Free Corporate Compliance e-Newsletters

APCs Weekly Monitor Compliance Monitor Healthcare Auditing Weekly HIPAA Weekly Advisor Medicare Update for Physician Services Medicare Weekly Update Recovery Auditor Report

HIPAA Weekly Advisor

This e-mail newsletter delivers how-to advice and breaking news on HIPAA regulations each week. Stay informed on timely topics, security news and regulations, and analysis of proposed and final HIPAA rules that will ensure patient information security.

2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001

HIPAA Weekly Advisor

Issue 51, December 27, 2010

• Obama signs Red Flags bill

  President Obama signed the bill December 18 that changes the Red Flags Rule's definition of...

• Hospital privacy, security officers make their wish lists

  What is on the holiday wish list for privacy and security officers? According to recent Ponemon...

• Tip for your beginner staff

  The HIPAA Privacy Rule requires that access to and disclosure of protected health information...

• HIPAA Q&A: Sign-in sheet concerns

  Q. Our outpatient medical clinics currently have a daily open patient sign-in sheet. This allows...

Issue 50, December 20, 2010

• CDPH reports 'big' data security breach

  A magnetic tape containing sensitive personal and medical information for up to 2,550 residents...

• Lost cards lead to breach of 2,284

  An employee of an Arizona medical center lost compact memory data cards that contained the...

• OCR: HITECH rules to be released together in 2011

  A senior official with the Office for Civil Rights (OCR) said December 14 the HIPAA privacy and...

• OCR: HITECH rules to be released together in 2011

  A senior official with the Office for Civil Rights (OCR) said December 14 the HIPAA privacy and...

• HIPAA Q&A: Breach notification

  Q. My question pertains to the requirements for notifying patients about breaches. Please explain...

Issue 49, December 13, 2010

• Physicians could be exempt from Red Flags Rule

  The Senate and House have each passed a bill that changes the Red Flags Rule’s definition of...

• HIPAA Update blog post: E-mails

  Check out this HIPAA Update blog post from last week:

• HIPAA training tip: Remember your existing workforce

  Many organizations do a good job training new employees but forget about education for existing...

• HIPAA Q&A: When a patient loses his ID card

  If a patient loses an identification card issued for legitimate business reasons, you are not...

Issue 48, December 6, 2010

• Large data breaches double since July

  Almost 200 entities have reported breaches of unsecured protected health information (PHI...

• CA health records breaches net $800,000 in fines

  Six California hospitals and a convalescent home—including four small rural...

• HIPAA training tip: Determine the workforce members who require training

  Remember to train everyone who works with PHI, says Chris Apgar, CISSP, president of Apgar &...

• HIPAA Q&A: Who's accountable for HIPAA violations?

  Q. Our family practice recently allowed a cosmetic laser procedure practitioner to share our...

Issue 47, November 29, 2010

• HIPAA training tip: Put procedures in place to carry out training

  Covered entities (CE) need to develop and formally document a procedure for initial and refresher...

• Your thoughts on Ponemon study

  The November 2010 study by the Ponemon Institute found most HIPAA privacy and security officers...

• HIPAA Q&A: Who is accountable for unshredded PHI?

  HIPAA Q&A: Who’s accountable for unshredded PHI?

Issue 46, November 22, 2010

• AMA releases social media guidelines for physicians

  The American Medical Association created a social media use policy to help physicians protect...

• HIPAA Update blog post: Definition of PHI

  Check out this recent blog post on our HIPAA Update blog:

• HIPAA Q&A: Disclosure forms

  Q. A sister company has created a wellness walking trail through a medical record storage...

Issue 45, November 15, 2010

• Connecticut settles with Health Net for $375k for data breach

  The Connecticut Insurance Commission announced November 8 that it reached a settlement with Health...

• Study: HITECH will not improve patient privacy

  For 65 hospitals mostly in the 100- to 600-bed range, 71% of respondents say they have inadequate...

• HIPAA Q&A: Record retention

  Q. How long must we retain the list of authorized and unauthorized disclosures pertaining to our...

Issue 44, November 8, 2010

• Breaches cost hospitals $6 billion each year

  The Ponemon Institute plans to release its latest research looking at how hospitals handle medical...

