Free Corporate Compliance e-Newsletters

APCs Weekly Monitor Compliance Monitor Healthcare Auditing Weekly HIPAA Weekly Advisor Medicare Update for Physician Services Medicare Weekly Update Recovery Auditor Report

HIPAA Weekly Advisor

This e-mail newsletter delivers how-to advice and breaking news on HIPAA regulations each week. Stay informed on timely topics, security news and regulations, and analysis of proposed and final HIPAA rules that will ensure patient information security.

Subscribe »

2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001

HIPAA Weekly Advisor

Issue 51, December 19, 2011

• Ways you can help stop insider threats

  Be proactive. Your IT department logs activity on your systems. But typically IT uses those logs...

• HIPAA Q&A: Police department mailings

  Q. We are a medical provider for a local police department and mail out various postcards and...

• HIPAA 2011: Celebrating success

  We all know this has been a difficult year in terms of HIPAA compliance. There have been major...

• HCPro, Inc.'s HIPAA/HITECH video

  HCPro, Inc.'s release of the updated version of its best-selling HIPAA training video that covers...

Issue 50, December 12, 2011

• Large-breach reporting club nears 400 mark

  In February 2010, OCR launched the website required by the HITECH Act under breach notification...

• Ways you can help stop insider threats

  The same technical controls-multifactor authorization, dual controls, and separation of...

• HIPAA Q&A: Rights to employee's record

  Q. If an employee is hospitalized in the facility in which he or she works, does the manager of...

Issue 49, December 5, 2011

• HCPro, Inc. survey: Most providers unprepared for HIPAA audit

  Most healthcare organizations charged with HIPAA compliance are not fully prepared for a privacy...

• HIPAA Q&A: Media requests

  Q. We received a request under the California Public Records Act from the local newspaper for...

• Preparation tips for OCR audit

  KPMG, LLP, based in McLean, VA, will conduct 150 HIPAA compliance audits of random covered...

Issue 48, November 28, 2011

• Twenty-five worst passwords of 2011

  Forbes has come out with a list every HIPAA privacy and security officers should read – the...

• Law firm employee inadvertently donates medical record to elementary school

  A law firm employee donated paper containing PHI to her daughter’s elementary school...

• HIPAA Q&A: How to handle requests for PHI

  Q. I need advice for two scenarios in our small outpatient physical therapy clinic.

Issue 47, November 21, 2011

• CMS delays HIPAA 5010 enforcement

  CMS’ Office of E-Health Standards and Services (OESS) won’t enforce compliance with...

• Some reflections from 'Doctor HIPAA'

  They call William R. Braithwaite, MD, PhD, "Doctor HIPAA" for a reason.

• HIPAA Q&A: Lab reports

  Q. After meeting with physicians to review lab reports, patients often request a copy of their...

• Sutter Health breach includes medical diagnoses

  TRICARE should soon have some company on the Office for Civil Rights (OCR) large patient-breach...

Issue 46, November 14, 2011

• OCR launches privacy, security audits -- officially

  The Office for Civil Rights (OCR) formally released its plans for HITECH-required HIPAA privacy...

• Senator considers encryption legislation

  At least one U.S. senator is considering legislation to encourage encryption for healthcare...

• TRICARE offers one year of credit monitoring

  The 4.9 million patients treated at military hospitals and clinics during the last 20 years whose...

• HIPAA Q&A: Faxing records

  Q. Is it permissible to fax PHI to a long-term care facility that also operates an independent...

Issue 45, November 7, 2011

• HIPAA Update blog post: Ensure a risk assessment

  I was recently asked to complete a risk analysis on a priority and expedited basis for a covered...

• Briefings on HIPAA sneak peek: OCR audit contract

  Briefings on HIPAA has obtained a copy of the $9.2 million contract with KPMG, LLP, the company...

• HIPAA Q&A: Attorney request

  Q. A patient signed an authorization form eight months ago, and her attorney is now submitting it...

Issue 44, October 31, 2011

• Patient records found on street

  Thousands of medical records were found along the side of a road in Detroit October 18, according...

