- Home
- » Corporate Compliance Main Page
- » e-Newsletters
- » HIPAA Weekly Advisor
- » e-Newsletters
- » Corporate Compliance Main Page
Free Corporate Compliance e-Newsletters
APCs Weekly Monitor Compliance Monitor Healthcare Auditing Weekly HIPAA Weekly Advisor Medicare Update for Physician Services Medicare Weekly Update The RAC Report
HIPAA Weekly Advisor
This e-mail newsletter delivers how-to advice and breaking news on HIPAA regulations each week. Stay informed on timely topics, security news and regulations, and analysis of proposed and final HIPAA rules that will ensure patient information security.
2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001
HIPAA Weekly Advisor
Issue 53, December 29, 2008
-
Children in the office
Q. One of our employees on very rare occasions will have one of her children stop by the office, a... -
Tip: Tighten your HIPAA security policies and procedures
Providence Health & Services in Seattle is paying the price for violating HIPAA. A $100,000... -
West Virginia officials may have violated HIPAA privacy
West Virginia government officials may have violated HIPAA’s privacy rule when they released... -
Former Cedars-Sinai employee held for identity theft, fraud
Cedars-Sinai Medical Center former employee James Allen Wilson, 44, of Los Angeles allegedly stole...
Issue 52, December 22, 2008
-
OCR releases new HIPAA privacy guidance
On December 15, OCR published new HIPAA privacy rule guidance documents as part of a Privacy and... -
Big computer screens
Q. Do big screens mounted in an operating room (OR) or emergency room (ER) displaying patient data... -
Tip: Mitigate the risk of identity theft
Healthcare organizations should be aware of the FTC’s Identity Theft Red Flags rules under...
Issue 51, December 15, 2008
-
Breach notification
Q. It’s my understanding that HIPAA doesn’t require breach notification except through... -
Massachusetts patients' information lost on stolen computer
A laptop containing the PHI of approximately 50 patients was stolen from Salem (MA) Hospital, the... -
Employee posts remarks about patients on Web site
An employee of a McKees Rocks, PA, OB/GYN office who posted unfavorable comments about patients on... -
TIP: How to set up your 'honeypots'
Last week’s issue discussed the use of “honeypots,” fictitious medical records...
Issue 50, December 8, 2008
-
Health plans
A. A health plan can use Microsoft Outlook to exchange PHI with network physicians, but only if it... -
Report on FERPA and HIPAA
The Departments of Education and HHS recently issued guidance on the Family Educational Rights and... -
Data Privacy Day
The International Association of Privacy Professions and Intel have teamed up to dedicate January... -
Tip: Use 'honeypots' to catch snooping employees
Some facilities use “honeypots” as bait to catch snooping staff members who are in...
Issue 48, December 1, 2008
-
Media inquiries
Q. A member of the media contacts a hospital to inquire about a particular patient and identifies... -
Healthcare employee fired after leaving laptop unattended
Vandals stole an unattended laptop that included health information of 100,000 patients from the... -
Cover your ground on remote access employees
Your remote access employees must follow company protocol for HIPAA compliance. In fact, you should... -
Educators call for Electronic Health Records protection
Two professors at Case Western Reserve University in Cleveland have called for increasing oversight...
Issue 47, November 24, 2008
-
Taking vitals
Q. Do nurses violate HIPAA when they give patients injections or take their vital signs in public... -
AHIMA provides ROI guidelines
The American Health Information Management Association (AHIMA) released an article aimed at helping... -
Tip: Disaster preparedness
You can never be too prepared for a disaster at your facility – for not only tornados... -
Oregon VA posts patient information on Web
The Portland, OR Veterans Affairs (VA) Department mistakenly posted Social Security numbers on the...
Issue 46, November 17, 2008
-
Jury duty
A. Answering the court’s questions with the minimum information necessary would not have... -
AHA endorses tool to protect against medical identity theft
The American Hospital Association (AHA) announced in a November 4 press release that it has... -
NIST releases guidelines for cell phone and PDA security
The National Institute of Standards and Technology (NIST) released publication SP 800-124... -
Jacksonville hospital fires staff members for accessing NFL player's medical records
Shands Jacksonville (FL) Medical Center has fired 20 staff members for inappropriately viewing or... -
Tip: Ensure that staff members' cell phone use is compliant
Transmitting PHI via cell phone or BlackBerry—whether verbally, via text message, or...