• HIPAA Update blog question -- Weigh in!

  Check out this question on our HIPAA Update blog from one of your colleagues:

• HIPAA Update: Most viewed posts

  So what are your colleagues turning to on our HIPAA Update blog?

• HIPAA Q&A: BA contracts

  Q. An answering service has a business associate (BA) agreement with another BA, which has a BA...

Issue 43, November 1, 2010

• HIPAA Update blog question -- Weigh in!

  Check out this HIPAA Update blog question from last week regarding this subject: EHR disclosures on...

• Tips to get your team HIPAA-ready

  Organizations must develop policies and procedures that address security awareness training as...

• HIPAA Q&A: Minor's record

  Q. Whom should we notify if a minor’s record is breached? For example, a grandparent who...

Issue 42, October 25, 2010

• Leaving surgical information on voicemails

  Check out this post on HIPAA Update:

• 73 charged in healthcare fraud ring that stole physician, patient identities

  Seventy-three defendants—including alleged members of an Armenian-American crime syndicate...

• Public discussion on privacy issues with psychological testing data

  The Office for Civil Rights (OCR) and the Substance Abuse and Mental Health Services...

• HIPAA Q&A: Noting employee status

  HIPAA Q&A: You've got questions. We've got answers.

Issue 41, October 18, 2010

• 'Meaningful' reason to perform risk assessment

  Healthcare organizations have a new motivation to perform risk assessments—meaningful use...

• HIPAA Update blog question: Weigh in!

  Check out this HIPAA Update post from one of your colleagues:

• OCR listing of breaches includes 5 million affected

  The number of individuals affected on the Office for Civil Rights (OCR) breach notification website...

• HIPAA Q&A: Working with multiple providers

  Q. Our billing company provides services to multiple providers. The billing company requires the...

Issue 40, October 11, 2010

• Weigh in on our HIPAA Update blog post

  Check out this HIPAA Update question from a provider about sending information to a patient’s...

• HIPAA Summit West highlight

  Could HITECH final rules be published by the end of this year?

• Feds indict five in Johns Hopkins ID theft

  A federal grand jury in Maryland indicted five Baltimore-area residents on fraud and aggravated...

• HIPAA Q&A: Company logo on uniforms, cars

  Learn the answer to this HIPAA compliance question.

Issue 39, October 4, 2010

• CT breach notification case proves HITECH's worth

  Take one look at the Office for Civil Rights (OCR) breach notification website—you’ll...

• FTC supports breach notification bill

  The Federal Trade Commission (FTC) has approved a data breach bill requiring entities that hold...

• Weigh in on HIPAA Update!

  Check out the latest post from a provider on HIPAA Update.

• HIPAA Q&A: Patient account numbers

  You've got a question. We've got an answer.

Issue 38, September 27, 2010

• Violation carries fine of $4.7 million, up to 80 years in prison

  Paul C. Pepala, 34, of Monroeville, PA, faces 14 counts related to the alleged disclosure of...

• Trouble getting updated BA contract signed

  Check out the post on HIPAA Update that has attracted the most comments in the past month

• Government watchdog: HHS needs work on protecting personal data

  The Department of Health and Human Services (HHS), the enforcer of the HIPAA privacy and security...

• HIPAA Q&A: Asking questions at registration

  Q. Is it a HIPAA violation for an outpatient clinic registrar to ask patients the reason for their...

Issue 37, September 20, 2010

• Data breaches lead to tougher notification requirement

  The Connecticut Insurance Department issued a bulletin last month that calls for state insurers to...

• HIPAA officers can learn from Google's handling of snooper

  Google said Tuesday it fired an employee earlier this year for “violating its policies on...

• Mayo fires employee for snooping at patient records

  Mayo Clinic fired an employee who worked in a business center in Arizona because the person...