• HIPAA Q&A: Patient request on record

  Q. After meeting with physicians to review lab reports, patients often request a copy of the...

• OCR breach list adds nearly 30 in a month

  Close to 360 entities have reported breaches of unsecured PHI affecting 500 or more individuals, a...

• Survey: OIG Work Plan

  Survey: How effective is the OIG Work Plan in terms of improving your overall processes each...

• Participate in our 2011 HIPAA compliance benchmark survey

  HCPro is conducting a benchmarking survey on HIPAA compliance efforts, and we would appreciate...

Issue 43, October 24, 2011

• Expert on TRICARE fallout: politicians coming

  For those who may remember, I commented when the TRICARE breach started hitting cyberspace that...

• Report: Medical identity theft climbing

  Medical identity theft is the fastest growing form of identity theft. More than one-third of...

• HIPAA/HITECH video: Right way to handle pill bottle disposal

  Remember the mistake that cost Rite Aid Corporation and CVS Caremark Corp. millions for HIPAA...

• HIPAA Q&A: EMR access

  Q. May we allow hospital employees who have been granted access to PHI through the workforce...

Issue 42, October 17, 2011

• OIG releases HIPAA compliance target areas

  The Department of Health and Human Services (HHS) Office of Inspector General (OIG) plans to focus...

• 2,000 patient records lost

  A New England dermatology system with offices in four cities lost more than 2,000 patient records...

• HIPAA Q&A: Retirement community

  Recently the pharmacy sent an independent resident a bill and a copy of the bill to her daughter...

• Unencrypted computer backup tapes go missing

  A pediatric health system in Wilmington, DL, reported on its website this month three missing...

Issue 41, October 10, 2011

• TIP: Protect mobile devices from security risks

  With the widespread use of mobile devices, healthcare organizations and providers must take steps...

• HIPAA Q&A: Authorization for release

  Q. Our authorization form for release of information requires patients to sign separate lines to...

• Patient information discovered, removed from website

  Stanford (CA) Hospital & Clinics in reported on its website October 3 that it found a...

• Patient information discovered, removed from website

  Stanford (CA) Hospital & Clinics in reported on its website October 3 that it found a...

• OCR official answers audit questions

  The audits won't be incident-driven, so a breach or violation won't be necessary to trigger an...

Issue 40, October 3, 2011

• Military health plan breach affects 4.9 million

  TRICARE, which services active and retired military members and their families, reported a data...

• Survey: Direct reports

  How many direct reports do you have?

• Fake physician's $1.2M fraud scheme includes HIPAA violation

  A fake physician pleaded guilty in federal court in Atlanta to trying to sell protected health...

• HIPAA Q&A: Faxes to wrong number

  Q. A fax containing PHI is sent to an incorrect fax number. Did the covered entity (CE) or...

Issue 39, September 26, 2011

• Why data security is crucial today

  SAN FRANCISCO – Ali Pabrai said it best at the fifth national HIPAA Summit West at the Grand...

• HIPAA Summit West highlights

  Check out some talking points from the presenters at the fifth national HIPAA Summit West from our...

• HIPAA Q&A: Patient benefits

  Q. An outpatient physical therapy clinic verifies a patient’s benefits prior to his or her...

• OCR official answers audit questions

  The Office for Civil Rights (OCR) has not yet decided whether it will make audit reports public or...

Issue 38, September 19, 2011

• OCR's new head: Leon Rodriguez

  HHS named Leon Rodriguez the new leader of the government’s HIPAA privacy and security...

• HHS announces new lab/HIPAA rules

  Patients may have easier access to lab results under a proposed rule announced by Department of...

• HIPAA Q&A: HITECH security changes

  Q. Did HITECH change any HIPAA Security Rule implementation specifications from addressable to...

• Find us at the HIPAA Summit!

  The morning fog may chill the air, I don't care… Tony Bennett didn’t care in his...

Issue 37, September 12, 2011

• OCR official answers audit questions

  "OCR will look at overall compliance efforts as a way to ensure that effective protocols are...

• HHS reports address HIPAA, HITECH, violations, compliance

  The HHS secretary has submitted two reports to Congress as required by the HITECH Act. The first...

