Free e-Newsletters

HIM-HIPAA Insider

This e-mail newsletter delivers how-to advice and breaking news on HIPAA regulations each week. Stay informed on timely topics, security news and regulations, and analysis of proposed and final HIPAA rules that will ensure patient information security.

2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001

Issue 24, July 2, 2012

• Notice: Final issue of HIPAA Weekly Advisor

  HCPro is sorry to report that this is the last issue of HIPAA Weekly Advisor. We thank you for...

• Professor to file complaints against provider for HIPAA violations

  A University of Utah health law professor said she is filing complaints with OCR and the Federal...

• HIPAA Q&A: HIPAA and electronic signatures

  Q: Are digital signatures permissible on custodian affidavit/declaration forms? Signing...

• What you might not know about OCR HIPAA audits

  Elizabeth H. Johnson, Esq., has been keeping an ear close to the ground with respect to ongoing OCR...

Issue 23, June 25, 2012

• Notice: Second to last issue of HIPAA Weekly Advisor

  HCPro is sorry to report that this is the second to last issue of HIPAA Weekly Advisor. We thank...

• California releases HIPAA security toolkit

  California was long been considered to have one of the most stringent state data privacy and...

• HIPAA Q&A: Sharing patient information with specialists

  Q: A patient who presented with an order from the primary care physician for lab work had also seen...

• Begin with code of conduct, policies, and procedures

  Healthcare organizations face increasingly complex privacy and security issues as they cope with...

Issue 22, June 18, 2012

• ONC says HIPAA mega rule out by end of summer

  The national coordinator for health information technology says the HIPAA mega rule including...

• OCR director releases 'right to access' memo

  OCR’s director released a memorandum May 31 highlighting the importance of a patient’s...

• HIPAA Q&A: Home health patient information books

  Q: A home health agency was informed by an assisted living facility that the home health agency was...

Issue 21, June 11, 2012

• HIPAA training materials for state attorneys general now available online

  The Office for Civil Rights (OCR) has released its HIPAA enforcement training material developed...

• The many days of HIPAA compliance

  HIPAA in 2011. Those 365 days were more about bad headlines for organizations.

• Get your HIPAA privacy program in compliance

  If you are a HIPAA privacy officer, it might be looking pretty scary out there, said Adam Greene...

• HIPAA Q&A: Level of encryption needed for email

  Q. Please explain in an understandable way for nontechnical individuals the necessary level of...

Issue 20, June 4, 2012

• Medical center loses laptop containing ICU patient health information

  A laptop containing patient information was reported missing from a local physician office in...

• Yes...It's okay to start purging

  For a number of reasons, folks seem to be hesitant to purge hard-copy records that are greater than...

• Privacy, security concerns high in HIEs

  A Boston resident is at a New York Yankees game in the Bronx cheering on his beloved Boston Red...

• HIPAA Q&A: HIPAA-mandated software?

  Q: A physician is converting from paper charts to an electronic health record (EHR) that is...

Issue 19, May 28, 2012

• MA hospital to pay $750,000 to settle data breach allegations

  A Massachusetts hospital will pay the state $750,000 in a settlement following a breach of PHI that...

• MA hospital worker fired for stealing patient information

  A Massachusetts Eye and Ear Infirmary employee did not want to pay her electric bill. So she turned...

• Are your workforce members texting PHI?

  Belinda Setters, MD, knew she was possibly violating HIPAA regulations. But she had no intention of...

• HIPAA Q&A: Answering service messages

  Q: If a physician uses an answering service and receives unencrypted messages from an answering...

Issue 18, May 21, 2012

• HIPAA conviction stands for former UCLA Healthcare researcher

  A HIPAA conviction stands for UCLA Healthcare System researcher Huping Zhou, according to a May 16...

• The many days of HIPAA compliance

  HIPAA in 2011. Those 365 days were more about bad headlines for organizations. In 2012, we want to...

• OCR begins HIPAA compliance audits

  Mac McMillan, CISSM, has an insider’s look at what it’s like to undergo a HIPAA...

• HIPAA Q&A: TPO disclosures to a business associate

  Q. During a recent webinar, a presenter indicated disclosure of PHI to business associates needed...

Issue 17, May 14, 2012

• ONC releases privacy, security guide

  The Office of the National Coordinator for Health IT (ONC) released its “Guide to Privacy...

• Email violated HIPAA, state says

  Shasta Regional Medical Center in Redding, Calif., violated a patient’s confidentiality when...

• Nurse posts picture of athlete/patient on Facebook

  I have a friend who is a Facebook friend of a nurse in a hospital in another state. This nurse...