Issue 45, November 10, 2008
-
Registration area
Q. We have a new registration area with a counter where patients sit when registering and signing... -
OIG calls HIPAA security rule oversight and enforcement ineffective
The Office of Inspector General (OIG) issued a largely critical final report October 27 reviewing... -
AHIMA reiterates importance of protecting privacy and security of health records
The recent rash of privacy and security breaches involving high-profile victims illustrates the... -
Tip: Update and practice your disaster plan with staff members
Frequent practice is essential to protecting patient information, maintaining business operations...
Issue 44, November 3, 2008
-
Q. Does HIPAA prohibit nursing departments from keeping patient care flow sheets in closed folders in patient rooms?
A. Flow sheets should contain the minimum necessary information because they may be accessible to... -
NIST releases revised resource guide for implementing the HIPAA security rule
The National Institute of Standards and Technology (NIST) released publication SP 800-66 Revision... -
Health insurer looses data on 36,000 retirees, insufficient postage likely cause
Health insurer Medical Mutual of Ohio believes insufficient postage is to blame for the recent loss... -
Tip: Staff training is critical in preventing identity theft and complying with FTC 'Red Flags' rule
Your healthcare organization may already have an identity theft policy in place to mitigate the...
Issue 43, October 27, 2008
-
Q. Our state health department mails surveys to patients about their HIV status.
Q. Our state health department mails surveys to patients about their HIV status. The exterior of... -
FTC suspends enforcement of red flags medical identity theft rule
The Federal Trade Commission (FTC) has extended the red flags medical identity theft rule... -
Study examines costs, benefits of unique patient identifiers
Providing every person with a unique patient identification number would be worth the high price... -
Nevada, Massachusetts, other states enacting regulations to prevent data breaches
Thanks to new legislation, protecting people’s data is now of primary importance in several...
Issue 42, October 20, 2008
-
Q. Our organization received information indicating that medical personnel must attend at least 50 hours of HIPAA training annually.
Q. Our organization received information indicating that medical personnel must attend at least 50... -
Atlanta hospital patients' outsourced data made public
Human error—not hackers—is apparently to blame in a security breach that affected 45... -
Experts says medical identity theft legislation may be on the horizon
Experts attending the October 15 Medical Identity Theft Town Hall sponsored by the Office of the... -
Nurse fired after publicizing altercation with law enforcement over patient privacy
San Juan Regional Medical Center has terminated the employment of a nurse who publicized an...
Issue 41, October 13, 2008
-
Q. What are the reporting requirements when a company laptop computer containing specially protected health information, such as mental health data, is stolen?
Q. What are the reporting requirements when a company laptop computer containing specially... -
OCR addresses HIPAA privacy during a national or public emergency
The OCR recently posted an FAQ regarding the status of the privacy rule during a national or public... -
GAO report reviews advantages, risks of IT in healthcare
Advances in information technology (IT) can improve the quality and other aspects of healthcare... -
NIST releases information security testing and assessment guide
The National Institute of Standards and Technology (NIST) released the publication SP 800-115...
Issue 40, October 6, 2008
-
Q. We decided to improve physical security by distributing visitor badges to visitors and patients.
Q. We decided to improve physical security by distributing visitor badges to visitors and patients... -
Federal 'red flag' identity theft rule takes effect
Effective November 1, hospitals must have a plan to detect, mitigate, and prevent red flags that... -
OIG to continue monitoring privacy and security oversight, enforcement
The Office of Inspector General (OIG) will continue monitoring CMS and OCR HIPAA security rule and... -
Schwarzenegger approves new patient privacy legislation
California Governor Arnold Schwarzenegger has signed legislation creating an oversight office to...
Issue 39, September 29, 2008
-
Q. Is it a HIPAA violation to display thank-you letters from patients or their families on a bulletin board or other type of display in a public area where visitors can read them?