• HIPAA at core of NFL quarterback's media game plan

  Who would ever imagine that HIPAA Weekly Advisor would link to ESPN, but we found a way.

• HIPAA Q&A: HITECH and penalties

  Q. How did HITECH change HIPAA’s existing criminal and civil penalties?

Issue 36, September 5, 2011

• Survey: Breach notification

  Survey: Does your organization have an updated breach notification policy?

• HIPAA Update blog question: Did we violate HIPAA?

  We are a Continuing Care Retirement Community. All residents give us the name, address and phone...

• HIPAA Q&A: NPP reminders

  Q. Patients receive a Notice of Privacy Practices (NPP) at their initial visit that includes...

• OCR audit questions with Susan McAndrew

  OCR has not yet decided how organizations will be selected, says McAndrew. The agency is working...

Issue 35, August 29, 2011

• OCR audit questions with Susan McAndrew

  The audit program will occur in three steps, McAndrew says. After working with audit contractor...

• Survey: Is your compliance officer also your HIPAA privacy officer?

  Survey: Is your compliance officer also your HIPAA privacy officer?

• HIPAA Update blog question: Pulling patient information from filing cabinet

  Check out this question on our blog on August 25.

• HIPAA Q&A: HITECH and BAs

  Q. I read a Q&A that discussed who must send out breach notification letters if the business...

Issue 34, August 22, 2011

• Follow HIPAA Update on Twitter!

  You can now follow HIPAA Update, the blog managed by HCPro, Inc., which also produces this weekly...

• Breaking down OCR's HIPAA hotspots

  Adam Greene, former senior health information technology and privacy advisor at OCR and now...

• OCR data breach tally passes a milestone

  Covered entities have reported breaches of unsecured protected health information affecting 500 or...

• HIPAA Q&A: Posting NPPs

  Q. If we provide laminated copies of our privacy notice on the registration counters, must we post...

Issue 33, August 15, 2011

• OCR's HIPAA audit hot-button topics revealed

  HIPAA compliance auditors contracted by the Office for Civil Rights (OCR) will review whether...

• OCR: Walgreens HIPAA investigation continues

  An Office for Civil Rights (OCR) investigation into the nation’s largest drugstore chain for...

• HIPAA auditor involved in own breach

  The company hired by the Office for Civil Rights (OCR) to conduct nationwide HIPAA privacy and...

• HIPAA Q&A: PHI on website

  Q. One of my colleagues made a website accessible to invitees only. He plans to upload a...

Issue 32, August 8, 2011

• AHA: Drop HIPAA access report provision

  Federal regulators are “misguided” in their proposed HIPAA disclosures rule...

• Prevailing tone in HIPAA disclosure comments: negative

  A proposed HIPAA privacy disclosures rule would be an administrative and financial burden for...

• HIPAA Q&A: Information between school and medical unit

  Q. We have a medical unit for a pediatric population. This campus includes a school for educating...

• OCR undecided on including BAs in HIPAA audits

  When the Office for Civil Rights (OCR) awarded a $9.2 million auditing contract in July, it was...

Issue 31, August 1, 2011

• Attorneys could use access reports in HIPAA, malpractice cases

  The right to request an “access report” as outlined in the Office for Civil...

• AHIMA: Proposed HIPAA access requirement a significant burden

  The proposed new right for patients to request information about who accessed their health record...

• HIPAA Q&A: Symbols on resident doors

  Q. May a nursing home affix symbols on a resident’s door to indicate the types of assistance...

Issue 30, July 25, 2011

• Tell us your success stories

  Survive a recent audit? Handle a breach effectively and efficiently? Avoid a breach or two in...

• CHIME weighs in on proposed HIPAA disclosure rules

  Proposed federal rules requiring providers and payers to let patients know when anyone accesses...

• From our contributor: HIPAA audit-mania: Fasten your seatbelts!

  Check out this post on HIPAA Update by Frank Ruelas, one of our blog contributors.

