Help: FAQs, tutorials, videos, page index and more
Viewing:  Jul 18, 2018

HIPAA Articles and Resources

Related topics:

HIPAA is a complex federal law which requires healthcare providers to ensure that health information is protected. A summary of this law is included in Find-A-Code's specialty specific Reimbursement Guides as well as the ChiroCode DeskBook.

Generally, healthcare providers need to understand their responsibilities are it relates to:

  • Covered Entities
  • Transaction Standards
  • Privacy Rule
  • Security Rule

Because of the complexity of these rules, a more thorough explanation which is found in the Complete & Easy HIPAA Compliance book which also includes editable and sample forms.

This page contains articles, resources/links and tips related to HIPAA.

  • Articles:  47
  • Tips:  9
  • Resoures/Links:  52
  • Webinars:  0

HIPAA Articles

Click the article title to view a summary and link to the full article.

Finalized Confidentiality of Alcohol and Drug Abuse Patient Records Regulations

|

In January, the U.S. Department of Health and Human Services (HHS) issued updates to the privacy regulations regarding the confidentiality of patient information of substance use disorder patients (42 CFR Part 2).  This notice included references to better alignment with HIPAA regulations, but did state that Part 2 is more protective ...

Read the article →

Creating a Culture of Compliance in 2018

|

This year (2018), healthcare organizations (Hospitals, Health Systems, and Physician Groups/Practices) must focus on the criticality of creating a culture of compliance to ensure effectiveness and efficiency. Focusing on "compliance"-only approaches leaves healthcare organizations exposed to areas of liability oftentimes far more than what they could ever imagine or even...

Read the article →

What is a Legal Hold and e Discovery Anyway

|

Whether I am assisting clients or presenting, I am often asked about legal holds and e-discovery. The transition from paper to electronic records, which include emails, computer faxes, protected health information ("PHI"), personally identifiable information ("PII") and documents that are created, received, maintained or transmitted in an electronic format created...

Read the article →

FHIR Revisited

|

Like a moth to a flame, we periodically have to take a close look at FHIR. As mentioned in the March 26 blog post, interoperability was the hot topic at HIMSS, and FHIR is at the blazing edge of interoperability...

Read the article →

Health Information Exchange and Trusted Exchange Frameworks

|

Despite progress in health IT, Health Information Exchange (HIE) remains squarely in toll booth mode, with gated stops and slowdowns that may or may not permit information to move forward. ...

Read the article →

HIPAA Breach Settlements and Ransomware Attacks - Is Your Practice Secure?

|

Two recent reports should make providers stop, take notice and make sure their practice's policies and procedures are up-to-date. The first one involves a HIPAA Breach settlement of a company with facilities in several states. The OCR memo stated "In addition to a $3.5 million monetary settlement, a corrective action plan ...

Read the article →

Are Your Computers Vulnerable to Cyber Attacks?

|

Healthcare providers must be vigilant in ensuring that software upgrades, also known as patches, are kept current. Failure to do so can lead to a HIPAA Security Breach with all its associated penalties. For example Windows XP no longer has security updates and should not be used in healthcare settings. On ...

Read the article →

Mobile Health: Growing Engagement and New Responsibilities

|

This week I'm blogging about an M-word. Not MACRA or MIPS, but Mobile Health or mHealth....

Read the article →

HIPAA and the Opioid Crisis

|

HIPAA and the Opioid Crisis guidance released by HHS.

Read the article →

HIPAA Disclosures to Family, Friends, and Others Involved in an Individual’s Care and for Notification

|

In light of recent tragic events, the OIG has released a reminder that HIPAA allows for certain disclosures in these types of situations. The reminder dated October 3, 2017 states the following: Following the recent mass shooting in Las Vegas, the HHS Office for Civil Rights (OCR) is taking this opportunity ...

Read the article →

Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues Exist

|

    August 4, 2017 Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues Exist   Simply stated, the Health Information Portability and Accountability Act (HIPAA) does not provide a private cause of action[1]. And, prior to the 2009 passage of the Health Information Technology ...

