- Home
- » Corporate Compliance Main Page
- » e-Newsletters
- » HIPAA Weekly Advisor
- » e-Newsletters
- » Corporate Compliance Main Page
Free Corporate Compliance e-Newsletters
APCs Weekly Monitor Compliance Monitor Healthcare Auditing Weekly HIPAA Weekly Advisor Medicare Weekly Update The RAC Report
HIPAA Weekly Advisor
This e-mail newsletter delivers how-to advice and breaking news on HIPAA regulations each week. Stay informed on timely topics, security news and regulations, and analysis of proposed and final HIPAA rules that will ensure patient information security.
2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001
HIPAA Weekly Advisor
Issue 51, December 31, 2007
-
Q: Is it necessary for a physician practice and a hospice organization to have a business associates (BA) agreement? It seems that a BA agreement would be unnecessary, because both parties are covered entities, but we can't find the specific regulation that addresses the situation.
Q: Is it necessary for a physician practice and a hospice organization to have a business... -
Surgeon violates patient privacy with cell phone photo
Surgeon violates patient privacy with cell phone photo -
Jury to determine if HIPAA violation was just cause for firing NJ secretary
Jury to determine if HIPAA violation was just cause for firing NJ secretary -
Vermont police admit to inappropriate pharmaceutical prescription investigation
Vermont police admit to inappropriate pharmaceutical prescription investigation
Issue 50, December 24, 2007
-
Q: When we transfer a patient from one unit to another, is it acceptable for staff members from the first unit to continue accessing the transferred patient's PHI? Can the staff members from the first unit call the receiving unit to check on the patient? Or must access cease at the time of transfer?
Q: When we transfer a patient from one unit to another, is it acceptable for staff members from the... -
Stolen laptop presents potential security risk for PA patients
Stolen laptop presents potential security risk for PA patients -
Report indicates organizations are making security requirements work for them
Report indicates organizations are making security requirements work for them -
CMS releases MLN Matters article clarifying NPI enumerator's responsibilities
CMS releases MLN Matters article clarifying NPI enumerator's responsibilities
Issue 49, December 17, 2007
-
Q: What level of security does HIPAA require when transmitting patient information electronically (i.e., via the Web, through e-mail, etc.)?
Q: What level of security does HIPAA require when transmitting patient information electronically... -
HHS expands privacy rule enforcement team
HHS expands privacy rule enforcement team -
WEDI publishes report on NPPES dissemination
WEDI publishes report on NPPES dissemination -
Two computers containing PHI stolen from Indiana health center
Two computers containing PHI stolen from Indiana health center
Issue 48, December 10, 2007
-
Q: Is it appropriate for a hospital's clinical department to store unencrypted patient data on a local hard drive within the department in case of a network outage? This would allow staff members to have continued access to the data, which would facilitate the continued treatment of patients.
Q: Is it appropriate for a hospital's clinical department to store unencrypted patient data on a... -
CMS hires contractor to conduct HIPAA security audits
CMS hires contractor to conduct HIPAA security audits -
Providers to implement 5010 HIPAA transactions by 2014, NCHICA and WEDI estimate: ICD-10-CM implementation expected to face similar delay
Providers to implement 5010 HIPAA transactions by 2014, NCHICA and WEDI estimate: ICD-10-CM... -
Healthcare industry companies unite to define security standards in 2008
Healthcare industry companies unite to define security standards in 2008
Issue 47, December 3, 2007
-
Q: We want to send patients reminders to schedule an appointment for repeat colonoscopies. Does HIPAA permit this?