• HIPAA Q&A: State laws

  Q. Can you provide a summary of state laws that are more stringent than the HIPAA privacy rule with...

Issue 29, July 18, 2011

• Follow HIPAA Update on Twitter!

  HIPAA Update, the blogged managed by HCPro, Inc., the company that produces this weekly...

• OCR investigation tip: Be ready to make changes

  You may need to change your organization’s culture depending on the cause of the...

• 400,000 affected by stolen computer

  Spartanburg Regional (N.C.) Hospital reported on its website that one of its computers containing...

• Follow HIPAA Update on Twitter!

  We’ve gone Tweeting.

• HIPAA Q&A: Attorney requests

  Q. When an attorney requests records and asks that all records be released, must we comply and...

Issue 28, July 11, 2011

• UCLA Health System settles with OCR for $865,500

  The Department of Health and Human Services (HHS) entered into its third largest settlement for...

• OCR hires contractor for HIPAA audit plan

  The Office for Civil Rights (OCR) has hired an organization to implement its HITECH-required HIPAA...

• HIPAA Q&A: NPPs

  Q. Must patients receive a paper copy of our Notice of Privacy Practices during every encounter at...

Issue 27, July 4, 2011

• Tip: Monitor social media

  "Look to make sure that employees are not posting confidential information on these...

• CDPH data breach affects 9,000 state workers

  For the second time in just over six months, California public health officials June 24...

• OCR investigation tip: Recognize the importance of project management

  Project management is always important, but especially during an OCR investigation, Peter...

• HIPAA Q&A: Sign-in sheets

  A. Covered entities are responsible for limiting incidental disclosure. Using a patient sign-in...

Issue 26, June 27, 2011

• Woman pleads guilty to bank fraud and aggravated identity theft

  A Baltimore woman pleaded guilty June 22 to bank fraud and aggravated identity theft after facing...

• OCR investigation tip: Be mindful of time frames

  When OCR communicates with your organization, it likely will impose strict deadlines for responding.

• Doctor charged with disclosing PHI without authorization

  A federal grand jury indicted Richard Alan Kaye, 62, of Suffolk, Va., for what authorities say was...

• HIPAA Q&A: E-mail inquiries

  Q. What is the best way of identifying patients in a long-term care facility when inquiring about...

Issue 25, June 20, 2011

• Unencrypted laptop health breach affects more than 8.6 million records

  London Health Programmes, a medical research organization based at the NHS North Central London...

• More highlights of HIPAA disclosure proposed rule

  Check out this summary from HealthLeaders Media’s Margaret Dick Tocknell, regarding the...

• OCR investigation tip: Get to work right away

  Immediately upon receiving notice of a potential problem, focus on internal compliance, said...

• HIPAA Q&A: Morgue walk-in cooler

  Q. Does maintenance of a list of deceased individuals, including names and dates of birth, on a...

Issue 24, June 13, 2011

• Some things to know about the HIPAA disclosures proposed rule

  HIPAA experts say the major take-away from the HIPAA Privacy Rule disclosures proposed rule is the...

• OCR investigation tip: Consider the means of communication

  Greg Young, information security officer at Mammoth Hospital in Mammoth Lakes, CA, suggested...

• AL hospital data theft affects thousands

  U.S. Postal Inspection Service authorities arrested a Birmingham woman June 2 and charged her with...

• HIPAA Q&A: Medicaid and HIPAA

  Q. Our state Medicaid office requires Medicaid managed care organizations (MMCO) to share Medicaid...

Issue 23, June 6, 2011

• OCR investigation tip: Maintain organized records

  Create a folder on your computer for any case in which you're involved, said Greg Young...

• Digesting HIPAA's accounting of disclosures proposed rule

  Covered entities (CE) and business associates (BA) finally know the details of the accounting of...

• HIPAA Q&A: HR files

  Q. Does HIPAA protect sensitive and confidential health-related information about employees in HR...

• HHS undertakes massive review of rules, regulations

  The effort is part of a government-wide initiative to create a simpler and smarter regulatory...

Issue 22, May 30, 2011

• OCR investigation tip: Document what you do

  Create and maintain a log of events when an investigation commences, says Greg Young, information...

