- Codes
- Info
-
Tools
- Topics
- Community
- See Product Video
- Free Trial
- Pricing
- Sign In
|
HIPAA is a complex federal law which requires healthcare providers to ensure that health information is protected. A summary of this law is included in Find-A-Code's specialty specific Reimbursement Guides as well as the ChiroCode DeskBook. Generally, healthcare providers need to understand their responsibilities are it relates to:
Because of the complexity of these rules, a more thorough explanation which is found in the Complete & Easy HIPAA Compliance book which also includes editable and sample forms. Related topics: HIPAA ArticlesClick the article title to view a summary and link to the full article. HIPAA Handling Patient Requests for Medical Record RestrictionSeptember 26th, 2018 | Published September 26th, 2018 - Last Review/Update October 17th, 2018 Healthcare compliance professionals frequently face confusing situations about sharing of protected health information (PHI). The Health Insurance Portability and Accountability Act (HIPAA) supports the protection of privacy of medical records. However, even when a patient does not authorize sharing of his record, there are permitted uses and disclosures, such as... Finalized Confidentiality of Alcohol and Drug Abuse Patient Records RegulationsAugust 31st, 2018 | Published August 31st, 2018 In January, the U.S. Department of Health and Human Services (HHS) issued updates to the privacy regulations regarding the confidentiality of patient information of substance use disorder patients (42 CFR Part 2). This notice included references to better alignment with HIPAA regulations, but did state that Part 2 is more protective ... Creating a Culture of Compliance in 2018May 30th, 2018 | Published May 30th, 2018 - Last Review/Update June 4th, 2018 This year (2018), healthcare organizations (Hospitals, Health Systems, and Physician Groups/Practices) must focus on the criticality of creating a culture of compliance to ensure effectiveness and efficiency. Focusing on "compliance"-only approaches leaves healthcare organizations exposed to areas of liability oftentimes far more than what they could ever imagine or even... What is a Legal Hold and e Discovery AnywayMay 30th, 2018 | Published May 30th, 2018 - Last Review/Update June 4th, 2018 Whether I am assisting clients or presenting, I am often asked about legal holds and e-discovery. The transition from paper to electronic records, which include emails, computer faxes, protected health information ("PHI"), personally identifiable information ("PII") and documents that are created, received, maintained or transmitted in an electronic format created... FHIR RevisitedApril 24th, 2018 | Published April 24th, 2018 - Last Review/Update May 2nd, 2018 Like a moth to a flame, we periodically have to take a close look at FHIR. As mentioned in the March 26 blog post, interoperability was the hot topic at HIMSS, and FHIR is at the blazing edge of interoperability... Health Information Exchange and Trusted Exchange FrameworksFebruary 27th, 2018 | Published February 27th, 2018 - Last Review/Update April 12th, 2018 Despite progress in health IT, Health Information Exchange (HIE) remains squarely in toll booth mode, with gated stops and slowdowns that may or may not permit information to move forward. ... HIPAA Breach Settlements and Ransomware Attacks - Is Your Practice Secure?February 5th, 2018 | Published February 5th, 2018
Two recent reports should make providers stop, take notice and make sure their practice's policies and procedures are up-to-date.
The first one involves a HIPAA Breach settlement of a company with facilities in several states. The OCR memo stated "In addition to a $3.5 million monetary settlement, a corrective action plan ... Are Your Computers Vulnerable to Cyber Attacks?February 1st, 2018 | Published February 1st, 2018 Healthcare providers must be vigilant in ensuring that software upgrades, also known as patches, are kept current. Failure to do so can lead to a HIPAA Security Breach with all its associated penalties. For example Windows XP no longer has security updates and should not be used in healthcare settings.