Q. Is it a HIPAA violation to display thank-you letters from patients or their families on a... -
OCR releases privacy rule disclosure guides for providers and patients
HHS’ Office for Civil Rights has published two guides (one for healthcare providers... -
Hospital employees fired for taking, posting photos online
Two staff members guilty of taking patient photographs with cell phones and posting them on MySpace... -
GAO says HHS still has work to do in ensuring health IT privacy
The Government Accountability Office (GAO) on September 17 released a report on HHS’ work to...
Issue 38, September 22, 2008
-
Q. A father takes his child to the dentist. The child is a covered party under the father's insurance policy.
Q. A father takes his child to the dentist. The child is a covered party under the father’s... -
CMS reminds providers how to keep NPPES records updated, secure
CMS reminds healthcare providers with NPIs that have records in the National Plan and Provider... -
EDS Corp. to pay $250,000 for mailing blunder
EDS Corp. of Texas will pay $250,000 as part of a settlement for a mailing mistake that resulted in... -
Colorado hospital reports patient information lost or stolen
Boulder Community Hospital has notified police that copies of patient intake forms are...
Issue 37, September 15, 2008
-
Q. If an employer pays for employee physicals or consultations that are performed for employment purposes, do patients (employees) have a right to access the records as they would if they had paid for the services?
Q. If an employer pays for employee physicals or consultations that are performed for employment... -
HHS Town Hall to focus on medical identity theft
HHS’ Office of the National Coordinator for Health Information Technology will sponsor a Town... -
ASCs to include ordering/referring physician names, NPIs on claims for diagnostic radiology services
CMS has issued MLN Matters 6129 (based on Transmittal R5172CP), which clarifies changes affecting... -
NIH blocks public access to DNA database to protect privacy
National Institute of Health (NIH) officials have removed two databases containing patient DNA...
Issue 36, September 8, 2008
-
Q: May staff members in the home health field e-mail patient information if they use initials only?
Q: May staff members in the home health field e-mail patient information if they use initials only? -
CMS posts HIPAA compliance review examples
CMS will post sample findings and lessons learned from the security compliance reviews it began... -
California legislation aims to safeguard patient information
The California Senate has approved a plan to protect patient privacy with new oversight and greater... -
Six Alzheimer's patients are victims in alleged identity theft scheme
Six Alzheimer’s patients at Brookside Assisted Living in Buford, GA, are victims of identity...
Issue 35, September 1, 2008
-
Q. One of our physical therapy providers may sell his practice and has inquired whether HIPAA is a consideration with respect to his patients in this situation.
Q. One of our physical therapy providers may sell his practice and has inquired whether HIPAA is a... -
Healthcare staff frequent participants in medical identity theft
Healthcare staff frequent participants in medical identity theft -
Swedish hospital suspends nurse who posted surgery photos on Facebook
A Stockholm hospital has suspended one of its nurses upon learning that she posted 14 photographs... -
Transition to ICD-10 to include HIPAA electronic transaction standards update
On August 22, HHS announced a proposed regulation to replace the ICD-9 code sets now used to report...
Issue 34, August 25, 2008
-
Q: Life insurance companies frequently request medical records from our family practice, and many now use electronic patient signatures.
Q: Life insurance companies frequently request medical records from our family practice, and many... -
HIPAA takes its toll in Iowa
The Des Moines Register reported August 17 that the number of medical staff members fired from Iowa... -
Unauthorized published account of gynecological surgery leads to civil claim
Among the 267 Iowans who have complained of HIPAA violations is a woman who seeks civil damages... -
Indiana physician fined for discarding patient records in trash
Indiana state officials have fined J.B. O’Donnell, MD, of Bloomington, IN $1,250 for...
Issue 33, August 18, 2008
-
Q: One of our healthcare professionals carries patient information in his vehicle during his daily travel between multiple physician offices, our practice's administrative office, and his home office. This includes patient information stored on his laptop computer. Do any HIPAA provisions specify requirements that protect this traveling information? What are your suggestions for adequate protection of patient information on laptop computers?