Q: We want to send patients reminders to schedule an appointment for repeat colonoscopies. Does... -
Security researcher accesses patient medical information over the Internet
Security researcher accesses patient medical information over the Internet -
Man sues hospital for releasing blood-alcohol test, violating privacy laws
Man sues hospital for releasing blood-alcohol test, violating privacy laws -
CMS communications clarify NPI deadlines, NPPES requirements, and use of SSNs
CMS communications clarify NPI deadlines, NPPES requirements, and use of SSNs
Issue 46, November 26, 2007
-
Q: As flu season begins, we're concerned about our asthma patients, because they are a high-risk group. May we send them a notice about our flu vaccine clinics and encourage them to obtain a flu shot? Or would is this considered this targeted marketing?
Q: As flu season begins, we're concerned about our asthma patients, because they are a high-risk... -
Kentucky healthcare IT summit to discuss e-Health technology
Kentucky healthcare IT summit to discuss e-Health technology -
Laptops containing patient data stolen from Indianapolis VA hospital
Laptops containing patient data stolen from Indianapolis VA hospital -
UK considers prosecuting physicians for losing laptops containing patient data
UK considers prosecuting physicians for losing laptops containing patient data
Issue 45, November 19, 2007
-
Q: A vendor offered a new product that worked well for wounds. The nurses documented significant improvement in wound appearance with photographs. The vendor has requested copies of these photographs to help market the product. The photographs contain no patient identification and depict only the wound, not the patients' faces. May we give copies of these photographs to the vendor without patient authorization?
Q: A vendor offered a new product that worked well for wounds. The nurses documented significant... -
NIST releases guides for securing devices used for remote access, portable data security, security testing
NIST releases guides for securing devices used for remote access, portable data security, security... -
Researchers feel HIPAA hurts medical studies
Researchers feel HIPAA hurts medical studies -
Association and Medical Center train clergy to comply with HIPAA
Association and Medical Center train clergy to comply with HIPAA
Issue 44, November 12, 2007
-
Q: We file copies of patients' signed acknowledgments for the notice of privacy practices (NPP) in their medical records. If our facility readmits patients at a later time, is it necessary for them to sign the acknowledgment again?
A: Direct treatment providers are required to give a patient a NPP and to obtain acknowledgment the... -
Report calls health data bank legislation catalyst to EHR adoption
Report calls health data bank legislation catalyst to EHR adoption -
Memo outlines steps, deadlines for HHS compliance with health IT implementation initiatives
Memo outlines steps, deadlines for HHS compliance with health IT implementation initiatives -
Maryland judges decide in favor of doctor who defended patient privacy rights
Maryland judges decide in favor of doctor who defended patient privacy rights
Issue 43, November 5, 2007
-
Q: We regularly receive requests from individuals who would like access to their spouse's medical records. I know that patient authorization or power of attorney is necessary to release this information to a spouse. How should we respond to these requests to avoid upsetting requesters?
Q: We regularly receive requests from individuals who would like access to their spouse's medical... -
Billing mishap results in potential HIPAA violation
Billing mishap results in potential HIPAA violation -
CMS releases anticipated replacement NPI downloadable file
CMS releases anticipated replacement NPI downloadable file -
CMS clarifies NPI implementation
CMS clarifies NPI implementation
Issue 42, October 29, 2007
-
Q: How should an organization ensure that permanent, temporary, and volunteer providers and physicians follow appropriate policies, procedures, and practices concerning access to electronic health records (EHR) from their home or other off-site location? Should all providers and physicians have access to an EHR from off-site locations?
Q: How should an organization ensure that permanent, temporary, and volunteer providers and... -
Indiana physician improperly disposes of medical records, violates HIPAA
Indiana physician improperly disposes of medical records, violates HIPAA -
Bipartisan coalition encourages medical privacy legislation
Bipartisan coalition encourages medical privacy legislation -
Grants totaling $3.5 million to help Minnesota providers implement EHR
Grants totaling $3.5 million to help Minnesota providers implement EHR
Issue 41, October 22, 2007
-
Q: Is there a law or rule regarding off-site storage of permanent records? We currently store our closed records off-site with a contracted facility. The organization would like to store charts on-site. The room we propose to use to store the records has a window. Would this present a problem?