• HIPAA Update blog question: How much information is too much?

  I just met with people who volunteer in our skilled nursing facility. One related a recent...

• HIPAA Q&A: Business associates vs. covered entities

  Q. According to an article in HIPAA Weekly Advisor, covered entities are responsible for notifying...

• HIPAA violator heading to jail

  A federal judge sentenced Isaac Early Smith to six years in prison after he pleaded guilty in...

• HHS publishes HITECH accounting of disclosures proposed rule

  The rule will ultimately lay the foundation for what healthcare providers will be accountable for...

Issue 21, May 23, 2011

• OCR investigation tip: Get your facts straight

  Ensure that you have a clear understanding of what has happened and convey that to government...

• OIG reports cite weakness in OCR and ONC efforts to protect ePHI

  The HHS Office of the Inspector General (OIG) released two reports May 17 questioning the efforts...

• HIPAA Update blog question: Patient information on Google calendar

  We are looking at getting different calendars to keep track of client appointments. On the...

• HIPAA Q&A: Copies of MRI reports

  Q. We are a referral-based MRI facility. As a standard procedure, we fax MRI reports to referring...

Issue 20, May 16, 2011

• Hospital employees fired for snooping

  A Minnesota hospital fired this month 32 employees for inappropriately accessing medical records of...

• Privacy, security guru for OCR leaves post

  A top Office for Civil Rights (OCR) official who played a significant role in shaping law and...

• OCR investigation tip: Cooperate with investigators

  OCR has statutory authority to enforce the HIPAA Privacy and Security Rules. And now, pursuant to...

• HIPAA Q&A: Patient records in public meeting

  Q. An emergency medical technician (EMT) employed by our municipality challenged his dismissal...

Issue 19, May 9, 2011

• HIPAA Update cited as top healthcare/HIPAA blog

  HIPAA Update again earned recognition as a top HIPAA blog, as well as one of the top 50 healthcare...

• Survey: More employees disciplined for social media activities

  The number of employees disciplined for their activities on social networking sites is rising...

• HIPAA Q&A: Emergency department sign-in

  Q. Our emergency department requires patients to sign in with their full name, the name of their...

• OCR action in 2010

  In 2010, the Office for Civil Rights (OCR) initiated 243 security complaints and reviews...

Issue 18, May 2, 2011

• Top posts on HIPAA Update

  Check out what your peers have been reading the most on HIPAA Update during the past 30 days:

• Q&A: Whiteboards and HIPAA

  Q: Is it permissible to list patients by name on whiteboards in the nursing units?

• OCR breach lists climbs to 265

  The number of entities reporting breaches of unsecured PHI affecting at least 500 individuals to...

• Tell us your success stories

  As we are now finished with the first quarter of 2011, we’d like to give you and your staff...

Issue 17, April 25, 2011

• Take plastic? Know this security standard

  Healthcare privacy and security teams are watching closely for new rules and regulations that will...

• Be careful what you post on Facebook

  A story April 18 in the Providence Journal illustrates the ongoing problem that no information...

• Tips as you wait for final HITECH rules

  Review the status of BA contracts. "I'm advising a wait-and-see approach," says John R...

• HIPAA Q&A: Clinical note to wrong provider

  Q. We inadvertently sent a clinical note to the wrong healthcare provider. Must we conduct a risk...

Issue 16, April 18, 2011

• Dig in to these hospital social networking numbers

  As of January, more than 900 hospitals were using 3,000-plus social networking sites. Those...

• Tip: Complete a security risk analysis as you wait for HITECH rules

  While the wait continues for federal officials to release rules regarding HIPAA and HITECH...

• 2 FL medical office workers face fraud charges

  Two medical office workers in south Florida have been indicted on HIPAA violations and related...

• HIPAA Q&A: Voicemail messages

  What information concerning a scheduled procedure (e.g., arrival time, medication reminder, what...

Issue 15, April 11, 2011

• Tip: Check Security Rule compliance as you wait for HITECH rules

  While the wait continues for federal officials to release rules regarding HIPAA and HITECH...