On ... Mobile Health: Growing Engagement and New ResponsibilitiesJanuary 31st, 2018 | Published January 31st, 2018 - Last Review/Update March 29th, 2018 This week I'm blogging about an M-word. Not MACRA or MIPS, but Mobile Health or mHealth.... HIPAA and the Opioid CrisisJanuary 24th, 2018 | Published January 24th, 2018 HIPAA and the Opioid Crisis guidance released by HHS. HIPAA Disclosures to Family, Friends, and Others Involved in an Individual’s Care and for NotificationOctober 6th, 2017 | Published October 6th, 2017
In light of recent tragic events, the OIG has released a reminder that HIPAA allows for certain disclosures in these types of situations. The reminder dated October 3, 2017 states the following:
Following the recent mass shooting in Las Vegas, the HHS Office for Civil Rights (OCR) is taking this opportunity ... Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues ExistAugust 16th, 2017 | Published August 16th, 2017 - Last Review/Update September 13th, 2017
August 4, 2017
Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues Exist
Simply stated, the Health Information Portability and Accountability Act (HIPAA) does not provide a private cause of action[1]. And, prior to the 2009 passage of the Health Information Technology ... Cybersecurity - Are you sure you are secure?August 4th, 2017 | Published August 4th, 2017
An article by Medical Economics highlights the June report of the Health Care Industry Cybersecurity Task Force. Their report confirmed once again that healthcare providers are not adequately addressing cybersecurity as part of the compliance programs. The threat of hackers is very real and providers need to ensure that they have taken ... Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues ExistAugust 4th, 2017 | Published August 4th, 2017 - Last Review/Update August 16th, 2017
Simply stated, the Health Information Portability and Accountability Act (HIPAA) does not provide a private cause of action[1]. And, prior to the 2009 passage of the Health Information Technology for Economic and Clinical Health Act (HITECH Act)[2] and the more robust chain of liability (e.g. covered entities, business associates and ... HIPAA Training RequirementsAugust 1st, 2017 | Published August 1st, 2017 - Last Review/Update August 2nd, 2017 HIPAA Training must be an ongoing effort in every healthcare organization. Counting HIPAA ViolationsJuly 20th, 2017 | Published July 20th, 2017 - Last Review/Update July 25th, 2017 Information from the Omnibus Rule regarding how HIPAA violations are counted/calculated. Sale of Protected Health Information (PHI)July 19th, 2017 | Published July 19th, 2017 To more fully understand federal regulations regarding the sale of PHI, review the comments and responses. How to Properly Dispose Protected Health Information (PHI)February 27th, 2017 | Published February 27th, 2017 HIPAA requires covered entities to properly dispose of Protected Health Information (PHI) in the following manner:
Paper, film, or other hard copy media has been shredded or destroyed such that the PHI cannot be read or otherwise cannot be reconstructed.
Electronic media has been cleared, purged, or destroyed consistent with NIST Special Publication 800-88, Guidelines for Media ... Mobile Devices are HIPAA Security ConcernFebruary 22nd, 2017 | Published February 22nd, 2017
Mobile devices are one of the most problematic areas for HIPAA security. Their ease of portability also makes it easy for them to be stolen or hacked. Because so many of the HIPAA breaches reported involved mobile devices, additional guidance has been issued by HealthIT.gov. Their informative web page offers additional ... Psychotherapy Notes Provision of HIPAAFebruary 2nd, 2017 | Published February 2nd, 2017 Of special interest to all behavioral health practitioners (both Covered Entities and NON-covered entities) is HIPAA's provision for psychotherapy notes. The privacy rule recognizes that psychotherapy notes need more protection than other types of PHI. Even if you are not a covered entity, we recommend understanding and implementing office procedures ... HIPAA Exempt Offices (Paper)January 23rd, 2017 | Published January 23rd, 2017
It is a common misconception that every doctor’s office is (or must become) a HIPAA covered entity; however, the list of those who still qualify for exemption from HIPAA is rapidly shrinking. There are exceptions to the HIPAA requirements; if a practice sends or receives no transactions electronically, it is ... Medical Billing and Coders Professional LiabilityNovember 29th, 2016 | Published November 29th, 2016
Companies who regularly handle such sensitive information as patient medical records have a particular responsibility to maintain the confidentiality of the data. Failure to exercise the appropriate degree of care – whether intentional or not – can have a significant adverse financial impact on your firm.