• HIPAA Q&A: Next of kin

  Q. A covered entity received a business associate contract that included breach notification...

Issue 16, April 23, 2012

• Surgery facility settles with HHS for $100K

  Phoenix Cardiac Surgery of Phoenix and Prescott, AZ, will pay $100,000 to HHS for failing to...

• Consulting firm seeks to drop lawsuit over missing laptop

  Accretive Health, Inc., a consulting firm charged with violating health privacy laws, has asked to...

• Briefings on HIPAA excerpt: Healthcare system develops mobile device checklist

  Would all your staff members know what to do if their laptop computers were lost or stolen? Well...

• Identity theft case in South Carolina leads to heightened repercussions

  South Carolina government enforcement officials are cracking down on state agency security systems...

• HIPAA Q&A: Voice messages

  Q. May a preadmission nurse leave a message (e.g., “This is a reminder that your surgery is...

• HIPAA Q&A: PHI definition

  Q. The Code of Federal Regulations (CRF), specifically 45 CFR 160.103, defines PHI and...

• HIPAA stories from HCCA? let us know!

  Editors here at HCPro, Inc., the company that distributes this e-newsletter, attended the Health...

Issue 15, April 16, 2012

• Data breach update: 780,000 affected in Utah data breach

  The Utah Department of Health (UDOH) released an update April 9 regarding a data breach caused by...

• Briefings on HIPAA excerpt: OCR audit preparation tips

  Michael D. Ebert, national HIPAA services leader at KPMG, the company hired by OCR to conduct the...

• Government conference on HIPAA Security

  Government security officials will host the fifth annual conference, Safeguarding Health...

• Attending HCCA in Las Vegas this week? Let us know!

  Members of HCPro, Inc.’s editorial team will be at the Health Care Compliance...

• HIPAA Q&A: Entitlement of records

  Q. When is Adult Protective Services (APS) entitled to copies of a patient’s medical record...

• HIPAA Update hot posts

  Check out the top two most visited blog posts on HIPAA Update in the past 30 days.

• Employees steal patient information to file false tax returns

  Two employees from Memorial hospitals in Broward County, Fla., stole the identities of nearly...

• HIPAA Q&A: Satellite clinic

  Q. Our physician practice operates a satellite clinic. The practice does not use an electronic...

Issue 14, April 9, 2012

• Data breach in Utah compromises thousands of Medicaid claims

  The Utah Department of Technology Services (DTS) reported March 30 a patient information breach...

• Stolen computer leads to breach at Georgia Health Science University

  More than 500 patient records could be compromised after someone stole a computer stolen from a...

• HIPAA Q&A: Managed care companies and PHI

  Q. I’m having problems with managed care companies requesting PHI for their Healthcare...

• HIPAA 2012: What are your plans?

  Have a good headline from your organization? Decreased your HIPAA breaches? Implement a successful...

Issue 13, April 2, 2012

• McAndrew: HIPAA/HITECH final rules shipped off to OMB

  OCR took the last step before publishing final rules on HIPAA/HITECH by sending the rules to the...

• HIPAA Summit 2012 recap!

  We attended the Twentieth National HIPAA Summit at the Renaissance Hotel in Washington, D.C., the...

• FTC issues best practices for privacy protections

  HIPAA privacy officers may want to take a peek at the Federal Trade Commission’s March 26...

• HIPAA Q&A: Requirements for notification

  Q. What constitutes a privacy breach that requires notification to patients? Recently, a thief...

Issue 12, March 26, 2012

• Stolen laptop at university includes PHI of more than 500 patients

  A laptop stolen from a nurse practitioner in Georgia may compromise the personal information of...

• HIPAA Q&A: De-identifying pill bottles

  Q. Some of the medications we receive for our assisted living residents are in blister packs...

• CMS publishes guidance on record confidentiality

  CMS recently issued further guidance on patient rights to privacy and medical record...

• HIPAA Update hot posts

  Check out the posts on HIPAA Update that have attracted the most views in the past 30 days, and...

Issue 11, March 19, 2012

• Experts: Lack of HIPAA basics cost BCBST $18.5 million

  HIPAA compliance 101—policies, training, monitoring, and risk assessments—might have...

• Q&A with OCR: We investigate all 500-plus HIPAA breaches

  Were it not for the HITECH requirement to report 500-plus breaches to OCR/media, is there a chance...

• CMS announces another extension of HIPAA 5010 deadline

  CMS announced March 15 that it would once again postpone the enforcement of HIPAA 5010 for three...

• HIPAA Q&A: Notice of Privacy Practices

  Q. Is there a need to keep the acknowledgment form when we provide a Notice of Privacy Practices...

Issue 10, March 12, 2012

• Does your facility have a mobile device policy?

  Mobile-device policies: Have one?

