Corporate Compliance Newsletters

APC Answer Letter APC Payment Insider Briefings on APCs Briefings on Coding Compliance Strategies Briefings on HIPAA Health Care Auditing Strategies Health Information Compliance Insider Laboratory Compliance Insider Mammography Regulation and Reimbursement Report Strategies for Health Care Compliance

How can you minimize the impact of HIPAA? Subscribe to Briefings on HIPAA, your health information management resource for complying with information privacy & security regulations. Get help with rewriting contracts with business partners, telling patients about how their information is being used, and establishing privacy-conscious business practices.

Subscribe »

2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001

Briefings on HIPAA

Issue 12, December 1, 2011 - VIEW THE FULL ISSUE

• Survive a HIPAA audit: What to do when a letter arrives in the mail

  The dice were rolled and, surprise, you got a letter in the mail from the OCR. You were selected...

• Consider the threats 'insiders' pose to your security

  HIPAA privacy and security officers often spend a lot of time and effort protecting their...

• Covered entity or BA?; misdirected faxes; community organizations that help sexual assault victims

  Q Is it permissible to fax PHI to a long-term care ­facility that also operates an independent...

Issue 11, November 1, 2011 - VIEW THE FULL ISSUE

• OCR HIPAA audits to begin in 2012: What to expect and how to prepare

  Briefings on HIPAA has obtained a copy of the $9.2 million contract with KPMG, LLP, the company OCR...

• Six best practices to survive increased enforcement

  Before HITECH, covered entities (CE) could pretty much say, the government was all bark and no bite...

• Proposed regulation requires HIPAA-covered labs to release test results directly to patients

  Patients may have easier access to laboratory results under an HHS proposed rule, "CLIA...

• New authorizations; incorrect fax number

  Q A patient signed an authorization form eight months ago, and her attorney is now submitting it...

• More than a secure messaging solution

  Breaches are expensive and can be directly related to sending PHI unencrypted over the Internet...

• Some reflections from 'Doctor HIPAA'

  They call William R. Braithwaite, MD, PhD, "Doctor HIPAA" for a reason.

Issue 10, October 1, 2011 - VIEW THE FULL ISSUE

• Trials ahead in maintaining the 'chain of trust'

  The security of PHI is no longer the exclusive domain of covered entities (CE).

• The ABCs of policies and procedures

  Undocumented policies and procedures are among the top five stumbling blocks to HIPAA compliance...

• Can breaches physically harm patients in healthcare settings?

  Could a data breach be life-threatening?

• Incorrect fax number; working with BAs

  Q A fax containing PHI is sent to an incorrect fax number. Did the covered entity (CE) or business...

Issue 9, September 1, 2011 - VIEW THE FULL ISSUE

• 150 HIPAA audits to occur before end of 2012

  The time for healthcare organizations to undertake a review of their operations is now-OCR...

• HIPAA audits can affect business associates, too

  Business associates (BA) may not be the target of upcoming HIPAA compliance audits, but failure to...

• Mobile devices pose major security risk

  Mobile devices, from tablets to smartphones, are nearly as common as stethoscopes in healthcare...

• OCR: Patient care top priority during disasters

  The May tornado that destroyed a medical center in Joplin, MO, raised an important question: How...

• Breach management tool merits consideration

  Breaches are expensive, and the price tag increases when preparation and formal documentation are...

• Releasing sensitive information, poison control entities, and text messages

  Q Our authorization form for release of information requires patients to sign separate lines to...

• Organizations urge HHS to reconsider disclosures proposed rule, withdraw access report provision

  Organizations have had their chance to weigh in on the proposed accounting of disclosures rule, and...

Issue 8, August 1, 2011 - VIEW THE FULL ISSUE

• Electronic records system aids recovery after tornado destroys Missouri hospital

  Just three weeks before a devastating tornado roared through Joplin, MO, St. John's Regional...

• Some surprises in HITECH's NPRM

  A long-awaited notice of proposed rulemaking (NPRM) required by HITECH for accounting of...

• Address privacy and security risks with social media

  Social networking and its related communication ­vehicles pose significant privacy and security...

• Electronic medical records, accounting of disclosures, and how a business associate gets involved

  Q Is it permissible to allow hospital employees who have been granted access to PHI through the...

• How one healthcare system undertook a global HIPAA policy review; HITECH a good reason to start

  HITECH was the trigger for a global HIPAA policy review at North Shore-Long Island Jewish Health...