• Health Net breach grabs top spot on OCR list

  Health insurance giant Health Net, Inc., formally reported to the Office for Civil Rights (OCR...

• HIPAA Update blog question: HIPAA office in HIM

  In a big medical center, administered by the government, the HIPAA office consists of one Privacy...

• HIPAA Q&A: Are we a business associate?

  Q. Are we considered a business associate (BA) of the insurance carrier that provides our...

Issue 14, April 4, 2011

• PR for EHRs: More to the story than data breaches

  An annual study by the internet security firm White Hat Security of Santa Clara, CA, found that...

• Another month passes without HIPAA/HITECH rules

  HIPAA privacy and security officers should remember that the month OCR officials predicted HHS...

• HIPAA Q&A: Training requirements

  Q. We are a long-term care facility. As a covered entity pursuant to HIPAA, we have a compliance...

Issue 13, March 28, 2011

• HHS HIPAA Q&A: Retaining medical records

  Q. Does the HIPAA Privacy Rule require covered entities to keep patients’ medical records for...

• HIPAA enforcement plan -- when's it coming?

  HIPAA privacy and security officers have little direction from the government as far as HIPAA...

• IBM helps with Health Net HIPAA breach investigation

  The business associate (BA) involved in Health Net, Inc.’s potential data breach affecting...

• HIPAA Q&A: Paying in cash

  Q. Does HITECH supersede our contracts with third-party health insurance policies if the patient...

Issue 12, March 21, 2011

• OCR: $5 million more needed for HIPAA enforcement

  The Office for Civil Rights, the enforcer of the HIPAA privacy and security rules, is proposing an...

• Health Net, Inc. involved in potential HIPAA breach again -- affecting 1.9 million patients

  For the second time in less than a year, health insurance giant Health Net, Inc., is involved in a...

• HIPAA Update blog question: Is this willful neglect?

  Check out this recent post on HIPAA Update and weigh in!

• HIPAA Q&A: Accounting of disclosures

  Q. We are required to report information, including patient account numbers and diagnosis codes...

Issue 11, March 14, 2011

• HIPAA security officer aces OCR investigation

  Get it? It’s a HIPAA compliance crackdown. One security officer who “got it&rdquo...

• OCR rolls out HIPAA training for state attorneys general

  The Office for Civil Rights (OCR), the enforcer of the HIPAA privacy and security rules, last week...

• HIPAA Q&A: ED nurse visits family

  Q. An emergency department (ED) nurse at a hospital and trauma center saw the name of an...

Issue 10, March 7, 2011

• Top HIPAA Update blog posts

  Check out the most-read posts on our HIPAA Update blog in the past 30 days:

• TIP: Encourage business associates to adopt ID prevention practices

  Medical identify theft is a major problem that will only get bigger, says Chris Apgar, CISSP...

• HIPAA security conference slated for May

  The National Institute of Standards and Technology (NIST) and the Office for Civil Rights (OCR...

• HIPAA Q&A: Breach notification requirements

  Q. Do breach notification requirements apply to both paper and electronic protected health...

Issue 9, February 28, 2011

• HIPAA Q&A: Sharing billing information

  Q. An employee of a physician practice, who is not authorized to release a patient’s billing...

• HIPAA Update post: Weigh in!

  We have a nurse who has twice mailed test results to the wrong patient. Both times the nurse...

• MGH to pay $1 million to settle potential HIPAA violation

  Massachusetts General Hospital has agreed to pay $1 million to settle allegations it violated...

• OCR issues first civil money penalty for HIPAA Privacy Rule violations

  The Office for Civil Rights (OCR), the HIPAA privacy and security enforcer, issued its first civil...

Issue 8, February 21, 2011

• Are your business associates accountable for HIPAA compliance?

  Legislators wrote HITECH in part to beef up HIPAA compliance among business associates (BA) that...

• HIPAA Q&A: Notifying the media

  Q. Which HIPAA requirements are applicable to notifying the media about a patient’s...

• OCR won't investigate 'almost all' HIPAA breach reports

  The HIPAA privacy and security rule enforcer cannot investigate “almost all” of the...