• ONC: send us comments on securing mobile devices

  The Office of the National Coordinator for Health Information Technology (ONC) wants input on...

• New tool could convince senior leaders to invest in privacy, security

  Covered entities (CEs) and business associates (BAs) now have a new method to convince senior...

Issue 9, March 5, 2012

• Briefings on HIPAA excerpt: Responding to breaches

  Breaches happen. How your organization responds when they happen can make all the...

• HIPAA Update blog post: Registry review

  A staff member meets routinely with a patient’s family member. The staff member feels that...

• OCR large breach list hits 400; monthly pace slows

  The Office for Civil Rights (OCR), which began posting entities reporting breaches of unsecured...

• HIPAA Q&A: Mobile devices

  Q. Can mobile and smartphones be used to communicate patient information?

Issue 8, February 27, 2012

• Briefings on HIPAA excerpt: Mobile-device boom

  Privacy and security officers should watch one particular trend -- the growing number of hospital...

• HIPAA UPDATE blog post: Physicians fined for using smart phones?

  I am trying to find cases of physicians being fined for using smart phones to receive information...

• HIPAA Q&A: STD information and parents

  Q. What is the responsibility of the pharmacist if he or she dispenses a prescription for a minor...

Issue 7, February 20, 2012

• HHS confirms ICD-10 delay

  It’s no longer a mere possibility; HHS has confirmed its intent to delay the ICD-10...

• Thousands of medical records leaked in California

  A glitch in the network security settings of five California hospitals allowed outside search...

• HIPAA Q&A: Encryption

  Q. Would a covered entity or business associate be in violation of the HIPAA Security Rule if it...

Issue 6, February 13, 2012

• Access to records?

  How may an individual obtain access to health records after a Medicaid patient dies? More...

• HIPAA Q&A: Flu shots

  Q: Our healthcare facility requires employees to get the flu shot or they will have to wear a mask...

• HIPAA 5010 logjam means no pay for physicians

  A strange thing is happening as physician practices transition toward HIPAA version 5010 electronic...

• Sneak peek: HealthLeaders Media January 2012 piece on disclosures

  A proposed HIPAA privacy rule that would allow patients to request a list of people who accessed...

Issue 5, February 6, 2012

• HIPAA Q&A: Names and pics of residents

  Q. Can a skilled nursing facility (SNF) display residents’ names and pictures on a plaque...

• Report: Breaches reach 19 million records

  Covered entities and business associates reported a total of 385 breaches of unsecured PHI...

• How to respond to audit findings

  Truth be told, the real work for healthcare organizations may come after a HIPAA compliance audit...

• Minnesota debt collector sued over stolen medical data

  Minnesota Attorney General Lori Swanson filed a lawsuit January 19 against a debt collection...

Issue 4, January 30, 2012

• HHS task force: Consider privacy, security with text messages

  The government should take a better look at privacy and security concerns before it encourages and...

• Dealing with data breaches

  You pick up the phone and someone tells you that a laptop containing thousands of patient files...

• Demi Moore's medical records redacted

  As we’ve been saying all along in HIPAA compliance circles, everyone has privacy rights under...

• HIPAA Q&A: Cameras in patient rooms

  Q. The nursing department in my facility wants to install cameras in a few of the patient rooms...

Issue 3, January 23, 2012

• Atlanta man gets jail time for stealing PHI

  A federal judge sentenced an Atlanta man to 13 months in prison January 10 for intentionally...

• Law firm releases social media series

  InfoLawGroup, LLC, began a three-part series June 11, 2011 that discusses security concerns and...

• HIPAA blog posts: Weigh in with your colleagues!

  Check out the most recent HIPAA Update blog posts from HIPAA compliance officers and offer your...

• HIPAA Q&A: Retirement community

  Q. We operate a retirement community that includes skilled nursing and assisted living. We iron...

Issue 2, January 16, 2012

• Q&A: Farzad Mostashari on meaningful use, privacy

  Farzad Mostashari, MD, ScM, national coordinator for health information technology at the...

• New Year's HIPAA resolutions

  It’s 2012, and that means it’s time to make some resolutions to kick off the new year...

• HIPAA Q&A: Power of attorney

  Q. Is a power of attorney still effective after a patient’s death? I was told that a woman...

Issue 1, January 9, 2012

• Study: HIPAA breaches on the rise

  Patient information data breaches climbed 32% in 2011, according to the Ponemon Institute’s...

• HHS releases interim final rule on electronic fund transfers

  If you’re a privacy and/or security officer who last week saw an HHS final rule with the...

• HIPAA Q&A: Installing kiosks

  Q. We are planning to install wall-mounted kiosks in our skilled nursing facility to help nursing...