• HIPAA Q&A: Campaign mailing

  Q. A large specialty medical group with a nonprofit research foundation allows the foundation to...

• HIPAA Q&A: Campaign mailing

  Q. A large specialty medical group with a nonprofit research foundation allows the foundation to...

Issue 36, September 13, 2010

• TIP: Focus on business associates and contracts

  Covered entities (CEs) need to be certain that they have identified all of their business...

• OCR to host regional meeting on HIPAA protection of psychotherapy notes

  The Office for Civil Rights (OCR) and the Substance Abuse Mental Health Services Administration...

• HIPAA Update blog question: To amend or not to amend? That is the question

  Check out this post from one of your colleagues on HIPAA Update: Like so many others, I’m...

• HIPAA Q&A: Sales tax on copies of medical records

  Q. Should we add sales tax to the amount we charge patient for copies of their medical records?

Issue 35, September 6, 2010

• HIPAA Q&A: Disclosure forms

  Q. How long should healthcare facilities keep old HIPAA disclosure forms when the patient has...

• Weigh in on HIPAA Update blog!

  Discussion has heated up in the past week on HIPAA Update.

• OCR breach lists passes 150-entity mark

  The number of healthcare entities reporting breaches of unsecured PHI affecting 500 or more...

• CMSS joins Red Flags Rule lawsuit against FTC

  Groups such as the American Medical Association object to the Federal Trade Commission’s...

Issue 34, August 30, 2010

• No harm threshold, but plenty of breach reports

  California, the state that enacted a precedent-setting privacy law in 2009, fields more than 220...

• Digesting the HIPAA proposed rule: Part IV

  Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, of Rebecca Herold & Associates, LLC, of Des...

• Share this NPP material with privacy officers

  Got any new privacy officers fresh on the beat? Share this information with them:

• HIPAA Q&A: Internal risk assessments

  Q. Our managed care organization’s HIPAA department investigates privacy and security...

Issue 33, August 23, 2010

• Report: Healthcare last among number of data breaches

  Healthcare may actually be the best industry at securing information, according to the Verizon and...

• Cost of HIPAA breaches nears $1 billion

  Covered entities and business associates (BAs) reporting breaches of unsecured personal health...

• Digesting the HIPAA proposed rule: Part III

  According to the proposed rule, this change will reduce the burden on both covered entities and...

• Digging into the new data breach bill

  The new “Data Security and Breach Notification Act of 2010,” reported in last...

• HIPAA Q&A: Faxing records

  Learn the answer to this tough HIPAA compliance question.

Issue 32, August 16, 2010

• Senators file another data protection bill

  U.S. Senators Mark Pryor (D-AK) and Jay Rockefeller (D-WV) filed August 5 the “Data Security...

• Provider questions on HIPAA Update blog

  Check our posts on HIPAA Update by your colleagues!

• HIPAA Q&A: Seeking drug prescriptions

  Q. A physician suspects that a patient is a drug seeker and requests a list of the patient’s...

Issue 31, August 9, 2010

• Digesting the HIPAA proposed rule: Part 2

  Many subcontracted entities handle PHI, and it makes sense to make them BAs by definition and...

• LAPTOP SECURITY TIP: Be sure your budget includes the money you need

  Organizations that don’t allocate money for implementation of their security policies...

• OCR confirms Walgreens HIPAA investigation

  The HIPAA privacy and security rule enforcer’s investigation into CVS and Rite Aid began...

• HIPAA Q&A: BA contracts

  Q. What additional language do BA contracts need to satisfy requirements of the HITECH Act, which...

Issue 30, August 2, 2010

• HHS needs further review on breach notification final rule

  The Office for Civil Rights (OCR), the enforcer of the HIPAA privacy and security rules, announced...

• Rite Aid's settlement second largest regarding HIPAA violations

  Rite Aid, of East Pennsboro Township, PA, and its 40 affiliated entities agreed to pay the...

• HIPAA faces HITECH-empowered state AGs

  However, perhaps lost in the shuffle of the proposed rule is the July 6 announcement by...

• HIPAA Q&A: Satisfactory encryption

  Q. Would use of an operating system with 128-bit encryption satisfy the definition of secure...

Issue 29, July 26, 2010

• Digesting the HIPAA proposed rule: Part 1

  Editor’s note: This is the first in a series of items breaking down the HHS HIPAA proposed...