Q: One of our healthcare professionals carries patient information in his vehicle during his daily... -
ACLU tells Congress to 'go for the gold standard' in patient privacy
The American Civil Liberties Union (ACLU) wants standards for conversion to electronic patient... -
Missing flash drive could constitute federal offense
A flash drive containing patient health information and financial records about 1,200 patients with... -
Michigan governor's privacy breached, employees disciplined
Sparrow Health System employees who violated the privacy of Michigan Governor Jennifer Granholm by...
Issue 32, August 11, 2008
-
Q: Does HIPAA address the use of cell phones and PHI? Is calling a practice's physicians or on-call staff members to relay information regarding a patient acceptable?
Q: Does HIPAA address the use of cell phones and PHI? Is calling a practice’s physicians or... -
UCLA Medical Center leak becomes a flood
The number of privacy breaches discovered by the California Department of Public Health at UCLA... -
Identity thefts in the healthcare industry on the rise
Experts at the Identity Theft Resource Center (ITRC) say the number of identity thefts during the... -
Prescription drug history may be factor in insurance coverage
Health “credit reports” are the newest tool available to help insurers analyze...
Issue 31, August 4, 2008
-
Q: May a healthcare system consisting of multiple hospitals on separate campuses appoint a single HIPAA security officer to act for all of them, or should each site have its own security officer?
A: HIPAA does not require a security officer for each facility in an organization’s system... -
Mailing error at Blue Cross and Blue Shield of Georgia leads to privacy breach
Blue Cross and Blue Shield of Georgia recently sent approximately 202,000 letters to the wrong... -
Theft of laptop computer at Cleveland Clinic raises concerns
The Cleveland Clinic is investigating the theft of a laptop computer that might contain patient... -
Study finds blogging presents risk for patient privacy
The results of a new study indicate that medical professionals using blogs to share knowledge may...
Issue 30, July 28, 2008
-
Q: Our facility's release of records form includes an additional, separate line for patients to sign if they will allow us to release records pertaining to their mental health, chemical dependency, or HIV status.
Q: Our facility’s release of records form includes an additional, separate line for patients... -
Laptop computers stolen from Covenant hospitals
Three laptop computers have been reported stolen from Covenant Health System hospitals since May... -
Computers containing medical information missing from Indian Health Service
Millions of dollars in equipment—including computers containing patient information—has... -
Poll finds 4% of Americans believe their medical information has been lost, stolen
The Harris Poll #74 reports that 4% of Americans (approximately 9 million) believe that their...
Issue 29, July 21, 2008
-
Q: When dictating an office visit note, one of our physicians usually addresses the note to the patient's primary care physician (PCP).
Q: When dictating an office visit note, one of our physicians usually addresses the note to the... -
HIPAA may hinder recovery of missing woman
HIPAA may hinder recovery of missing woman -
HIPAA violations lead to termination of two New Jersey nurses
HIPAA violations lead to termination of two New Jersey nurses -
Hawaii officials release names of patients using medicinal marijuana to press
Hawaii officials release names of patients using medicinal marijuana to press -
HHS, Providence Health & Services reach Resolution Agreement: Health system agrees to pay $100,000, implement corrective action plan for HIPAA violations
HHS, Providence Health & Services reach Resolution Agreement: Health system agrees to pay...
Issue 28, July 14, 2008
-
Q: When releasing information to a patient, may we release copies of records that another facility transferred with the patient?
Q: When releasing information to a patient, may we release copies of records that another facility... -
NIST releases draft guide on cell phone, PDA security
NIST releases draft guide on cell phone, PDA security -
Pregnant high school students may be victims of HIPAA privacy breach
Pregnant high school students may be victims of HIPAA privacy breach -
Florida Organ and Tissue Donor Registry breach exposes 55,000 donors
Florida Organ and Tissue Donor Registry breach exposes 55,000 donors
Issue 27, July 7, 2008
-
Q: May a physician's office release copies of a hospital's medical records to another physician's office for continuing patient care?