• HIPAA Update blog question: Combining HIM records

  Check out this latest HIPAA Update blog question, and weigh in!

Issue 7, February 14, 2011

• HCPro, Inc. blog, e-Newsletter cited as top HIPAA publications

  Medicine|e-Learning honored HIPAA Update blog and HIPAA Weekly Advisor, publications produced by...

• EHR accounting of disclosures rule close to publication

  The Department of Health & Human Services pushed forward a HITECH-required proposed rule on...

• HIPAA Update question: Notify the patient's mother, too?

  Check out this question, and weigh in with your colleagues here.

• HIPAA Q&A: Physician notes work status

  Q. A patient underwent diagnostic testing in the hospital where she was employed. She received a...

Issue 6, February 7, 2011

• Iowa hospital fires patient-record snoopers

  University of Iowa Hospitals and Clinics in Iowa City fired three employees and placed another two...

• HIPAA Update question: Results sent to wrong doctor

  Check out this HIPAA Update blog question and weigh in:

• HIPAA training: Whom to train

  Your full workforce needs privacy and security training, says Kate Borten, CISSP, CISM, president...

• HIPAA Q&A: Business associate contract

  Q. A covered entity received a business associate contract that included breach notification...

Issue 5, January 31, 2011

• Safeguard against incidental disclosures

  What HHS considers a reasonable safeguard against incidental disclosures can vary depending on the...

• Vermont settles with Health Net for data breach

  The insurance giant agreed to pay Vermont $55,000 regarding its 2009 loss of a portable disk drive...

• Weigh in on this HIPAA Update blog post

  Check out what your colleagues are buzzing about on this hot blog post:

• HIPAA Q&A: Insurance company requests

  Q. An insurance company is requesting copies of medical records so it can review our CPT®...

Issue 4, January 24, 2011

• OCR breach notification report hits 225

  A total of 225 entities reported breaches of unsecured protected health information (PHI...

• Couriers HIPAA compliant?

  Check out this question posted on HIPAA Update and weigh in!

• Vermont AG goes after Health Net

  Health Net, Inc. will pay again for its 2009 patient information breach.

• HIPAA Q&A: Voicemail messages

  Q. May a preadmission nurse leave messages (e.g., “This is a reminder that your surgery is...

Issue 3, January 17, 2011

• Hospital fires medical-records snoopers

  University Medical Center in Tucson, AZ, fired three clinical support staff members and a...

• Tip: Mitigate harmful effects following a patient privacy complaint

  Investigating privacy complaints and applying sanctions are important aspects of compliance, but...

• HIPAA Update blog posts: Weigh in!

  Check out the latest buzz on our HIPAA Update blog. Add your own thoughts to these questions from...

• HIPAA Q&A: Special plates on employee vehicles

  Q. May a home health agency brand itself with magnets or special license plates on...

Issue 2, January 10, 2011

• HIPAA final rules -- by March 2011?

  In its semi-annual regulatory update — published December 20, 2010, in the Federal Register...

• HITECH: Two years in, verdict still out

  It’s the New Year, and HITECH has been law for approximately 23 months. Some regulations...

• Tip: Manage your password properly

  Selecting a strong computer password—one that is easy for you to remember but difficult for...

• HIPAA Q&A: Retaining audit trails

  Q. Does HIPAA or any other law specifically state how long entities must retain electronic medical...

Issue 1, January 3, 2011

• Hospital privacy, security officers make their wish lists

  A smooth road to reach the era of the total EHR. "I wish that the meaningful use journey to...

• HIPAA in 2011: A forecast

  Although I believe that Sue McAndrew and Adam Greene [at the Office for Civil Rights (OCR)] have...

• HIPAA training tip: Be a resource for your workforce

  The smartest route to compliance is for staff to know where to get the information they need, says...

• HIPAA Q&A: Physicians' access to records

  Q. Does HIPAA regulate physicians’ access to their own records (e.g., ordering laboratory...

Issue 28, July 11, 2011

• Making patients safer in the OR: One hospital revamps its blood availability process

  A pediatric patient at Shands Healthcare at the University of Florida, Gainesville made it to the...