Q: Is there a law or rule regarding off-site storage of permanent records? We currently store our... -
MLN Matters article released on NPI rejection
MLN Matters article released on NPI rejection -
Healthcare workers suspended for viewing Clooney's medical record
Healthcare workers suspended for viewing Clooney's medical record -
VA withholds cancer patient data because of privacy concerns
VA withholds cancer patient data because of privacy concerns
Issue 40, October 15, 2007
-
Q: Is it appropriate to use text messaging on cellular phones to relay patient data between caregivers (e.g., nurse to physician)?
A: No. Unless the sending and receiving phones have encryption capabilities, the data are open to... -
CMS moves mandatory NPI use deadline to January 1, 2008
CMS moves mandatory NPI use deadline to January 1, 2008 -
Researchers retrieve health information from second-hand computers
Researchers retrieve health information from second-hand computers -
Web sites storing health data present privacy problems
Web sites storing health data present privacy problems
Issue 39, October 8, 2007
-
Q: How should provider offices secure archived patient records containing PHI? Provider offices must implement specific measures to protect the records. What are those measures? Do the regulations differ for off-site and on-site records?
Q: How should provider offices secure archived patient records containing PHI? Provider offices... -
Employees fired, suspended for violating HIPAA
Employees fired, suspended for violating HIPAA -
Audit shows some NPI data to be invalid, outdated
Audit shows some NPI data to be invalid, outdated -
Survey says HIPAA privacy rule is ineffective and troublesome for patients, researchers alike
Survey says HIPAA privacy rule is ineffective and troublesome for patients, researchers alike
Issue 38, October 1, 2007
-
Q: We perform diagnostic scans for patients who present with orders from their primary care physicians (PCPs) and specialists.
Q: We perform diagnostic scans for patients who present with orders from their primary care... -
Group Health sets example for physician-patient e-mail
Group Health sets example for physician-patient e-mail -
GAO says VA still lacks security, data at risk for exposure
GAO says VA still lacks security, data at risk for exposure -
EHR security risk study findings announced
EHR security risk study findings announced
Issue 37, September 24, 2007
-
Q: Our PHI authorization forms include a question about releasing information concerning HIV, AIDS, mental health services, and treatment of alcohol and drug abuse. Does our form need this specific question, or can the form include a question asking if we can disclose all medical records?
Q: Our PHI authorization forms include a question about releasing information concerning HIV, AIDS... -
CompTIA survey says security breach severity level is increasing
CompTIA survey says security breach severity level is increasing -
Massachusetts becomes 39th state to enact a security breach notice law
Massachusetts becomes 39th state to enact a security breach notice law -
Global survey reveals state of healthcare information security
Global survey reveals state of healthcare information security
Issue 36, September 17, 2007
-
Q: Is it permissible to send vaccination records to a school nurse without a signed authorization from the child's parents? Proof of vaccination is required before the child can be enrolled in school.
Q: Is it permissible to send vaccination records to a school nurse without a signed authorization... -
Q: A dentist's office uses self-registration for its patients. A list of the patients scheduled for the day is on a computer, and upon arrival, patients find and highlight their names to check in. Is it a HIPAA violation to use the list of names for all to see?
Q: A dentist's office uses self-registration for its patients. A list of the patients scheduled for... -
CMS releases downloadable NPI file
CMS releases downloadable NPI file -
Minnesota Health Information Exchange planned for 2008
Minnesota Health Information Exchange planned for 2008
Issue 35, September 10, 2007
-
Q: Our facility had a part-time helper who inadvertently mailed 21 different patient reminder letters to one individual. The recipient kindly returned the envelope to us. The letters contained identifying information such as the patient's name, address, dates of treatment, and the account balance. Does HIPAA obligate us to notify the other 20 patients that this incident took place?