• Massachusetts hospital reports major breach

  South Shore Hospital in South Weymouth, MA, reported a breach Monday, July 19, involving lost...

• HIPAA Q&A: Sending PHI

  Q. Must covered entities that provide PHI to hospitals send it to a specific workforce member, or...

• TIP: Ensure good, strong authentication for every device

  Password-protect laptop computers and make sure they lock after a period of inactivity, if...

Issue 28, July 19, 2010

• Private practices revealed on patient breach website

  The Office for Civil Rights (OCR), the enforcer of the HIPAA privacy and security rules, removed...

• OCR finalizes guidance on risk analysis

  The first guidance document focuses on risk analysis, a HIPAA Security Rule-required measure for...

• HHS addresses privacy, security concerns in EHR program

  The final rule, issued through the Centers for Medicare & Medicaid Services (CMS), defines...

• HIPAA Q&A: Service providers with Red Flags Rule

  Creditors—in this case, providers—must reasonably ensure that service providers...

Issue 27, July 12, 2010

• New HHS HIPAA Web sites revealed

  One is an updated look for an old Web site...

• HHS releases proposed changes to HIPAA rules

  According to the Office for Civil Rights, which enforces the HIPAA privacy and security rules for...

• HIPAA Q&A: Substitute notification

  Q. If a breach of PHI occurs and the business associate (BA) or covered entity does not have...

• TIP: Require encryption on all laptop computers

  Encryption technology is now available, mature, and proven, says Phyllis A. Patrick, MBA, FACHE...

Issue 26, July 5, 2010

• WellPoint Inc. notifies nearly 500,000 of breach

  The information – which the Times says stemmed from an online program for customers to...

• TIP: Ensure physical safeguards on laptops

  Consider using alarms to prevent the theft of laptop computers from desks. Organizations should...

• Physicians off hook with Red Flags Rule

  The FTC will not enforce the medical identity theft prevention and protection rule, Red Flags...

• HIPAA Q&A: Notifying patients about changes to NPP

  When covered entities significantly change their NPP, they must notify patients and health plan...

Issue 25, June 28, 2010

• Lawyer: HITECH regs coming by July 8

  Gerald DeLoss, of counsel with Krieg DeVault LLP in Indianapolis, IN, and a member of the...

• TIP: Create consistent laptop use policy for your facility

  Organizations can create major problems when they allow staff members to buy or use their own...

• HIPAA Q&A: Updates to NPP?

  Learn the answer to this HIPAA compliance question.

• Insurer's breach affects 230,000

  A site user accessed confidential information such as medical records and Social Security numbers...

Issue 24, June 21, 2010

• EHR final rule is released

  This final rule establishes a temporary certification program for the purposes of testing and...

• State alliance: OCR to release HITECH regs this week

  After its sixth annual Academic Medical Center Conference in Chapel Hill, NC, June 7-9, the...

• TIP: Communicate your laptop security policies

  Encourage users not to store sensitive data on laptop computers, says Phyllis A. Patrick, MBA...

• Laptop breaches affecting 500 or more climbing

  Of the 95 breaches on the Office for Civil Rights (OCR) website as of June 17, 32, or 34...

• HIPAA Q&A: HIPAA violations on social networking sites

  Individuals are free to disclose any information they choose on their own social network pages...

Issue 23, June 14, 2010

• Six major patient record breaches draw $675,000 in penalties

  State officials did not name any of the patients involved, but one of them was said to be Michael...

• TIP: Establish proper policies for laptop protection

  Protecting laptops and other portable devices should be a priority for healthcare organizations...

• Red Flags Rule compliance: Listen to our audio

  Check out this show on Red Flags Rule compliance.

• HIPAA Q&A: Census takers want PHI

  HIPAA does not specifically allow covered entities to disclose PHI to census workers. Such action...

Issue 22, June 7, 2010

• FTC delays Red Flags Rule enforcement again

  The Federal Trade Commission (FTC) delayed enforcement of the Red Flags Rule for a fifth time May...