Read the article →

Cybersecurity - Are you sure you are secure?

|

An article by Medical Economics highlights the June report of the Health Care Industry Cybersecurity Task Force. Their report confirmed once again that healthcare providers are not adequately addressing cybersecurity as part of the compliance programs. The threat of hackers is very real and providers need to ensure that they have taken ...

Read the article →

Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues Exist

|

Simply stated, the Health Information Portability and Accountability Act (HIPAA) does not provide a private cause of action[1]. And, prior to the 2009 passage of the Health Information Technology for Economic and Clinical Health Act (HITECH Act)[2] and the more robust chain of liability (e.g. covered entities, business associates and ...

Read the article →

HIPAA Training Requirements

|

HIPAA Training must be an ongoing effort in every healthcare organization.

Read the article →

Counting HIPAA Violations

|

Information from the Omnibus Rule regarding how HIPAA violations are counted/calculated.

Read the article →

Sale of Protected Health Information (PHI)

|

To more fully understand federal regulations regarding the sale of PHI, review the comments and responses.

Read the article →

How to Properly Dispose Protected Health Information (PHI)

|

HIPAA requires covered entities to properly dispose of Protected Health Information (PHI) in the following manner: Paper, film, or other hard copy media has been shredded or destroyed such that the PHI cannot be read or otherwise cannot be reconstructed. Electronic media has been cleared, purged, or destroyed consistent with NIST Special Publication 800-88, Guidelines for Media ...

Read the article →

Mobile Devices are HIPAA Security Concern

|

Mobile devices are one of the most problematic areas for HIPAA security. Their ease of portability also makes it easy for them to be stolen or hacked. Because so many of the HIPAA breaches reported involved mobile devices, additional guidance has been issued by HealthIT.gov. Their informative web page offers additional ...

Read the article →

Psychotherapy Notes Provision of HIPAA

|

Of special interest to all behavioral health practitioners (both Covered Entities and NON-covered entities) is HIPAA's provision for psychotherapy notes. The privacy rule recognizes that psychotherapy notes need more protection than other types of PHI. Even if you are not a covered entity, we recommend understanding and implementing office procedures ...

Read the article →

HIPAA Exempt Offices (Paper)

|

It is a common misconception that every doctor’s office is (or must become) a HIPAA covered entity; however, the list of those who still qualify for exemption from HIPAA is rapidly shrinking. There are exceptions to the HIPAA requirements; if a practice sends or receives no transactions electronically, it is ...

Read the article →

Medical Billing and Coders Professional Liability

|

Companies who regularly handle such sensitive information as patient medical records have a particular responsibility to maintain the confidentiality of the data. Failure to exercise the appropriate degree of care – whether intentional or not – can have a significant adverse financial impact on your firm. The Federal Health Insurance Portability ...

Read the article →

HIPAA Helps and FAQs

|

The Health Insurance Portability and Accountability Act (HIPAA) has been around for quite some time. There are many misconceptions about HIPAA compliance that our office still gets calls about. This page is to help clear up some of these misconceptions.

Read the article →

Phase 2 of OCR HIPAA Audits Begins

|

Phase 2 of HIPAA audits have begun. What do you need to know?

Read the article →

HIPAA Proposed Rule to Update Substance Abuse Confidentiality Regulations

|

On February, 9, 2016 HHS published proposed revisions (81 FR 6988) to the Confidentiality of Alcohol and Drug Abuse Patient Records regulations, 42 CFR Part 2. Find out what changes are being considered.

Read the article →

Lack of Business Associate Agreement (BAA) Costs Non-Profit 1.55 Million

|

Failure to have a properly executed Business Associate Agreements (BAA) costs one organization $1.55 Million. In today's highly technological environment, it is too easy to skip the necessary precautions and easy for electronic devices to get lost or stolen. Are you prepared?

Read the article →

HIPAA Violations - The Process Is The Answer

|

It's not just the names and addresses that matter -- It's the compliance. If you can demonstrate that you are hleping yourself to maintain HIPAA compliance by careful documentation and proper procedures, you can go a long way toward avoiding being fined by the HIPAA squads. Complete & Easy HIPAA Compliance is a clear, simple “Just help me do what I have to do!” workbook that contains all the things the designated security officer must do to instantiate a robust HIPAA compliance program. It comes complete with over 45 forms and letters which can be used to state the office policies, spell out procedures, and ensure that each patient will be protected in their rights under HIPAA policy. It also can help demonstrate that a compliance program is in progress.

