- Home
- » Health Information Management Main Page
- » Newsletters
- » Briefings on HIPAA
- » Newsletters
- » Health Information Management Main Page
Health Information Management Newsletters
APC Answer Letter APC Payment Insider Briefings on APCs Briefings on Coding Compliance Strategies Briefings on HIPAA Health Information Compliance Insider Medical Records Briefing
How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for complying with information privacy & security regulations. Get help with rewriting contracts with business partners, telling patients about how their information is being used, and establishing privacy-conscious business practices.
2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001
Briefings on HIPAA
Issue 12, December 1, 2010 - VIEW THE FULL ISSUE
-
Prepare to respond to breaches of privacy
While your healthcare organization awaits a breach notification final rule from HHS, there are some... -
Are there other risks you need to worry about?
You worry about laptop computers and other portable devices being stolen. But what about digital... -
Q&A: Insurance company requests, privacy practice acknowledgments, and breach notification
Q. An insurance company is requesting copies of medical records to review our CPT coding. These... -
OCR flags copier vulnerabilities, laptop computers
Almost every digital copier built since 2002 contains a hard drive, like the ones on computers...
Issue 11, November 1, 2010 - VIEW THE FULL ISSUE
-
Get 'social'-but address privacy concerns
When it comes to social networking websites, advocates say hospitals can have it both... -
Ten tips for training your workforce to be HIPAA ready
Educate employees on best practices. Train employees on how to identify a security incident... -
Posting resident names and pictures, disclosing minors’ PHI to parents, and unencrypted e-mails
Q. Posting resident names and pictures, disclosing minors’ PHI to parents, and unencrypted... -
Look at the fine print to ensure protections on backup services; watch for HIPAA-compliant promises
Data backup is critical to business continuity and risk avoidance in any industry. In healthcare... -
CMS offers five solutions to help address inadequate HIPAA Security Rule?required policies and procedures
Old and inadequate policies and procedures is one of seven shortcomings CMS found in its 2009...
Issue 10, October 1, 2010 - VIEW THE FULL ISSUE
-
Cost of healthcare security
Hospitals and provider networks account for the highest number of breaches on the OCR list of... -
When is it a PHI breach, or an internal incident?
You want your staff members to report incidents when they suspect a privacy or security violation... -
Compliance with cameras in rooms; requesting donor information; access to records and legalities
Q. We received a request under the California Public Records Act from the local newspaper for... -
Follow HITECH and state notification requirements
Your incident response plan should be in strict compliance with HITECH requirements, says Kate...
Issue 9, September 1, 2010 - VIEW THE FULL ISSUE
-
Getting it all done when you’re a solo act
Dena Boggan, CPC, CMC, CCP, chuckled when someone recently suggested that her staff audit some... -
Waiting for the final rule? Here’s a checklist to prepare
OCR is seeking comments on the HIPAA proposed rule published July in the Federal Register through... -
Business associates are still business associates; HITECH includes new criminal penalties
Q. In the April issue of BOH, one of the Q&As discussed who must send out breach notification... -
SunGard strong in disaster recovery planning
The cost of failure to comply with the HIPAA Security Rule has significantly increased during the... -
Accounting for disclosures from EHRs: What you need to know to comply with HITECH requirement
When HITECH was signed into law February 17, 2009, privacy and security officers predicted the...
Issue 8, August 1, 2010 - VIEW THE FULL ISSUE
-
Theft or loss of paper records, desktop computers put organizations at risk
Incidents involving paper records and desktop computers are second and third most common on the... -
HITECH creates new privacy challenges for healthcare organizations; individuals gain stronger rights
The HITECH Act includes new privacy requirements that allow for stronger individual rights to... -
HIPAA proposed rule extends compliance to BA subcontractors; BAs liable for subcontractor breaches
On July 8, HHS released a proposed rule to modify the HIPAA privacy, security, and enforcement... -
Use this checklist to help evaluate your organization
The HIPAA Security Rule requires covered entities (CE) to conduct periodic evaluations of their...
Issue 7, July 1, 2010 - VIEW THE FULL ISSUE
-
Safeguard portable devices with education, policies
Because of the high risk that laptop computers and other portable devices create for a potential... -
Prepare your organization to respond appropriately if a breach of unsecured PHI occurs
A major privacy breach can carry a heavy price for a healthcare organization, and its response can... -
Review patient authorization before responding to attorneys; state law sometimes preempts HIPAA
Q. Must patients receive a paper copy of our Notice of Privacy Practices during every encounter at... -
Consider Axway solutions to help secure PHI
Electronic health information exchange (HIE) has become the center of attention for most states...