The Federal Health Insurance Portability ... HIPAA Helps and FAQsJune 7th, 2016 | Published June 7th, 2016 The Health Insurance Portability and Accountability Act (HIPAA) has been around for quite some time. There are many misconceptions about HIPAA compliance that our office still gets calls about. This page is to help clear up some of these misconceptions. Phase 2 of OCR HIPAA Audits BeginsApril 30th, 2016 | Published April 30th, 2016 Phase 2 of HIPAA audits have begun. What do you need to know? HIPAA Proposed Rule to Update Substance Abuse Confidentiality RegulationsApril 13th, 2016 | Published April 13th, 2016 On February, 9, 2016 HHS published proposed revisions (81 FR 6988) to the Confidentiality of Alcohol and Drug Abuse Patient Records regulations, 42 CFR Part 2. Find out what changes are being considered. Lack of Business Associate Agreement (BAA) Costs Non-Profit 1.55 MillionApril 13th, 2016 | Published April 13th, 2016 Failure to have a properly executed Business Associate Agreements (BAA) costs one organization $1.55 Million. In today's highly technological environment, it is too easy to skip the necessary precautions and easy for electronic devices to get lost or stolen. Are you prepared? HIPAA Violations - The Process Is The AnswerApril 6th, 2016 | Published April 6th, 2016 It's not just the names and addresses that matter -- It's the compliance. If you can demonstrate that you are hleping yourself to maintain HIPAA compliance by careful documentation and proper procedures, you can go a long way toward avoiding being fined by the HIPAA squads.
Complete & Easy HIPAA Compliance is a clear, simple “Just help me do what I have to do!” workbook that contains all the things the designated security officer must do to instantiate a robust HIPAA compliance program. It comes complete with over 45 forms and letters which can be used to state the office policies, spell out procedures, and ensure that each patient will be protected in their rights under HIPAA policy. It also can help demonstrate that a compliance program is in progress. Protected Health Information De-Identification StandardsMarch 16th, 2016 | Published March 16th, 2016 - Last Review/Update January 27th, 2017 This article contains detailed information on the OCR guidance regarding the de-identification of Protected Health Information (PHI). Avoid HIPAA violations and learn specifically what de-identification is. Employee Exclusions Screenings Must be High PriorityFebruary 24th, 2016 | Published February 24th, 2016 Many healthcare organizations are not aware of how critically important it is to screen their employees against ALL state and federal exclusions databases. This article has important information for organization to ensure compliance. Appointments, Reminders, Text Messaging, and HIPAAAugust 10th, 2015 | Published August 10th, 2015 - Last Review/Update January 27th, 2017 As more and more people are using mobile and wireless devices, a new term - mHealth - has emerged. According to a National Institute of Health consensus group, mHealth is “the use of mobile and wireless devices to improve health outcomes, healthcare services and health research.” Historically, the biggest gaps and HIPAA violations have been linked to ... HIPAA Standards for ClaimsJuly 20th, 2015 | Published July 20th, 2015 (Rev. 3086, Issued: 10-03-14, Effective: ICD-10: Upon Implementation of ICD-10, ASC X12: January 1, 2012, Implementation ICD-10: Upon Implementation of ICD- 10; ASC X12: November 4, 2014)
The standards adopted under HIPAA include both a transaction standard and an implementation guide.
Claims sent electronically to Medicare must abide by the HIPAA standards ... HIPAA Audits Still on HoldMarch 18th, 2015 | Published March 18th, 2015 - Last Review/Update June 9th, 2016 At HIPAA Summit, OCR head Jocelyn Samuels also outlines forthcoming efforts with ONC, FDA.