Read the article →

Protected Health Information De-Identification Standards

|

This article contains detailed information on the OCR guidance regarding the de-identification of Protected Health Information (PHI). Avoid HIPAA violations and learn specifically what de-identification is.

Read the article →

Employee Exclusions Screenings Must be High Priority

|

Many healthcare organizations are not aware of how critically important it is to screen their employees against ALL state and federal exclusions databases. This article has important information for organization to ensure compliance.

Read the article →

Appointments, Reminders, Text Messaging, and HIPAA

|

As more and more people are using mobile and wireless devices, a new term - mHealth - has emerged. According to a National Institute of Health consensus group, mHealth is “the use of mobile and wireless devices to improve health outcomes, healthcare services and health research.” Historically, the biggest gaps and HIPAA violations have been linked to ...

Read the article →

HIPAA Standards for Claims

|

(Rev. 3086, Issued: 10-03-14, Effective: ICD-10: Upon Implementation of ICD-10, ASC X12: January 1, 2012, Implementation ICD-10: Upon Implementation of ICD- 10; ASC X12: November 4, 2014) The standards adopted under HIPAA include both a transaction standard and an implementation guide.  Claims sent electronically to Medicare must abide by the HIPAA standards ...

Read the article →

HIPAA Audits Still on Hold

|

At HIPAA Summit, OCR head Jocelyn Samuels also outlines forthcoming efforts with ONC, FDA. Phase II of the federal HIPAA audit program remains "under development," Jocelyn Samuels, director of the Health and Human Services Department's Office for Civil Rights, said Monday at the 23rd National HIPAA Summit in the District of Columbia. Read ...

Read the article →

Encryption

|

How secure is your computer? Do you have a password on your computer? Do you have the automatic log offs turned on? Is your computer encrypted? Are your off-site storage files encrypted? This document is designed to give some basic information about making your office a little more secure. It is not ...

Read the article →

Q & A: Is it a HIPAA Violation to Email Patients?

|

Straight from the Office of Civil Rights: Q: Does the HIPAA Privacy Rule permit health care providers to use e-mail to discuss health issues and treatment with their patients? A: Yes. The Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply ...

Read the article →

4Medapproved Partner and Find-A-Code's first Mini-Course Workshop

|

Find-A-Code is now a 4Medapproved Partner and we are announcing our first Mini-Course workshop. PROGRAM ANNOUNCEMENT 10/17/2014 Our first mini-course workshop will be presented by Brian Johnson, CHSP, CHSA: HIPAA Workforce Certificate for Professionals LIVE Accelerated Workshop (1 Day/1 Hour) LIVE ONLINE: Oct 29, 2014 at Noon EST, 11am CST, 10am MST and ...

Read the article →

Is Compliance a Dirty Word?

|

In October of 2000 in the Federal Register the Office of the Inspector General (who investigates fraud against the federal government on behalf of the Department of Health and Human Services) offered general guidelines for health care facilities to set up a “Compliance Program”.   This advice has long been pushed ...

Read the article →

Basic Fact Sheet on HIPPA Privacy and Security for Providers - CMS

|

CMS has a released a fact sheet on HIPAA Privacy and Security basics for providers. Designed to provide education on covered entities and Business Associates under the HIPPA Privacy Rule. Examples of a Covered Entity would be: Doctors Clinics Psychologists Dentists Chiropractors Nursing Homes Pharmacies Health Plans Clearing houses Any person or organization assisting in transmitting a transaction in electronic form, ...

Read the article →

According to HIPAA, who are my Business Associates?

|

Providers work with many different groups and many of them have some interaction with Protected Health Information (PHI). In an effort to help us understand who qualifies as Business Associates the Department of Health & Human Services has provided some resources.   But first … what is PHI or individually identifiable health information? ...