Q: May a physician’s office release copies of a hospital’s medical records to another... -
New PHR framework to enhance public trust
New PHR framework to enhance public trust -
House subcommittee approves EHR privacy bill
House subcommittee approves EHR privacy bill -
Sixteenth National HIPAA Summit to focus on privacy, security training
Sixteenth National HIPAA Summit to focus on privacy, security training
Issue 26, June 30, 2008
-
Q: Is releasing a complete copy of a patient's medical record to a workers' compensation carrier acceptable?
Q: Is releasing a complete copy of a patient’s medical record to a workers&rsquo... -
OCR director clarifies HIPAA privacy rule confusion
OCR director clarifies HIPAA privacy rule confusion -
Boston Medical Center to pay penalty for improper marketing
Boston Medical Center to pay penalty for improper marketing -
Medical identity theft a complex problem for patients
Medical identity theft a complex problem for patients
Issue 25, June 23, 2008
-
Q: Are new guidelines for using videotaped episodes of medical care available?
Q: Are new guidelines for using videotaped episodes of medical care available? A document published... -
Report says HIPAA hinders biomedical research
Report says HIPAA hinders biomedical research -
Insurer to offer Google Health to members despite privacy, security concerns
Insurer to offer Google Health to members despite privacy, security concerns -
HIPAA privacy requirements frustrate law enforcement officers
HIPAA privacy requirements frustrate law enforcement officers -
Report says HIPAA hinders biomedical research
Report says HIPAA hinders biomedical research
Issue 24, June 16, 2008
-
Q: A dental office I recently visited has a computer monitor in each examination room.
Q: A dental office I recently visited has a computer monitor in each examination room. Upon... -
2.2 million University of Utah patients' information taken from courier vehicle
2.2 million University of Utah patients’ information taken from courier vehicle -
ONCHIT announces contract to assess medical identity theft
ONCHIT announces contract to assess medical identity theft -
Insurance company security breach leads to identity theft for students
Insurance company security breach leads to identity theft for students
Issue 23, June 9, 2008
-
Q: Many physicians and patients want to communicate information that includes PHI via e-mail despite knowing that unencrypted e-mail messages are not secure.
Q: Many physicians and patients want to communicate information that includes PHI via e-mail... -
ONCHIT releases 2008-2012 strategic plan
ONCHIT releases 2008–2012 strategic plan -
Walter Reed, other military hospitals experience security breach
Walter Reed, other military hospitals experience security breach -
NPI-only update: Progress made, limited accelerated financial hardship payments available
NPI-only update: Progress made, limited accelerated financial hardship payments available
Issue 22, June 2, 2008
-
Q: Our system generates audit logs that capture all accesses and updates to patient information. What does HIPAA require in terms of audit log retention?
Q: Our system generates audit logs that capture all accesses and updates to patient information... -
Florida physician's donation creates security risk for 19,000 patients
Florida physician’s donation creates security risk for 19,000 patients -
Data breaches, HIPAA complaints increase simultaneously
Data breaches, HIPAA complaints increase simultaneously -
Patients find privacy lacking as providers share patient information for fundraising
Patients find privacy lacking as providers share patient information for fundraising
Issue 21, May 26, 2008
-
Q: Does HIPAA require that we block our facility's telephone numbers from appearing on Caller ID when calling patients, their families, or their homes?
Q: Does HIPAA require that we block our facility’s telephone numbers from appearing on Caller... -
Security officers know HIPAA, but patient information still at risk
Security officers know HIPAA, but patient information still at risk -
HIMSS report analyzes status of information security in U.S. hospitals
HIMSS report analyzes status of information security in U.S. hospitals -
HHS agenda includes proposed rule revising HIPAA transaction and code set standards
HHS agenda includes proposed rule revising HIPAA transaction and code set standards -
Mistaken disclosure to nonphysician leads to lawsuit
Mistaken disclosure to nonphysician leads to lawsuit
Issue 20, May 19, 2008
-
Q: When a physician from our office refers a patient to a specialist, is a signed medical release from the patient necessary to send records to the specialist?