Phase II of the federal HIPAA audit program remains "under development," Jocelyn Samuels, director of the Health and Human Services Department's Office for Civil Rights, said Monday at the 23rd National HIPAA Summit in the District of Columbia.
Read ... EncryptionFebruary 9th, 2015 | Published February 9th, 2015 - Last Review/Update June 9th, 2016 How secure is your computer? Do you have a password on your computer? Do you have the automatic log offs turned on? Is your computer encrypted? Are your off-site storage files encrypted?
This document is designed to give some basic information about making your office a little more secure. It is not ... Q & A: Is it a HIPAA Violation to Email Patients?October 24th, 2014 | Published October 24th, 2014 - Last Review/Update January 30th, 2017 Straight from the Office of Civil Rights:
Q: Does the HIPAA Privacy Rule permit health care providers to use e-mail to discuss health issues and treatment with their patients?
A: Yes. The Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply ... 4Medapproved Partner and Find-A-Code's first Mini-Course WorkshopOctober 20th, 2014 | Published October 20th, 2014 - Last Review/Update March 2nd, 2016 Find-A-Code is now a 4Medapproved Partner and we are announcing our first Mini-Course workshop.
PROGRAM ANNOUNCEMENT 10/17/2014 Our first mini-course workshop will be presented by Brian Johnson, CHSP, CHSA:
HIPAA Workforce Certificate for Professionals LIVE Accelerated Workshop (1 Day/1 Hour)
LIVE ONLINE: Oct 29, 2014 at Noon EST, 11am CST, 10am MST and ... Is Compliance a Dirty Word?October 16th, 2014 | Published October 16th, 2014 - Last Review/Update January 23rd, 2017 In October of 2000 in the Federal Register the Office of the Inspector General (who investigates fraud against the federal government on behalf of the Department of Health and Human Services) offered general guidelines for health care facilities to set up a “Compliance Program”. This advice has long been pushed ... Basic Fact Sheet on HIPPA Privacy and Security for Providers - CMSOctober 16th, 2014 | Published October 16th, 2014 - Last Review/Update January 30th, 2017 CMS has a released a fact sheet on HIPAA Privacy and Security basics for providers. Designed to provide education on covered entities and Business Associates under the HIPPA Privacy Rule.
Examples of a Covered Entity would be:
Doctors
Clinics
Psychologists
Dentists
Chiropractors
Nursing Homes
Pharmacies
Health Plans
Clearing houses
Any person or organization assisting in transmitting a transaction in electronic form, ... According to HIPAA, who are my Business Associates?September 11th, 2014 | Published September 11th, 2014 - Last Review/Update January 30th, 2017 Providers work with many different groups and many of them have some interaction with Protected Health Information (PHI). In an effort to help us understand who qualifies as Business Associates the Department of Health & Human Services has provided some resources.
But first … what is PHI or individually identifiable health information? ... Cyber Insurance? What kind of Insurance Policy it that?September 9th, 2014 | Published September 9th, 2014 - Last Review/Update January 30th, 2017 Due to the increase of medical transactions stored online and in the cloud, cyber intrusions will only increase.
Cyber insurance also known as privacy and network security insurance can help cover the costs incurred if your computer system is compromised, or after a data breach which can include a HIPAA ... Do I Need Error and Omissions (E&O) Insurance for My Billing Company?September 9th, 2014 | Published September 9th, 2014 - Last Review/Update January 30th, 2017 Do I Need Error and Omissions (E&O) Insurance for My Billing Company?
Over the years Medical billing has been considered low risk, now it has developed into a huge liability with HIPAA, E&O and Business Associate Agreements to name a few.
HIPAA has rocked the world for small businesses. Looking at the ... Who in the World are my Business Associates?August 29th, 2014 | Published August 29th, 2014 - Last Review/Update January 30th, 2017 The associates in the provider’s world and healthcare society are filled with loads of potential business associates and endless Individual identifiable health information.