Q: Our facility had a part-time helper who inadvertently mailed 21 different patient reminder... -
Pfizer's third security breach occurs as former employee steals 34,000 records
Pfizer's third security breach occurs as former employee steals 34,000 records -
Johns Hopkins Hospital has July security breach, data recovered
Johns Hopkins Hospital has July security breach, data recovered -
Doctor loses hard drive in Toronto's Pearson International Airport
Doctor loses hard drive in Toronto's Pearson International Airport
Issue 34, September 3, 2007
-
Is it a HIPAA violation to post information, such as activity interests, lifestyle information, occupations, etc., in each resident's room?
Is it a HIPAA violation to post information, such as activity interests, lifestyle information... -
Query-only NPI database operational September 4
Query-only NPI database operational September 4 -
Without letters of conservatorship, is a parent of a deceased adult child entitled to the PHI of the child?
Without letters of conservatorship, is a parent of a deceased adult child entitled to the PHI of... -
Antifraud standards subject of EHR report
Antifraud standards subject of EHR report
Issue 33, August 27, 2007
-
Q: How often should we retrain our work force on HIPAA privacy and security rules?
Q: How often should we retrain our work force on HIPAA privacy and security rules? -
Both federal and state healthcare privacy laws conflict and confuse
Both federal and state healthcare privacy laws conflict and confuse -
North Carolina Healthcare Alliance releases security template for portable data storage
North Carolina Healthcare Alliance releases security template for portable data storage -
Physicians consider wide range of concerns when deciding whether to e-mail patients
Physicians consider wide range of concerns when deciding whether to e-mail patients
Issue 32, August 20, 2007
-
Q: Can a covered entity provide copies of a patient's designated record set via the Web by sending the patient an e-mail when his or her records are available? Does this vary from state to state?
Q: Can a covered entity provide copies of a patient's designated record set via the Web by sending... -
Q: Can a covered entity provide copies of a patient's designated record set via the Web by sending the patient an e-mail when his or her records are available? Does this vary from state to state?
Q: Can a covered entity provide copies of a patient's designated record set via the Web by sending... -
Detroit residents find abandoned medical records
Detroit residents find abandoned medical records -
World's largest drug-maker reports second security breach in as many months
World's largest drug-maker reports second security breach in as many months -
Report recommends improvements to electronic health records
Report recommends improvements to electronic health records
Issue 31, August 13, 2007
-
Q: Our company performs forensic urine drug tests. Most of our business comes from probation agencies. We also occasionally perform preemployment urine drug tests. Are we a covered entity under HIPAA?
Q: Our company performs forensic urine drug tests. Most of our business comes from probation... -
Report: Federal agencies' weak security controls means potential data risk
Almost all of the major federal agencies, including HHS and other departments with large healthcare... -
Vermont hospitals adopt electronic medical records
Vermont hospitals adopt electronic medical records -
Lessons learned from disbanded California Health Information Exchange
Lessons learned from disbanded California Health Information Exchange
Issue 30, August 6, 2007
-
Q: If we allow patients to download copies of their health records, how do we ensure patient e-mail address and password privacy? There is a possibility that patient e-mail accounts aren't secure or that they will share their passwords. How do we communicate this to patients who authorize use of the Web to download their record?
Q: If we allow patients to download copies of their health records, how do we ensure patient e-mail... -
Indianapolis hospital had security lapse: 51,000 patients' information was available online
Indianapolis hospital has security lapse: 51,000 patients' information was available online -
Rhode Island first to implement statewide electronic health record database
Rhode Island first to implement statewide electronic health record database -
Reports find privacy and security a challenge for electronic health data exchange
Reports find privacy and security a challenge for electronic health data exchange
Issue 29, July 30, 2007
-
Q: We are scanning remittances containing information about multiple patients in
Q: We are scanning remittances containing information about multiple patients into our practice... -
Unencrypted data causes military health information breach
Government contractor, Science Applications International Corp (SAIC) of San Diego, announced July... -
Electronic medical records require increased privacy regulation
Healthcare experts announced July 18 that new rules are required to protect medical privacy as the...