Issue 6, June 1, 2010 - VIEW THE FULL ISSUE
-
Beware: Laptop computers create a major risk
If staff members in your healthcare organization use laptop computers, you’ve just... -
Lesson learned: Protect PHI when staff member leaves
The privacy breach at Griffin Hospital in Derby, CT, raises red flags for healthcare organizations... -
HIPAA Q&A: Census disclosures may violate HIPAA; consider sign-in sheet alternatives in waiting area
Q. We are an MRI facility, and our services are referral- based. Faxing MRI reports to...
Issue 5, May 1, 2010 - VIEW THE FULL ISSUE
-
Use these cost-effective ways to ensure compliance
Jaspinder Grewal is a self-described "techie" who knows that developing cost-effective... -
Clipboard permissible but not best sign-in option
Account numbers reported to the state are considered patient-identifiable information. Therefore... -
De-identification standard moves to forefront at OCR
Many healthcare organizations have pondered these questions. Now OCR has turned its attention to... -
Pre-test security application compatibility, effectiveness before purchase; HIPAA compliance at stake
As with laptop and desktop computers, smartphones are also the target of malware that can damage... -
HCPro survey: Breach notification requirements are top HITECH challenge; BA contracts also a concern
Security breach notification requirements, according to Briefings on HIPAA's HIPAA and HITECH...
Issue 4, April 1, 2010 - VIEW THE FULL ISSUE
-
Cascade official shares lessons learned from CMS HIPAA security audit
Cascade Healthcare Community, a three-hospital health system headquartered in Bend, OR, was one of... -
Failure to conduct risk assessment is risky business
The HIPAA security rule requires this type of assessment. However, many healthcare organizations... -
HIPAA Q&A: Give media limited patient information; HITECH protects paper PHI in addition to electronic information
A patient underwent diagnostic testing in the hospital where she was employed. She received a copy... -
Case involving breaches of PHI worth watching
Connecticut Attorney General Richard Blumenthal sued Health Net of Connecticut, Inc., for failing...
Issue 3, March 1, 2010 - VIEW THE FULL ISSUE
-
Ensure that your business associates comply with HITECH security and privacy
Don't wait for OCR to publish all the HITECH implementation rules before taking action, Apgar said... -
New regional privacy advisors provide guidance and education for covered entities and business associates
OCR has established privacy advisors in each of its regional offices to provide HIPAA privacy and... -
Product watch: Take a secure trip to Aruba’s wireless solution
The wireless and the wired environment are each subject to potentially significant security... -
HIPAA Q&A: Terminate contract if vendor denies records request; patient also can be liable for lost records
When breaches occur, you are required to notify the affected patients or their legal... -
Adapt HIPAA internal sanctions policy to comply with HITECH; consider penalty tiers for violations
HITECH establishes new penalty tiers, so providers should revise their sanction policies now.
Issue 2, February 1, 2010 - VIEW THE FULL ISSUE
-
A final checklist to help meet the HITECH deadline
Under HITECH—approved as part of the American Recovery and Reinvestment Act—business... -
Learn from other healthcare organizations’ mistakes; Review the top breaches of 2009 and how you can prevent the same at your facility
Major breaches of patient information in 2009 break down into three types: snoopers, hackers, and... -
Q&A: Business associate requirements, audit log retention periods, and more
Is there any regulation that defines the retention period for electronic health record (EHR) or... -
Consider SenditCertified to help ensure secure PHI transmissions
SenditCertified offers a unique solution: It supports the encryption of transmitted PHI that meets... -
Proactive training: Educate staff members, patients in fight against medical identity theft at your facility
Booz Allen Hamilton, a McLean, VA–based firm that was commissioned in 2008 by the Office of...
Issue 1, January 1, 2010 - VIEW THE FULL ISSUE
-
HITECH, major settlements, EHRs, and more: Looking back on 2009, ahead to 2010
BOH revisits the most significant events of 2009 and explores their potential effect in 2010. -
HITECH compliance deadline one month away
Chris Apgar, CISSP, and John R. Christiansen, JD, answered questions regarding BA contracts during... -
Assess privacy vulnerabilities for social networking sites
Determine whether and how you’re vulnerable, as well as whether revising your policies and... -
BOH 2009 index
Breach notification requirements Breach notification: Immediate steps for providers. Oct., p...