 We have had so many questions about business associates I thought I would go to the source and put together some information from HHS.gov, otherwise known as U.S. ... Windows XP and HIPAA Non-complianceJuly 16th, 2014 | Published July 16th, 2014 - Last Review/Update January 25th, 2017 For anyone who is not a computer techie, the announcement by Microsoft about discontinuing support for Windows XP may not mean much. However, from a HIPAA perspective, this is very important information because Section 164.308(a)(5)(ii)(B) of the HIPAA Security Rules includes an 'addressable' requirement of Protection from Malicious Software where ... How the Internet is Reshaping Medical Coding and BillingJuly 15th, 2014 | Published July 15th, 2014 - Last Review/Update January 25th, 2017 Since the Internet is affecting (usually for better) every industry, why should it come as a surprise that medical coding and billing is now heavily dependent on the Internet? Actually, a number of important challenges and changes in the healthcare industry, and in technology as a whole, are pushing medical ... How can I make sure new hires have not been in trouble with Medicare?March 18th, 2014 | Published March 18th, 2014 - Last Review/Update January 25th, 2017 To avoid liability, it is recommended to routinely check (every 3 months) the LEIE to ensure that new hires and current employees are not on the excluded list.
One of the many parts of the compliance program is to see if your current staff (including yourself, regular staff and associate doctors) have been placed on the OIG (Office of the Inspector General) List of Excluded Individuals and Entities (LEIE).
OIG has the authority to exclude individuals and entities from Federally funded health care programs and maintains a list (List of Excluded Individuals and Entities or LEIE)of all currently excluded individuals and entities. Anyone who hires an individual or entity on the LEIE may be subject to monetary penalties.
It’s as simple as 1…2…3..
Read More
Are Text Messages HIPAA Compliant?February 19th, 2014 | Published February 19th, 2014 - Last Review/Update January 27th, 2017 As more and more people are using mobile and wireless devices, a new buzzword has emerged: mHealth. According to a National Institute of Health consensus group, mHealth is "the use of mobile and wireless devices to improve health outcomes, healthcare services and health research." Historically, the biggest gaps and HIPAA violations ... Are You Compliant with the New HIPAA Regulations?September 30th, 2013 | Published September 30th, 2013 - Last Review/Update January 27th, 2017 September 23rd, 2013 was the deadline for HIPAA Omnibus Final Rule compliance. It seems to have just snuck up on everybody. ChiroCode has spoken with some clincis who say that they don't need to worry about it because ”they are just a small practice.” Please, do not wait any longer to ... Ominbus Final Rule and BAA Contracts DeadlineSeptember 6th, 2013 | Published September 6th, 2013 - Last Review/Update January 27th, 2017 The official deadline for HIPAA covered entities to reach compliance with the provisions of the Omnibus Rule is officially set as September 23, 2013. This date is right around the corner and as a result, providers are concerned about meeting this deadline. The definition for a business associate has been ... Privacy Rule De-IdentifiersSeptember 29th, 2012 | Published September 29th, 2012 - Last Review/Update January 27th, 2017 The HIPAA Privacy Rule provides two ways to de-identify information, which are listed here with the 18 de-identifiers. There are more articles. View all articles... View articles for the current subject by subtopic: HIPAA TipsAccess to this feature is available in the following products:
Click here to Sign In to your account. HIPAA Webinars(There are no webinars at this time, please check back later.)HIPAA Resources/Links
HIPAA Books & Training
Laws & RegulationsComplete & Easy HIPAA Compliance A simple and practical guide to implementing HIPAA, HITECH, and Omnibus Final Rule components. Includes the forms and policies and information you need to meet compliance requirements. Plus over 50 customizable forms! |
If you know of a resource that should be included here (links, data, etc.) please Contact Us.
Calculators
Documentation
Education & Training