Issue 28, July 23, 2007
-
Q: Is it a violation of HIPAA to send an e-mail to all staff members within an o
Q: Is it a violation of HIPAA to send an e-mail to all staff members within an organization... -
Senators introduce bill to revise and update HIPAA
Senators introduce bill to revise and update HIPAA -
Dallas ER's self check-in kiosks eliminate lines and maximize privacy
Dallas ER's self check-in kiosks eliminate lines and maximize privacy -
Nebraska Hospitals provide family and friends with real-time electronic updates
Nebraska Hospitals provide family and friends with real-time electronic updates
Issue 27, July 16, 2007
-
Q: A patient is suing us for violating her privacy rights because her husband's
Q: A patient is suing us for violating her privacy rights because her husband's attorney subpoenaed... -
Update on VA data breach: Agency steps up security while search continues
Update on VA data breach: Agency steps up security while search continues -
Federal Government's attempt to centralize medical records is potential security
Federal Government's attempt to centralize medical records is potential security risk -
HHS advised to expand types of covered entities
HHS advised to expand types of covered entities -
Note from the editor
Note from the editor
Issue 26, July 9, 2007
-
Q: We have a patient in the intensive care unit (ICU) with alcohol poisoning and
Q: We have a patient in the intensive care unit (ICU) with alcohol poisoning and a diagnosis of... -
New York Times: HIPAA confusion remains for healthcare staff
Much to the dismay of patients, their families, and friends, HIPAA continues to be a source of... -
HHS official talks about HIPAA information sharing
New York Times reporter Jane Gross interviewed Susan McAndrew, deputy director for health... -
Bill supporting healthcare IT for rural areas headed to the House
Rural healthcare IT funding is currently gaining support through the Health Care Access and Rural... -
Bill supporting healthcare IT for rural areas headed to the House
Rural healthcare IT funding is currently gaining support through the Health Care Access and Rural...
Issue 25, July 2, 2007
-
Q: When a baby is born in a hospital (covered entity) and the mother has receive
A: The privacy regulations require you to give each patient (or his or her personal representative... -
CMS delays NPPES release
CMS decided to delay NPI dissemination for an additional 30 days, according to the agency. -
Senate committee approves healthcare IT bill
Senate committee approves healthcare IT bill -
Healthcare employee data missing in California
Healthcare employee data missing in California
Issue 24, June 25, 2007
-
Q: What is an appropriate disciplinary action to enforce for staff members who t
You should have a written policy that allows for the removal of medical records from the facility... -
CMS to test personal health records
CMS announced on June 20 a new pilot program for certain Medicare beneficiaries under which they... -
Court rules e-mail is private under fourth amendment
A federal appeals court ruled June 18 that law enforcement officials cannot search e-mail without a... -
Healthcare worker convicted of identity theft from disabled, elderly
Pennsylvania caretaker Antoinette Colclough pled guilty and was convicted of identity theft on... -
Note from the editor
Note from the editor
Issue 23, June 18, 2007
-
Q: Our nursing home publishes the names of residents who have died. Is this a HI
You should obtain written permission from the deceased's next of kin to do to legally publish the... -
Jury indicts man for hacking hospital computers
A federal grand jury indicted a man after he allegedly infected computers at the Cook County Bureau... -
GAO director: There's room for progress on security
The Director of Information Security Issues at the Government Accountability Office (GAO), Gregory... -
Maryland laptop stolen
A laptop containing the personal information of approximately 6,000 people was stolen earlier this...
Issue 22, June 11, 2007
-
Q: Can the hospital's front desk receptionist give information to a caller askin
A: Before giving out any information regarding a patient, the receptionist must be sure the patient... -
NPI FAQ available
CMS has posted a series of frequently-asked questions (FAQ) related to the National Plan and... -
Register for June 14 NPI call
CMS will host a national roundtable about the recent data dissemination notice on June 14 at 2 pm... -
NIST releases special publication
The National Institute of Standards and Technology (NIST) has released guidelines for developing...