• Stolen laptop contains more than 61,000 patients' information

  The Cincinnati Children’s Hospital reported May 28 that a laptop including information...

• FUN FACT: Even the Red Sox comply with HIPAA

  That’s right.

• HIPAA Q&A: HIPAA and occupational health

  Q. Please explain the relevance of HIPAA to a hospital’s occupational health department and...

Issue 21, May 31, 2010

• OCR building HIPAA audit plan with outside help

  The Office for Civil Rights (OCR), which carries out for the Department of Health & Human...

• Workgroup: Mandate encryption for provider information exchanges

  “When information is exposed in transmission, it ought to be encrypted,” Deven McGraw...

• Lawsuit: Red Flags Rule violates doctor/patient relationship

  The lawsuit seeks to prevent the FTC from defining physicians as “creditors” whenever...

• HIPAA Q&A: Donor review

  Learn the answer to this challenging HIPAA compliance scenario.

Issue 20, May 24, 2010

• HIPAA Update blog series: Laptop security

  Most experts say you must encrypt your laptops and portable devices.

• HIPAA security risk assessment tip: Follow through

  Even if your organization has already completed a security risk assessment, HIPAA requires that it...

• 'Private practices' will be unmasked on large breaches website

  A spokesperson from the Office for Civil Rights (OCR), which enforces the HIPAA privacy and...

• HIPAA Q&A: Donor information in hands of BA

  Some donor files include a note stating that the individual has been a patient, sometimes...

Issue 19, May 17, 2010

• HIPAA security risk assessment tip: Consider outside help

  To save money, try to do your risk assessment yourself first, says Frank Ruelas, director of...

• New Mexico notifies Medicaid members of security breach

  On April 9, West Monroe Partners reported an unencrypted laptop stolen from the trunk of a car in...

• Judge rejects couple's plea deal in major patient information theft case

  But a federal judge thinks it’s not enough time. That judge last week refused to accept the...

• HIPAA Q&A: Who is a BA?

  Q. Can you provide a comprehensive list of business associates (BAs)?

Issue 18, May 10, 2010

• The Medical Center at Bowling Green warns 5,418 patients of stolen health information

  The Medical Center staff discovered the theft April 1, then launched an internal investigation...

• HIPAA risk assessment tip: Involve others in your assessment process

  Take a holistic approach with your risk assessment, says Margret Amatayakul, MBA, RHIA, CHPS...

• Expert: Block access to snoopers, set firm policies

  Patient-record snooping grabbed headlines May 4 when Huping Zhou, 47, of Los Angeles, became the...

• HIPAA Q&A: PHI in Microsoft products

  Other applications, such as Word® or Excel®, may contain greater amounts of PHI, depending...

Issue 17, May 3, 2010

• UCLA worker sentenced to prison for snooping at records

  Zhou in January of this year pleaded guilty to four misdemeanor counts of violating the HIPAA...

• HHS: HIPAA regulations will come this month

  The Department of Health & Human Services (HHS) released its semi-annual regulatory agenda in...

• HIPAA risk assessment tip: Be realistic and reasonable

  Assess the threats that are most likely to occur. Planning how to respond if a meteorite lands on...

• HIPAA Q&A: Business associate contracts

  Generally, business associate (BA) agreements are renewed upon the signing of a new contract with...

Issue 16, April 26, 2010

• Large patient information breaches skyrocket

  HITECH requires OCR to make public any breaches affecting 500 or more individuals. OCR will...

• OCR will post names of 'individuals' who report breaches affecting 500 or more

  Currently, OCR does not post the names of such entities (namely sole practitioners) who report...

• Weigh in on HIPAA Update blog

  Start blogging about HIPAA with your colleagues today!

• HIPAA Q&A: Office staff in physician offices

  Q. Our hospital is considering allowing staff members in private physician offices to access our...

Issue 15, April 19, 2010

• HITECH regulations may come soon -- or four months from now

  OIRA has 90 days to review the regulations, though the head of the submitting agency can extend...