Q: When a physician from our office refers a patient to a specialist, is a signed medical release... -
CMS plans NPI Q&A session for Monday, May 19
CMS plans NPI Q&A session for Monday, May 19 -
OCR posts HIPAA privacy compliance, enforcement data online
OCR posts HIPAA privacy compliance, enforcement data online -
Report finds more UCLA staff members guilty of snooping
Report finds more UCLA staff members guilty of snooping -
Staten Island University Hospital informs 88,000 of data breach
Staten Island University Hospital informs 88,000 of data breach
Issue 19, May 12, 2008
-
Q: Our rehabilitation department has access to patients' records, including a roster containing their addresses.
Q: Our rehabilitation department has access to patients’ records, including a roster... -
Arkansas woman convicted for HIPAA violation
Arkansas woman convicted for HIPAA violation -
More than 6,000 UCSF patients' information available online
More than 6,000 UCSF patients’ information available online -
NIST releases draft guide to implementing HIPAA security rule
NIST releases draft guide to implementing HIPAA security rule
Issue 18, May 5, 2008
-
Q: Do HIPAA regulations forbid employees from accessing their own records? For example, could a hospital employee review the results of his or her recent laboratory test?
Q: Do HIPAA regulations forbid employees from accessing their own records? For example, could a... -
Sale of celebrity medical records leads to indictment
Sale of celebrity medical records leads to indictment -
CMS enhances, updates NPPES
CMS enhances, updates NPPES -
Prepare for NPI-only deadline with "Legacy Free" day, CMS NPI Roundtable
Prepare for NPI-only deadline with “Legacy Free” day, CMS NPI Roundtable
Issue 17, April 28, 2008
-
Q: Is writing patient's full names on whiteboards permissible?
Q: Is writing patient’s full names on whiteboards permissible? Using only initials and/or... -
University of Miami security breach: 2 million patients' information stolen
University of Miami security breach: 2 million patients’ information stolen -
Computer theft exposes data on St. Vincent Health System and Methodist Medical Group patients
Computer theft exposes data on St. Vincent Health System and Methodist Medical Group patients -
Medical data for 128,000 WellPoint customers exposed online
Medical data for 128,000 WellPoint customers exposed online -
WellCare of Georgia accidentally posts patient records for 71,000 families on Internet
WellCare of Georgia accidentally posts patient records for 71,000 families on Internet
Issue 16, April 21, 2008
-
Q: Our organization is a health plan-affiliated provider. The health plan has requested a spreadsheet containing information about patients who are plan members.
Q: Our organization is a health plan–affiliated provider. The health plan has requested a... -
President's Council of Advisors on Science and Technology seeks HIPAA amendment
President’s Council of Advisors on Science and Technology seeks HIPAA amendment -
AHIMA roundtable focuses on protecting patient privacy
AHIMA roundtable focuses on protecting patient privacy -
Job title influences discipline for staff involved in Spears' privacy breach
Job title influences discipline for staff involved in Spears’ privacy breach
Issue 15, April 14, 2008
-
Q: May primary therapists in a child/adolescent inpatient behavioral health setting take home patient contact information
Q: May primary therapists in a child/adolescent inpatient behavioral health setting take home... -
Healthcare costs, lack of insurance put Americans at risk for medical identity theft
Healthcare costs, lack of insurance put Americans at risk for medical identity theft -
CHCF releases report on behavioral health patient privacy and the need to know
CHCF releases report on behavioral health patient privacy and the need to know -
Virginia nurse steals dead patient's credit card
Virginia nurse steals dead patient's credit card
Issue 14, April 7, 2008
-
Q: Are we in violation of HIPAA if we contract with the company that manages our clinical research database, which stores de-identified data, to host our electronic medical record?
Q: Are we in violation of HIPAA if we contract with the company that manages our clinical research... -
Physician blogs inform, but also raise patient privacy concerns
Physician blogs inform, but also raise patient privacy concerns -
Dental HMO accidentally posts members' information on Web
Dental HMO accidentally posts members' information on Web -
17th Annual WEDI National Conference to be held in May
17th Annual WEDI National Conference to be held in May
Issue 13, March 31, 2008
-
Q: Do physicians who use personal e-mail accounts to communicate with patients violate HIPAA by doing so?