Issue 7, July 1, 2011 - VIEW THE FULL ISSUE

• The top five gaps in HIPAA compliance

  When Raj Chaudhary, MS, PE, CGEIT, goes into hospitals, there are five HIPAA privacy and security...

• Government turns up the heat on protection of ePHI

  If patients had concerns about the ability of healthcare organizations to protect their ePHI, two...

• HITECH's effect on patients' rights to PHI

  HITECH has changed the rules when it comes to an individual's right to access and amend his or her...

• Patient authorizations, voice mail messages, and patients who e-mail PHI

  You've got HIPAA questions. We've got answers.

Issue 6, June 1, 2011 - VIEW THE FULL ISSUE

• The feds are coming

  Hospitals and other healthcare organizations may now be wondering how to respond in a charged-up...

• Notice of Privacy Practices, HIPAA authorization requirements, inappropriate access

  You've got HIPAA compliance questions. We've got answers.  

• Backing up your information to move forward

  Mimic Data simplifies the data backup process and significantly shortens recovery time if a server...

• Encryption: Critical for protecting PHI

  Encrypting a message converts it to a form that only the intended recipient can read. It is...

• Use this checklist to ensure compliance

  Organizations must take certain steps to help ensure security and resiliency.

Issue 5, May 1, 2011 - VIEW THE FULL ISSUE

• OCR HIPAA/HITECH audits are in your future

  Preparing for audits can be a tool for assessing an organization's compliance with the Privacy and...

• Rehiring an employee, telephone vendors, faxes to wrong address, and unencrypted e-mails

  You've got questions. We've got answers.  

• Product can help limit risk of loss or theft

  ClevX™, an intellectual property (IP) development and licensing company in Kirkland, WA...

• A winning game plan if OCR launches an investigation

  The company, based in Prince George's County, MD, got hit in February with OCR's first civil money...

• Lessons learned

  HHS' OCR in February began using the new fine structure mandated by HITECH and handed one of the...

Issue 4, April 1, 2011 - VIEW THE FULL ISSUE

• As patients get more savvy, address privacy concerns

  Here's one trend industry observers say healthcare organizations can expect to see now and in the...

• Navigating the new era in health information technology

  Organizations need to determine whether they have fully implemented the Security Rule. The HIPAA...

• The HIPAA/HITECH final rule waiting game continues

  It's akin to waiting for the proverbial "other shoe" to drop.

Issue 3, March 1, 2011 - VIEW THE FULL ISSUE

• Industry leaders discuss healthcare privacy, security trends that deserve your attention

  A group of prognosticators asked to predict what lies ahead in 2011 says the healthcare industry...

• HITECH promises, but does it deliver?

  With newfound authority, some state attorneys general (AG) are beginning to take aim at covered...

• Discussing family members' health; surgery observation

  Q. I work in patient financial services at a hospital. Like me, several of my coworkers have aging...

• Are business associates in compliance?

  HITECH changed the obligations of business associates (BA), and it did so dramatically.

Issue 2, February 2, 2011 - VIEW THE FULL ISSUE

• 2011 promises to be a busy year

  All those final HITECH Act and HIPAA rules you’ve been waiting for will become reality in...

• Red Flags Rule reprieve

  Many physicians and physician practices have gotten a break from the Red Flags Rule—the law...

• Q&A: Voice mail messages, breach notification, and BA contracts

  Q. May a preadmission nurse leave messages (e.g., “This is a reminder that your surgery is...

• Paper-to-EHR transition creates HIPAA challenges for physician practices

  The challenge of complying with HIPAA privacy and security requirements is significant for...

• Your training checkup

  Lack of trained staff is a major cause of data breaches, according to healthcare organizations.

Issue 1, January 1, 2011 - VIEW THE FULL ISSUE

• New study: Healthcare has long way to go to protect patient privacy

  “Patient revenue trumps privacy and risk management,” according to the sponsor of a...

• HITECH Security Advisors offers tool to assess compliance with federal law; providers must analyze their needs first

  It appears OCR and state attorneys general will be taking a more serious approach to enforcing...

• Social media: Balance the benefits and risks

  Social media and networking have created a dilemma for many healthcare organizations: They carry...

• Briefings on HIPAA 2010 index

  Briefings on HIPAA 2010 index