• BCBS of TN hard drive theft now threatens 1 million customers

  “As of April 2, 2010, a total of 998,422 current and former members have been identified as...

• Privacy Act protects some practices with patient data breaches

  A spokesperson from OCR writes in an e-mail to HIPAA Update that OCR considers private...

• HIPAA Q&A: Disclosing a patient's death

  Learn the answer to this challenging HIPAA compliance scenario.

Issue 14, April 12, 2010

• TIP: Address these areas in an internal investigation

  How much training and education does the staff member have with respect to patient privacy and...

• Transparency is key when dealing with health information breaches

  The breach at the 160-licensed-bed facility in Derby, CT, involves allegations that a radiologist...

• Health system notifies 5,450 patients of potential breach

  Check out this major breach involving stolen laptops.

• HIPAA Q&A: Disclosure of breaches

  Check out the answer to this challenging HIPAA compliance question.

Issue 13, April 5, 2010

• Connecticut AG uses HITECH power again

  Three months ago, Blumenthal announced he was suing Health Net of Connecticut, Inc., after the...

• Tell us about your de-identification process

  If you are a privacy or security officer and lead your organization’s process, tell us your...

• TIP: Address these areas in an internal investigation

  “Even the simplest mistakes could result in harm to the organization,” said Nancy...

• HIPAA Q&A: Breach notification

  Covered entities (CEs) must notify HHS immediately if a breach involves 500 or more individuals...

Issue 12, March 29, 2010

• Industry insiders question not revealing violators of health information breaches

  In cases where OCR does not have written consent, it will cite the entity on its Web site as...

• Speaking of OCR transparency on breach reports

  He asks questions in the piece about which doctors were involved in the incident, were they in the...

• Covered entity gets requests for BA agreements

  It seems that BA documents are being used inappropriately, or as a “catch all, just in...

• HIPAA Q&A: Physicians treating family members

  Securing the charts of family members in a locked receptacle or cabinet is a wise precaution...

Issue 11, March 22, 2010

• OCR announces security conference

  The “Safeguarding Health Information: Building Assurance through HIPAA Security&rdquo...

• CMS security audit findings

  CMS’ audit report, released in 2008, also detailed corrective actions organizations took to...

• HIPAA Update blog question: How do you handle restriction requests on third party billers?

  We have added a new insurance plan (self-pay restricted) and require patients to sign a form that...

• HIPAA Q&A: Family member's record

  Learn the answer to this challenging HIPAA compliance scenario.

Issue 10, March 15, 2010

• Should feds remove small practices from Red Flags Rule compliance?

  In December 2009, the U.S. District Court issued a summary judgment in favor of the American Bar...

• OCR: HITECH guidance coming

  Linda Sanches, a senior advisor on Health Information Privacy in the OCR Boston office, and Susan...

• Weigh in with your colleagues

  Check out these blog posts on HIPAA Update and weigh in.

• HIPAA Q&A: Remote HIPAA training

  Learn the answer to this challenging HIPAA compliance scenario.

Issue 9, March 8, 2010

• Proposed HITECH rule for business associates will come soon, says OCR lawyer

  Per HITECH, BAs must comply with the HIPAA Security Rule and the use and disclosure provisions of...

• HITECH survey: providers remain concerned about HIPAA breach notification

  We can give you a pretty good idea after seeing the results of HCPro’s HIPAA and HITECH...

• Access-privacy balance could prove elusive for hospitals

  The experts in the room audibly grumbled when talk turned to interoperability and privacy. It's a...

• HIPAA Q&A: Authorization on insurance

  Learn the answer to this HIPAA compliance question.

Issue 8, March 1, 2010

• To business associates: Take our survey!

  BAs must now be in compliance with the HIPAA Security Rule and the use and disclosure provisions of...

• Widespread data breaches uncovered by FTC probe

  The FTC reports on its Web site that the information is available on peer-to-peer (P2P...

• HHS lists covered entities reporting breaches of PHI affecting more than 500 individuals

  OCR, which enforces the HIPAA privacy and security rules for HHS, plans to continue updating the...