Q: Do physicians who use personal e-mail accounts to communicate with patients violate HIPAA by... -
Celebrate Health Information Privacy and Security Week
Celebrate Health Information Privacy and Security Week -
Healthcare IT manager survey results demonstrate 'commitment to security'
Healthcare IT manager survey results demonstrate 'commitment to security' -
Stolen laptop puts 2,500 patients enrolled in medical study at risk
Stolen laptop puts 2,500 patients enrolled in medical study at risk
Issue 12, March 24, 2008
-
HCPro, Inc. launches new logo and tagline as part of its new corporate branding initiative
HCPro, Inc. launches new logo and tagline as part of its new corporate branding initiative -
Q: If a covered entity learns that someone has committed a crime as described in 45 CFR 164.512(j)(2), may it release this information to facilitate apprehension of the perpetrator by law enforcement officials?
Q: If a covered entity learns that someone has committed a crime as described in 45 CFR... -
Q: If a covered entity learns that someone has committed a crime as described in 45 CFR 164.512(j)(2), may it release this information to facilitate apprehension of the perpetrator by law enforcement officials?
Q: If a covered entity learns that someone has committed a crime as described in 45 CFR... -
California hospital bans cell phones, laptops after patient photos posted on Web
California hospital bans cell phones, laptops after patient photos posted on Web -
UCLA Medical Center staff members face termination, discipline for inappropriately accessing Spears' medical record
UCLA Medical Center staff members face termination, discipline for inappropriately accessing... -
Computers stolen in Texas results in security breach for New Hampshire hospital
Computers stolen in Texas results in security breach for New Hampshire hospital
Issue 11, March 17, 2008
-
Q: I send patient reminders for annual examinations and follow-up appointments. Are postcards permissible or does this method disclose too much information?
Q: I send patient reminders for annual examinations and follow-up appointments. Are postcards... -
CMS issues NPI/NPPES Communication
CMS issues NPI/NPPES Communication -
Salt Lake City store sold medical records as scrap paper
Salt Lake City store sold medical records as scrap paper -
CDT launches health privacy and IT project
CDT launches health privacy and IT project
Issue 10, March 10, 2008
-
Can a step-parent amend the record of a stepchild who is a minor?
Can a step-parent amend the record of a stepchild who is a minor? -
Survey shows health IT execs believe uniform security verification is critical
Survey shows health IT execs believe uniform security verification is critical -
Physicians at risk after Social Security numbers posted on the Internet
Physicians at risk after Social Security numbers posted on the Internet -
Washington state bill aims to curb prescription data mining: Privacy at stake
Washington state bill aims to curb prescription data mining: Privacy at stake
Issue 9, March 3, 2008
-
Q: Is it permissible to leave appointment reminders on patients' answering machines or voice mail if no one answers the phone?
Q: Is it permissible to leave appointment reminders on patients' answering machines or voice mail... -
CMS, OESS post new security investigation/compliance review information, checklist
CMS, OESS post new security investigation/compliance review information, checklist -
States planning HIEs address privacy, security concerns
States planning HIEs address privacy, security concerns -
Privacy concerns mount over Google, Cleveland Clinic PHR pilot
Privacy concerns mount over Google, Cleveland Clinic PHR pilot
Issue 8, February 25, 2008
-
Q: HHS guidelines require us to notify individuals of the availability of our Notice of Privacy Practices (NPP) and how they may obtain a copy at least once every three years. Must we ask individuals to sign a new NPP acknowledgment of receipt every three years?
Q: HHS guidelines require us to notify individuals of the availability of our Notice of Privacy... -
World Privacy Forum report warns against PHRs
World Privacy Forum report warns against PHRs -
Nebraska judge rules that HIPAA protects identity of former psych patients buried in hospital cemetery
Nebraska judge rules that HIPAA protects identity of former psych patients buried in hospital... -
Tenet notifies patients that their credit may be at risk after breach
Tenet notifies patients that their credit may be at risk after breach
Issue 7, February 18, 2008
-
Q: If paperwork or other confidential information may have been stolen during a break-in at a covered entity's facility, must the covered entity notify its clients? If so, what is the correct process?
