HIPAA Q&A: You’ve got questions. We’ve got answers!
HIM-HIPAA Insider, September 8, 2014
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Submit your HIPAA questions to Editor Jaclyn Fitzgerald at jfitzgerald@hcpro.com and we will work with our experts to provide you with the information you need.
Q: I work at a skilled nursing facility and I want to ensure that the organization is HIPAA compliant. What requirements and safeguards are necessary to ensure HIPAA compliance at our facility? Is there a document we can or should use to help us maintain compliance?
A: The best place to find out more about HIPAA privacy and security requirements is from OCR, which has published a wealth of information about HIPAA requirements, including guidance for small practices and health plans. OCR has also made available a sample business associate agreement and a model Notice of Privacy Practices.
To ensure your security program is up to date, you must conduct a risk analysis. A risk analysis is the foundation of any good security program and is mandated by the HIPAA Security Rule. A risk analysis should be conducted annually and when any major business or IT system change occurs. OCR and the Office of the National Coordinator for Health Information Technology has made available a risk analysis tool. You can conduct the risk analysis yourself or find a reputable vendor to assist you.
Editor’s note: Chris Apgar, CISSP, president of Apgar & Associates, LLC, in Portland, Oregon, answered this question for HCPro’s Briefings on HIPAA newsletter.
Want to receive articles like this one in your inbox? Subscribe to HIM-HIPAA Insider!
Related Products
Most Popular
- Articles
-
- Math can be tricky: TJC corrects ABHR storage requirement
- Air control equals infection control
- Don't forget the three checks in medication administration
- Note similarities and differences between HCPCS, CPT® codes
- Five ways to safeguard your patients' valuables
- The consequences of an incomplete medical record
- Q&A: Primary, principal, and secondary diagnoses
- OB services: Coding inside and outside of the package
- Skills of effective case managers
- Practice the six rights of medication administration
- E-mailed
-
- Air control equals infection control
- OSHA HazCom updates include labeling, SDS requirements
- Plan of Care Supports Documentation of Homebound Status
- Note similarities and differences between HCPCS, CPT® codes
- Note from the instructor: CMS clarifies billing guidelines on proper billing for drugs in a single-dose or single-use vial, including billing for discarded drugs
- Neurological checks for head injuries
- Modifiers and medical necessity
- Follow these tips to properly report bladder catheter codes
- Five ways to safeguard your patients' valuables
- Differentiate between types of wound debridement
- Searched