Issue 7, February 22, 2010

• Top HIPAA lessons for hospital leaders

  It’s a good time for the C-Suite to be involved in HIPAA compliance.

• HIPAA compliance questions regarding HITECH

  As your organization works to comply with breach notification regulations and sets up a “harm...

• HIPAA Q&A: Authorization on release of records

  Learn the answer to this challenging HIPAA compliance question.

Issue 6, February 15, 2010

• Take our HIPAA survey

  Please take 5-10 minutes of your time to complete our 11-question survey regarding HIPAA and...

• HIPAA harm threshold works, say providers

  “If you flood your patients with huge (breach) concerns, you’re going to open up a...

• Business associates can pay directly for breaches

  Sue McAndrew, deputy director for Health Information Privacy for OCR, says a business associate...

• HIPAA Q&A: Fax to the wrong number

  Learn the answer to this challenging HIPAA compliance scenario.

Issue 5, February 8, 2010

• Take our HIPAA survey

  Please take 5-10 minutes of your time to complete this 11-question survey regarding HIPAA and...

• Highlights from the 18th Annual National HIPAA Summit

  Check out our blog posts about these topics discussed during the summit on our HIPAA Update blog:

• Meaningful use calls for meaningful risk analysis

  The proposed rule for the Medicare and Medicaid EHR incentive states that in Stage 1 of meeting the...

• HIPAA Q&A: Recognizing a physician's voice

  Learn the answer to this tough HIPAA compliance question.

Issue 4, February 1, 2010

• New meaningful use interim standards require encryption capabilities

  The EHR standards simply enable you to carry out certain aspects of HIPAA and HITECH better, such...

• HITECH Tip: Be aware of new restriction requests and marketing requirements

  Restriction requests may also be an issue in the 40 states with pharmacy registries, he adds. The...

• HIPAA Q&A: Nurse's actions violate privacy

  Learn the answer to this challenging HIPAA compliance question.

• Questions keep coming on HIPAA Update

  It's time to get talking on our HIPAA Update blog.

Issue 3, January 25, 2010

• CMS HIPAA 5010 call

  The call, formally titled “HIPAA Version 5010 National Provider Call: CMS’ approach for...

• Answers to HITECH questions

  With the help of some HITECH experts, we tracked down answers to two of the questions:

• Historic lawsuit for HIPAA

  And one state, Connecticut, is already taking action. Connecticut Attorney General Richard...

• HIPAA Q&A: Family members who are physicians

  Learn the answer to this challenging HIPAA scenario.

Issue 2, January 18, 2010

• Tip: Check on your BAs

  Make sure your BAs know they are expected to comply with the HITECH regulations. Some...

• Questions on business associates and HITECH

  HCPro, Inc. hosted the January 14 audio conference, “Business Associate Action Plan: Comply...

• Security breach puts 500,000 BlueCross members’ data at risk

  The hard drives were reportedly stolen from a leased office in a Chattanooga strip mall that once...

• HIPAA Q&A: Radiology images

  Learn the answer from this tough HIPAA compliance question.

Issue 1, January 11, 2010

• Tip: Know your BAs

  Double-check your list of BAs, says Kate Borten, CISSP, CISM, president of The Marblehead Group in...

• HIPAA Q&A: Family members requesting records

  Learn the answer to this tough HIPAA compliance question.

• HITECH -- where is the concern?

  Are they sending letters to their application vendors and asking about encryption, or are they...

• Provider organizations unhappy with proposed health IT rules

  Hospitals have "serious concerns that the new health information technology rules severely...

Issue 50, January 4, 2010

• Marathon of meaningful use, EHR standards just beginning

  CMS and the ONC released much-awaited rules on meaningful use of EHRs.

• Experts: treat cell phones like any other device with PHI

  The U.S. Supreme Court's involvement next year on a privacy case regarding text messaging on work...

• HIPAA Q&A: Sharing a patient's PHI

  Learn the answer to this tough HIPAA compliance question.

• Act now on major development of 2009

  Covered entities must amend their BA contracts by February 18. Organizations should work with their...