Q: If paperwork or other confidential information may have been stolen during a break-in at a... -
Interactive map shows data breach notification laws, pending legislation
Interactive map shows data breach notification laws, pending legislation -
TN-based blood center reports missing laptops containing data on 320,000 individuals
TN-based blood center reports missing laptops containing data on 320,000 individuals -
New Hampshire legislation seeks to further protect patient privacy
New Hampshire legislation seeks to further protect patient privacy
Issue 6, February 11, 2008
-
Q: When patients request copies of their medical records, should covered entities release only the records that they generated and withhold information from other sources? If so, which HIPAA regulation addresses this topic?
Q: When patients request copies of their medical records, should covered entities release only the... -
Foreign hackers target American health records
Foreign hackers target American health records -
Wisconsin introduces new patient privacy legislation
Wisconsin introduces new patient privacy legislation -
Laptop containing psychological screenings stolen from California contractor
Laptop containing psychological screenings stolen from California contractor
Issue 5, February 4, 2008
-
Q: May a covered entity discuss patient condition, provided services, and financial information securely when it receives calls from hearing impaired patients who use a relay service when they call? Do any laws address whether third parties, such as telephone operators, may hear this information in the absence of written authorization?
Q: May a covered entity discuss patient condition, provided services, and financial information... -
MA medical licensing board fines physician for privacy violation
MA medical licensing board fines physician for privacy violation -
MA health plan announces that laptop containing data on 30,000 members was stolen
MA health plan announces that laptop containing data on 30,000 members was stolen -
Stolen laptop means potential security breach for NJ Blue Cross/Blue Shield
Stolen laptop means potential security breach for NJ Blue Cross/Blue Shield -
CMS' latest Communication addresses NPI enforcement, misconceptions, announces Roundtable and WEDI audiocast
CMS' latest Communication addresses NPI enforcement, misconceptions, announces Roundtable and WEDI... -
Editor’s note
Editor’s note
Issue 4, January 28, 2008
-
Q: If a third party, such as an insurance company, requests that we release patient information, should we deny sending patient records if the request doesn't include the following statement required by HIPAA?
Q: If a third party, such as an insurance company, requests that we release patient information... -
CMS to host national NPI Roundtable
CMS to host national NPI Roundtable -
January 28 is Data Privacy Day
January 28 is Data Privacy Day -
CMS to conduct security reviews on 10-20 hospitals in the next nine months
CMS to conduct security reviews on 10-20 hospitals in the next nine months
Issue 3, January 21, 2008
-
Q: We require visitors and vendor representatives to sign in at our outpatient surgery center. Others who sign in later can then see the visitors' names. Is this a HIPAA violation?
Q: We require visitors and vendor representatives to sign in at our outpatient surgery center... -
Former Amgen sales reps sue for sales scheme that compromised medical records
Former Amgen sales reps sue for sales scheme that compromised medical records -
Court papers filed against physical therapy provider for improperly discarding patient information
Court papers filed against physical therapy provider for improperly discarding patient information -
Patients authorize recordings for medical research
Patients authorize recordings for medical research
Issue 2, January 14, 2008
-
Q: Is it permissible for a cancer care program to disclose PHI to a professional group, such as the American Cancer Society's Reach for Recovery program, without obtaining patient or personal representative authorization?
Q: Is it permissible for a cancer care program to disclose PHI to a professional group, such as the... -
AHIMA announces project to develop, standardize healthcare IT for long-term care providers
AHIMA announces project to develop, standardize healthcare IT for long-term care providers -
HHS advisory committee calls for stronger health data privacy
HHS advisory committee calls for stronger health data privacy -
CMS releases final HIPAA Security Educational Paper
CMS releases final HIPAA Security Educational Paper
Issue 1, January 7, 2008
-
Q: How should we address patients when we call them from the reception area to the treatment room? Some older patients feel that it's disrespectful to call them by their first names.
Q: How should we address patients when we call them from the reception area to the treatment room... -
eHealth Initiative survey reports progress
eHealth Initiative survey reports progress -
California law protecting electronic medical information takes effect
California law protecting electronic medical information takes effect -
Survey says nurses think security requirements impede productivity
Survey says nurses think security requirements impede productivity