Health Information Management Newsletters

APC Answer Letter APC Payment Insider Briefings on APCs Briefings on Coding Compliance Strategies Briefings on HIPAA Health Information Compliance Insider Medical Records Briefing

How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for complying with information privacy & security regulations. Get help with rewriting contracts with business partners, telling patients about how their information is being used, and establishing privacy-conscious business practices.

Subscribe »

2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001

Briefings on HIPAA

Issue 12, December 1, 2005 - VIEW THE FULL ISSUE

• Shut the door on incidental disclosures with a clear policy

  HIPAA does not require organizations to track incidental disclosures and include them in...

• Prioritize, document, and repeat to ensure BA compliance

  When you initiate or reexamine your relationship with a business associate (BA), keep in mind that...

• Factor risk, cost when choosing encryption solution

  Encryption is an addressable implementation specification under HIPAA’s security rule, but...

• Q&A: How to cover the security rule in BA agreements

  When it comes to ensuring your organization’s HIPAA security rule compliance, dealing with...

Issue 11, November 1, 2005 - VIEW THE FULL ISSUE

• Prepare now for disaster recovery

  Focus on business continuity when drafting your plan HIPAA’s security rule requires your...

• Consult state law, best judgment when dealing with pediatric patients

  Just because adolescent patients aren’t necessarily responsible for making their own...

• Target security training to specific risks, groups

  Information Protection Manager Richard Mosher, CISSP, CBCP, of Washoe Medical Center (WMC) in Reno...

• Q&A: Privacy situations when HIPAA is unclear

  In healthcare organizations, many privacy questions arise that HIPAA does not answer explicitly...

• Control vendor access with a strong agreement

  A check of your access logs shows that at 3 a.m. last night, one of your vendors accessed your...

Issue 10, October 1, 2005 - VIEW THE FULL ISSUE

• Be prepared for stricter enforcement

  Organizations should resolve violations now Those expecting a final enforcement rule identical...

• Tell authorized users to log off

  Protect PHI with security features and education You’re doing work that involves PHI on...

• Use code words to manage personal disclosures

  More responsibility for patients can mean less stress for staff Happy patients are good for...

• Portability 101: Don’t forget about the other HIPAA

  With so much focus on administrative simplification standards, it’s easy to forget about the...

• Q&A: Device and media controls

  Under the Device and Media Controls standard, the HIPAA security rule requires disposal of...

• Involve staff when implementing role-based access

  Sometimes policies and procedures aren’t enough. Regardless of how much training you provide...

Issue 9, September 1, 2005 - VIEW THE FULL ISSUE

• Know what to expect from HIPAA’s new enforcement rule

  Organizations found guilty of HIPAA violations and given civil monetary penalties now have to worry...

• Address these issues now

  Nagging privacy issues continue to give organizations problems It’s been more than two...

• Test your staff with these eight case scenarios

  Simply providing your staff with one training session about HIPAA won’t save you from a...

• Focus on increased profits, productivity of HIPAA compliance

  In the business world, return on investment (ROI) is an extremely important factor when determining...

• Q&A: Appropriate roles and security evaluations

  By Kate Borten, CISSP, CISM

Issue 8, August 1, 2005 - VIEW THE FULL ISSUE

• Get ready now for NPIs

  Covered providers must use national identifiers by 2007 May 23-the latest HIPAA implementation...

• Don’t read too much into the DOJ’s opinion on enforcement

  There’s no need to worry: The recently released opinion on the enforcement of HIPAA’s...

• Gain patient’s trust by being up-front about breaches

  Although organizations must track incidental disclosures of patients’ PHI, HIPAA...

• Don’t let auto-lockouts lock you out of your network

  Usability is the key when protecting your system this way Some information security experts say...

• Q&A: Common encryption dilemmas

  Editor’s note: Beaver is founder and information security advisor with Atlanta-based...

• Protect ePHI with an effective disaster recovery plan

  "A contingency plan is the only way to protect the availability, integrity, and security of data...

Issue 7, July 1, 2005 - VIEW THE FULL ISSUE - VIEW THE FULL ISSUE

• Five steps to a seamless, HIPAA-compliant transition to paperless

  Regardless of your facility’s stage in the electronic health records (EHR) implementation...