Issue 21, June 4, 2007
-
Q: What formal training courses or seminars are available to promote healthcare
There are a number of resources available, ranging from textbooks and frequently asked questions... -
UPMC under fire, again
The University of Pittsburgh Medical Center (UPMC) is facing public outcry after a donor pitch... -
CMS publishes NPI notice in Federal Register
CMS published the National Plan and Provider Enumeration System (NPPES) data dissemination notice... -
Providers split on patient access
Healthcare providers are split about the benefits of allowing patients' access to their records...
Issue 20, May 28, 2007
-
Q: A provider affiliated with or employed by a covered entity would like to e-ma
Such e-mails from the provider to the covered entity’s registration department would comply... -
CMS releases NPI data dissemination notice
CMS released a display copy of the much-anticipated National Plan and Provider Enumeration System... -
Enthusiasm for HIT lags
Those in the health information technology (HIT) community say that after years of efforts to... -
Physician blogs raise privacy concerns
The growing number of physicians who use online blogs is raising concerns in the privacy community...
Issue 19, May 21, 2007
-
Georgia breach affects 140,000
The Georgia Department of Human Resources is spreading the word about a lapse in security that has... -
Florida medical data may go online
Physicians and hospitals throughout Florida may soon be able to obtain patient information using... -
Indiana notifies 71,000 of Web site breach
A March audit discovered that computer hackers accessed the personal information of more than... -
Q: Does HIPAA require us to send a disclaimer with all faxes?
HIPAA does not specifically require you to print a privacy disclaimer on the cover sheet of all...
Issue 18, May 14, 2007
-
Texas agency misplaces information on nine million records
The Texas Health and Human Services Commission misplaced 14 data tapes that held approximately nine... -
Clerical error results in confidentiality breach
The California Department of Health Services inadvertently revealed the names and addresses of... -
New Hampshire to fight for prescription privacy law
New Hampshire Attorney General Kelly A. Ayotte will appeal a district court decision striking down... -
Q: Is it possible for unauthorized individuals to intercept cordless phone conve
Yes.
Issue 17, May 7, 2007
-
Survey: Most say EHR benefits outweigh risks
Forty-seven percent of respondents to Kaiser Permanente's recent telephone survey of 1,000... -
Web site provides secure emergency access to patient Rx history
A new Web site called In Case of Emergency: Rx History will provide prescription histories to... -
Gun buyer database needs clash with state privacy laws
Although there is support in Congress to require states to report mental health records to the... -
Q: A cardiologist thinks he has the right to access our hospital's daily admiss
Many hospitals allow medical staff members to access complete census lists, but your hospital has...
Issue 16, April 30, 2007
-
Medicare releases contingency plan
Medicare may reject claims that do not contain an NPI for primary providers as early as July... -
Web site details privacy enforcement
HHS has resolved three-quarters of the more than 26,000 privacy complaints it has received since... -
Laptop theft puts 6,000 at risk of identity theft
A laptop computer disappeared from a Baltimore County health center on April 16, putting 6,000... -
Q: It seems impossible to actually amend an electronic medical record. We can ad
It appears that the individual at the OCR is unclear about acceptable procedures for amending...
Issue 15, April 23, 2007
-
Q: Is it a HIPAA violation for health information management department personne
A: This is not a HIPAA violation, as long as you protect the charts from access by members of the... -
HHS gives OCR subpoena authority
The secretary of Health and Human Services (HHS) has delegated to the director of the Office for... -
3,000 cancer subjects at risk of identity theft
About 3,000 cancer study subjects and potential study subjects are at risk after thieves stole a... -
Social Security Administration worker loses files
The confidential files of six Wisconsin residents who sought Social Security disability benefits...
