requirements -
HHS releases research, public health guidance
HHS releases research, public health guidance -
Tip: Include access management language in clearinghouse contracts
Just as facilities must protect their employees’ health information from being used for...
Issue 15, April 18, 2003
-
Are we required to use a "layered" notice of privacy practices?
The final privacy changes mention a "layered" notice of privacy practices. Are we required to use... -
HHS publishes HIPAA enforcement rule, research guidance
HHS publishes HIPAA enforcement rule, research guidance -
OCR releases new complaint fact sheet and form, posts summary of privacy rule
OCR releases new complaint fact sheet and form, posts summary of privacy rule
Issue 14, April 11, 2003
-
What types of communications are not considered marketing?
What types of communications are not considered marketing? -
HPP to monitor enforcement of privacy rule
HPP to monitor enforcement of privacy rule -
URAC approves privacy accreditation standards
URAC approves privacy accreditation standards
Issue 13, April 4, 2003
-
What are some acceptable alternatives to encryption?
The final security rule lists encryption as an addressable specification. What are some acceptable... -
CMS to hold administrative simplification satellite broadcast
CMS to hold administrative simplification satellite broadcast -
Survey shows policy and procedure development, business associate agreements top
Survey shows policy and procedure development, business associate agreements top concerns for... -
Don't forget about transactions and code sets
In case you didn’t notice, changes to the final transactions and code sets rule also were...
Issue 12, March 28, 2003
-
Are coroners and medical examiners entitled to receive PHI?
Are coroners and medical examiners entitled to receive PHI? -
HHS provides instructions for filing privacy complaints, adds new FAQs
HHS provides instructions for filing privacy complaints, adds new FAQs -
Tip: Consider having staff review and sign off on HIPAA sanction policies
If you know that an employee has violated a patient’s privacy and do nothing about it, your...
Issue 11, March 21, 2003
-
How do you limit patient access to the laboratory reports in a patient record?
How do you limit patient access to the laboratory reports in a patient record? -
Survey shows almost half of organizations have conducted security risk analyses
Survey shows almost half of organizations have conducted security risk analyses -
AHA, NEMA provide sample business associate agreement for medical device manufac
AHA, NEMA provide sample business associate agreement for medical device manufacturers
Issue 10, March 13, 2003
-
What actions can a privacy board take with respect to PHI and research?
What actions can a privacy board take with respect to uses and disclosures of PHI for research? -
HHS publishes preemption process, corrections to final transactions and code set
HHS publishes preemption process, corrections to final transactions and code sets changes -
NCQA, JCAHO sign letter of intent to discuss collaborating on privacy certificat
NCQA, JCAHO sign letter of intent to discuss collaborating on privacy certification program for... -
URAC releases draft security standards for public comment
URAC releases draft security standards for public comment -
Tip: Follow these tips for choosing encryption software
Encryption should be part of a larger layered security infrastructure that includes firewalls...
Issue 9, April 7, 2003
-
What is HIPAA's stance on shredding confidential paper?
What is HIPAA's stance on shredding confidential paper? -
Hacker gains access to patient files at sleep clinic
Hacker gains access to patient files at sleep clinic -
Tip: Make HIPAA a part of your facility's PR effort
Staff members aren’t the only people you may want to educate about HIPAA. Informing the...
Issue 8, March 28, 2003
-
Who is considered a personal representative of a minor?
Who is considered a personal representative of a minor? -
Final security rule includes "addressable" specifications
Final security rule includes "addressable" specifications -
CMS releases fact sheets on final security rule, TCS changes
CMS releases fact sheets on final security rule, TCS changes
Issue 7, February 21, 2003
-
What does HHS consider "demographic information?"
What does HHS consider "demographic information?" Do we need to provide our notice of privacy... -
URAC releases draft privacy standards for public comment
URAC releases draft privacy standards for public comment -
Jury awards $2.3 million to victims of privacy breach
Jury awards $2.3 million to victims of privacy breach -
Tip: The 10 commitments of business associate contracting
Don’t make business associate contracts too complicated, says Alan S. Goldberg, Esq., partner...
Issue 6, February 13, 2003
-
HHS releases final security rule, transactions and code sets changes
HHS releases final security rule, transactions and code sets changes -
Are there any special rules regarding disclosures to the State Department?
Are there any special rules regarding disclosure of information to the U.S. State Department for... -
TriWest hit with class-action lawsuit for negligence
TriWest hit with class-action lawsuit for negligence
Issue 5, February 7, 2003
-
Are insurance companies considered business associates?
Many of the insurance companies our hospital deals with contend they are not our business... -
PHI found on computer sold in KY
PHI found on computer sold in KY -
WEDI and CAQH provide Web site to assist with transactions and code sets complia
WEDI and CAQH provide Web site to assist with transactions and code sets compliance -
Syracuse University to offer HIPAA certification classes
Syracuse University to offer HIPAA certification classes
Issue 4, February 28, 2003
-
Are we permitted to disclose PHI when we suspect child abuse?
Are we permitted to disclose PHI when we suspect child abuse? -
SCMA claims privacy rule is unconstitutional
SCMA claims privacy rule is unconstitutional -
HHS posts details on national privacy conferences
HHS posts details on national privacy conferences -
Focus on maintaining strong customer service when handling patient complaints
Responding to complaints of privacy breaches quickly and compassionately is the first step to...
Issue 3, January 20, 2003
-
What is de-identified health information?
What is de-identified health information? -
Final security rule, transactions and code sets changes under review at OMB
Final security rule, transactions and code sets changes under review at OMB -
URAC to offer privacy and security accreditation programs
URAC to offer privacy and security accreditation programs -
Tip: Work with other organizations to prepare for transactions and code sets
Collaborating on transactions and code sets compliance with other organizations will allow you to... -
What patient information is available for fundraising?
Can you clarify what patient information is available to hospital development departments and... -
JCAHO updates business associate agreement
JCAHO updates business associate agreement -
HHS to hold HIPAA privacy conferences
HHS to hold HIPAA privacy conferences
Issue 1, January 10, 2003
-
If we have a year extension, do we have to complete testing by April?
My facility applied for the one-year extension to the transactions and code sets compliance date... -
URAC forms workgroup to recommend information security best practices
URAC forms workgroup to recommend information security best practices -
Defense Department suffers one of worst ever ID theft cases
Defense Department suffers one of worst ever ID theft cases