• Train without draining: Tips to avoid redundancy in employee education

  A crucial employee at your facility gives notice, leaving you three weeks to recruit, interview...

• Script your way to consistent answers to PHI requests

  It’s important for your staff to know what to say when patients request access to their PHI...

• Embrace the interoperability push

  Interoperability. It’s the buzzword for the year, and it’s sounding the call for the...

Issue 6, June 1, 2005 - VIEW THE FULL ISSUE

• Are your patients spotting HIPAA violations at your organization?

  Second in a two-part series. At this point, you must have safeguards to protect patient...

• Conduct trial run before adding patient passwords to your system

  Selby General Hospital in Marietta, OH, implemented a patient password system a few years ago as...

• Stop PDAs from putting patient PHI in jeopardy

  As personal digital assistants (PDA) such as the Palm Pilot®, Compaq Ipaq®, and BlackBerry® become...

• Quit playing the risk analysis guessing game

  A quest for answers stopped security-assessment speculation Privacy and security officers hear...

Issue 5, May 10, 2005 - VIEW THE FULL ISSUE

• Make (dollars and) sense of ID management technology

  Approximately 33% of information technology (IT) professionals say access management and entity...

• Violation or patient misinterpretation?

  By now, HIPAA privacy and security compliance should be a reality at your facility, but perhaps you...

• Address nonprivacy complaints in seven simple steps

  The following summarizes the procedures to file a complaint with CMS, as well as how the agency...

• Hip, hip, hooray for HIPAA!

  If glazed-over eyes and moans and groans are all you get when you mention attending HIPAA training...

Issue 4, April 1, 2005 - VIEW THE FULL ISSUE

• Use surveys to evaluate employee awareness of security requirements

  Use surveys to evaluate employee awareness of security requirements According to a recent...

• Save money and comply with HIPAA

  Staying in compliance with HIPAA can be expensive. From training and monitoring to closing...

• Document your way to security rule compliance

  With the deadline for compliance knocking at your door, you may worry that your organization hasn't...

• Protect ePHI through physical security

  For some covered entities, physical security means an electronic badge and keypad system; for...

• No HIPAA check on your date with JCAHO

  It's only natural to feel anxious before your Joint Commission on Accreditation of Healthcare...

Issue 3, March 1, 2005 - VIEW THE FULL ISSUE

• In disaster planning, what you don't do will hurt your organization

  "Always be prepared." This age-old Boy Scout credo drives the contingency plan mandate in the HIPAA...

• HIPAA reminders improve staff compliance with facility policies

  If you have a hard time informing your employees about security policies and procedures, getting...

• Evaluate software vendors on key software capabilities

  Whether you're evaluating the security features of new software or one your organization already...

• Follow rules about releasing PHI to union reps

  A patient accuses one of your employees of improper conduct. As the supervisor, you call the...

• Polish your facility's process for handling complaints

  The HIPAA privacy rule requires that you provide a process for individuals to make complaints...

Issue 2, February 1, 2005 - VIEW THE FULL ISSUE

• Minimize damage when BAs go bad

  A laptop is stolen from a medical clinic across town, placing the PHI of the clinic's patients at...

• Simple, affordable efforts make small providers HIPAA-ready

  With the HIPAA security rule deadline only a few months away, you need to pick your compliance...

• Don't let 'floating' staff put your organization at risk

  By now, you've probably gone to great lengths to provide HIPAA training to staff who work solely in...

• Use safe, secure measures to transport PHI

  When it comes to transporting PHI, the horror stories get around faster than the data, from the...

• Q&A: What to do when your systems get hacked

  Even with all the controls, policies, and plans the HIPAA security rule requires, the chances of...

Issue 1, January 1, 2005 - VIEW THE FULL ISSUE

• Let lawyers, consultants help you with security compliance

  Which comes first, the lawyer or the security consultant? In the best scenario, lawyers and...

• Ring in the New Year with seven steps to satisfy HIPAA security

  If you neglected to consider the looming security deadline when you made your New Year's...

• Home sweet HIPAA

  An employee working at home leaves her computer for a quick bathroom break. While she's away, her...

• PHI disposal means more than just taking out the trash

  When it comes to disposal of PHI, Sue Dill, RN, MSN, JD, vice president of legal services and the...