Issue 14, April 16, 2007
-
Q: A local college psychology class would like to observe residents in our demen
I recommend not allowing this observation. The contribution to the education of the students is... -
2.9 million in Georgia at risk of ID theft
Current and former Medicare and PeachCare recipients in Georgia are at risk for identity theft... -
CMS posts new NPI FAQs
Although CMS announced a delay in enforcing the NPI standard, that does not mean that providers... -
Pittsburgh medical center posts PHI online
The University of Pittsburgh Medical Center (UPMC) is conducting an investigation after... -
Q: In the age of electronic medical records, it seems impossible to actually ame
It appears that the individual at the OCR is unclear about acceptable procedures for amending...
Issue 13, April 9, 2007
-
Medical center employee charged with misusing patient information
Authorities have charged a former employee of University of Illinois Medical Center at Chicago with... -
Organizations responsible for most security incidents
Most data security incidents are due to organizational mistakes, rather than hackers, according to... -
CMS announces NPI contingency plan
CMS will not enforce the May 23 deadline for national provider identifier (NPI) implementation, as... -
Q: A 19-year-old presents an insurance card listing him or her as a qualified de
Assuming the age of majority is 18 in your state, this patient is an adult. Although his or her...
Issue 12, April 2, 2007
-
Poll: Patients optimistic about technology, privacy
Sixty-three percent of respondents to a January Harris Interactive poll said that privacy rights do... -
Parents hide webcam in hospital room
Parents of a child receiving treatment at Children's Hospital in Boston surreptitiously placed a... -
31,000 at risk after laptops disappear
Thirty-one thousand patients and staff are at risk of identity theft after two laptop computers... -
Q: A local college psychology class would like to observe residents in our demen
I would recommend against allowing this observation. I think the contribution to the education of...
Issue 11, March 19, 2007
-
OIG starts HIPAA security audits
The Office of Inspector General (OIG) confirmed that it has begun auditing covered entities for... -
Hacker puts 71,000 at risk
Seventy-one thousand healthcare employees are at risk of identity theft after a hacker in January... -
Report: US should learn from other countries' health networks
The United States can learn from other countries' experiences in developing national health... -
Q: May health insurance companies use blanket authorizations to disclose lists o
The privacy regulations require written authorization from the patient for marketing disclosures... -
California RHIO shuts down over privacy concerns
Santa Barbara, CA-based County Care Data Exchange's governing body folded on December 31, 2006... -
NIST revises security guidance
The National Institute for Standards and Technology recently made revisions to the following... -
Q: Will single sign-on (SSO) technology help us meet certain security rule requi
An SSO solution-either a third-party product, or an internal directory service can certainly help... -
Empire recovers missing CD
New York-based Empire Blue Cross Blue Shield on March 14 recovered a missing compact disc (CD...
Issue 10, March 12, 2007
-
Suit alleges HIPAA noncompliance
A medical center employee has sued a physician for inappropriately reviewing her medical records... -
Security lapse puts medical records online
Two thousand patients of Westerly (RI) Hospital are at risk of identity theft after their names... -
VA security still lax
Auditors of the Department of Veterans Affairs (VA) told a congressional committee that security... -
Q: Can we post pictures of deceased nursing home residents as a way of rememberi
Displaying these photos where future patients and visitors may see them is a disclosure of personal...
Issue 9, March 5, 2007
-
Are cover sheets required to fax prescription requests to secure fax machines?
Q: Must we include a cover sheet when faxing prescription requests to a secure fax machine at a... -
AHIC co-chair resigns, criticizes privacy progress
Paul Feldman, deputy director of the Washington, DC-based Health Privacy Project, has resigned as... -
CMS issues new NPI FAQs
You cannot use your employer identification number (EIN) instead of the national provider... -
Nationwide security breach notification on the horizon
Several bills waiting to go before Congress would enact a nationwide security breach notification...