Read the article →

Cyber Insurance? What kind of Insurance Policy it that?

|

Due to the increase of medical transactions stored online and in the cloud, cyber intrusions will only increase. Cyber insurance also known as privacy and network security insurance can help cover the costs incurred if your computer system is compromised, or after a data breach which can include a HIPAA ...

Read the article →

Do I Need Error and Omissions (E&O) Insurance for My Billing Company?

|

Do I Need Error and Omissions (E&O) Insurance for My Billing Company? Over the years Medical billing has been considered low risk, now it has developed into a huge liability with HIPAA, E&O and Business Associate Agreements to name a few. HIPAA has rocked the world for small businesses. Looking at the ...

Read the article →

Who in the World are my Business Associates?

|

The associates in the provider’s world and healthcare society are filled with loads of potential business associates and endless Individual identifiable health information.  We have had so many questions about business associates I thought I would go to the source and put together some information from HHS.gov, otherwise known as U.S. ...

Read the article →

Windows XP and HIPAA Non-compliance

|

For anyone who is not a computer techie, the announcement by Microsoft about discontinuing support for Windows XP may not mean much. However, from a HIPAA perspective, this is very important information because Section 164.308(a)(5)(ii)(B) of the HIPAA Security Rules includes an 'addressable' requirement of Protection from Malicious Software where ...

Read the article →

How the Internet is Reshaping Medical Coding and Billing

|

Since the Internet is affecting (usually for better) every industry, why should it come as a surprise that medical coding and billing is now heavily dependent on the Internet? Actually, a number of important challenges and changes in the healthcare industry, and in technology as a whole, are pushing medical ...

Read the article →

How can I make sure new hires have not been in trouble with Medicare?

|

To avoid liability, it is recommended to routinely check (every 3 months) the LEIE to ensure that new hires and current employees are not on the excluded list. One of the many parts of the compliance program is to see if your current staff (including yourself, regular staff and associate doctors) have been placed on the OIG (Office of the Inspector General) List of Excluded Individuals and Entities (LEIE). OIG has the authority to exclude individuals and entities from Federally funded health care programs and maintains a list (List of Excluded Individuals and Entities or LEIE)of all currently excluded individuals and entities. Anyone who hires an individual or entity on the LEIE may be subject to monetary penalties. It’s as simple as 1…2…3.. Read More

Read the article →

Are Text Messages HIPAA Compliant?

|

As more and more people are using mobile and wireless devices, a new buzzword has emerged: mHealth. According to a National Institute of Health consensus group, mHealth is "the use of mobile and wireless devices to improve health outcomes, healthcare services and health research." Historically, the biggest gaps and HIPAA violations ...

Read the article →

Are You Compliant with the New HIPAA Regulations?

|

September 23rd, 2013 was the deadline for HIPAA Omnibus Final Rule compliance. It seems to have just snuck up on everybody. ChiroCode has spoken with some clincis who say that they don't need to worry about it because ”they are just a small practice.” Please, do not wait any longer to ...

Read the article →

Ominbus Final Rule and BAA Contracts Deadline

|

The official deadline for HIPAA covered entities to reach compliance with the provisions of the Omnibus Rule is officially set as September 23, 2013. This date is right around the corner and as a result, providers are concerned about meeting this deadline. The definition for a business associate has been ...

Read the article →

Privacy Rule De-Identifiers

|

The HIPAA Privacy Rule provides two ways to de-identify information, which are listed here with the 18 de-identifiers.

Read the article →


There are more articles. View all articles...

View articles for the current subject by subtopic:


HIPAA Tips


Access to this feature is available in the following products:
  • HCC Coder
  • Find-A-Code Professional
  • Find-A-Code Facility Base

Click here to Sign In to your account.

Click here to View Pricing now.


HIPAA Webinars

   (There are no webinars at this time, please check back later.)

HIPAA Resources/Links



Complete & Easy HIPAA Compliance

A simple and practical guide to implementing HIPAA, HITECH, and Omnibus Final Rule components. Includes the forms and policies and information you need to meet compliance requirements. Plus over 50 customizable forms!


Suggest a Resource

If you know of a resource that should be included here (links, data, etc.) please Contact Us.

Free 28 Day Trial
No Credit Card Required
Pricing
Starting at $4.95/month
Sign In
Welcome back!