Issue 8, February 26, 2007
-
What safeguards do we need when disclosing PHI to offshore computer developers?
The privacy rule requires that you have a business associate agreement (BAA) with outside companies... -
NCVHS urges NPI extension
HHS should allow a six-month national provider identifier (NPI) contingency period which would let... -
VA halts research programs after breach
The Department of Veterans Affairs' (VA) Research Enhancement Award Programs will shut down until... -
NIST issues security guidance
Maintaining e-mail security is an ongoing process, and organizations should be prepared to apply...
Issue 7, February 19, 2007
-
Does HIPAA prohibit us from using patients' Social Security numbers?
The privacy rule does not prohibit you from using the SSN as a patient identifier, but some state... -
VA breach affects 535,000
An investigation by the Department of Veterans Affairs (VA) into a missing hard drive has revealed... -
Missing laptop threatens 130,000
130,000 patients may be at risk of identity theft after thieves stole a laptop computer from... -
Judge delivers sentence in identity theft case
Judge Ricardo S. Martinez sentenced 62-year-old James Leroy Henderson to 74 months in prison, five...
Issue 5, February 5, 2007
-
How can we securely allow a provider to access an EHR through a Web interface?
Before allowing access to an EHR via Web interface, you should reasonably ensure that the interface... -
Group urges adjustments to HHS’ NPI implementation plan
HHS should permit contingency plans and consider extending the national provider identifier (NPI... -
AHIMA to offer new privacy/security credential
The American Health Information Management Association (AHIMA) will merge its current credentials... -
1,100 at risk of identity theft
Approximately 1,100 patients of Salina (KS) Regional Health Center are at risk of identity theft...
Issue 4, January 29, 2007
-
How should we handle callers who claim to be family members of a patient?
You do not have an obligation to authenticate callers family members when releasing information... -
Defendant guilty in identity theft case
A jury on January 24 convicted Fernando Ferrer, Jr., of an eight-count indictment charging that he... -
Americans see access as way to improve quality
Americans want to have electronic copies of their medical records and believe having greater access... -
28,000 at risk of identity theft
More than 28,000 customers of Columbus, OH-based Nationwide Mutual Insurance Company are at risk of...
Issue 3, January 22, 2007
-
What are HIPAA's rules with regard to a hospital selling accounts receivables?
The hospital must strip all health-related information from the sold records; the records should... -
WEDI, BCBSA offer free NPI resources
The Workgroup for Electronic Data Interchange (WEDI) and the Blue Cross Blue Shield Association... -
Bush advocates genetic privacy law
President Bush last week encouraged Congress to pass legislation protecting Americans' genetic... -
Maryland restricts use of SSNs
In a bid to prevent identity theft, Maryland now prohibits organizations from putting employees...
Issue 2, January 15, 2007
-
Is it a HIPAA violation to take files containing PHI out of the office?
You should remove patient records from the facility's safekeeping under very limited circumstances... -
CMS issues remote security guidance
Covered entities "should be extremely cautious" about allowing remote access to electronic... -
Minnesota health clinic suspends employees for HIPAA violations
Park Nicollet, a MN-based health care clinic, suspended over 100 employees last week for violating... -
Identity theft group seeks comments
The Federal Identity Theft Task Force is seeking public comments on how to improve the... -
Guilty plea in identity theft case
Isis Machado, former front desk coordinator at the Cleveland Clinic, in Weston, FL, pleaded guilty...
Issue 1, January 8, 2007
-
NPI compliance date approaching
Providers should allocate a minimum of 120 days to achieve full use of the national provider... -
New law requires VA to beef up data security
The Department of Veterans Affairs (VA) must promptly notify veterans of data breaches and... -
Data for 38,000 cancer patients missing
More than 38,000 cancer patients are at risk of identity theft after thieves stole a computer...
Issue 8, February 21, 2007
-
CORI checks not pulling through for all home health agencies
CORI checks not pulling through for all home health agencies