Related topics: HIPAA is a complex federal law which requires healthcare providers to ensure that health information is protected. A summary of this law is included in Find-A-Code's specialty specific Reimbursement Guides as well as the ChiroCode DeskBook. Generally, healthcare providers need to understand their responsibilities are it relates to:
Because of the complexity of these rules, a more thorough explanation which is found in the Complete & Easy HIPAA Compliance book which also includes editable and sample forms. This page contains articles, resources/links and tips related to HIPAA.
HIPAA ArticlesClick the article title to view a summary and link to the full article. February 27th, 2018 Health Information Exchange and Trusted Exchange FrameworksPublished February 27th, 2018 - Last Review/Update April 12th, 2018 |Despite progress in health IT, Health Information Exchange (HIE) remains squarely in toll booth mode, with gated stops and slowdowns that may or may not permit information to move forward. ... February 5th, 2018 HIPAA Breach Settlements and Ransomware Attacks - Is Your Practice Secure?Published February 5th, 2018 |
Two recent reports should make providers stop, take notice and make sure their practice's policies and procedures are up-to-date.
The first one involves a HIPAA Breach settlement of a company with facilities in several states. The OCR memo stated "In addition to a $3.5 million monetary settlement, a corrective action plan ... February 1st, 2018 Are Your Computers Vulnerable to Cyber Attacks?Published February 1st, 2018 |Healthcare providers must be vigilant in ensuring that software upgrades, also known as patches, are kept current. Failure to do so can lead to a HIPAA Security Breach with all its associated penalties. For example Windows XP no longer has security updates and should not be used in healthcare settings.
On ... January 31st, 2018 Mobile Health: Growing Engagement and New ResponsibilitiesPublished January 31st, 2018 - Last Review/Update March 29th, 2018 |This week I'm blogging about an M-word. Not MACRA or MIPS, but Mobile Health or mHealth.... January 24th, 2018 HIPAA and the Opioid CrisisPublished January 24th, 2018 |HIPAA and the Opioid Crisis guidance released by HHS. October 6th, 2017 HIPAA Disclosures to Family, Friends, and Others Involved in an Individual’s Care and for NotificationPublished October 6th, 2017 |
In light of recent tragic events, the OIG has released a reminder that HIPAA allows for certain disclosures in these types of situations. The reminder dated October 3, 2017 states the following:
Following the recent mass shooting in Las Vegas, the HHS Office for Civil Rights (OCR) is taking this opportunity ... August 16th, 2017 Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues ExistPublished August 16th, 2017 - Last Review/Update September 13th, 2017 |
August 4, 2017
Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues Exist
Simply stated, the Health Information Portability and Accountability Act (HIPAA) does not provide a private cause of action[1]. And, prior to the 2009 passage of the Health Information Technology ... August 4th, 2017 Cybersecurity - Are you sure you are secure?Published August 4th, 2017 |
An article by Medical Economics highlights the June report of the Health Care Industry Cybersecurity Task Force. Their report confirmed once again that healthcare providers are not adequately addressing cybersecurity as part of the compliance programs. The threat of hackers is very real and providers need to ensure that they have taken ... August 4th, 2017 Case Law Update: Just Because HIPAA Does Not Provide a Private Right of Action, Doesn't Mean that Other Avenues ExistPublished August 4th, 2017 - Last Review/Update August 16th, 2017 |
Simply stated, the Health Information Portability and Accountability Act (HIPAA) does not provide a private cause of action[1]. And, prior to the 2009 passage of the Health Information Technology for Economic and Clinical Health Act (HITECH Act)[2] and the more robust chain of liability (e.g. covered entities, business associates and ... August 1st, 2017 HIPAA Training RequirementsPublished August 1st, 2017 - Last Review/Update August 2nd, 2017 |HIPAA Training must be an ongoing effort in every healthcare organization. July 20th, 2017 Counting HIPAA ViolationsPublished July 20th, 2017 - Last Review/Update July 25th, 2017 |Information from the Omnibus Rule regarding how HIPAA violations are counted/calculated. July 19th, 2017 Sale of Protected Health Information (PHI)Published July 19th, 2017 |To more fully understand federal regulations regarding the sale of PHI, review the comments and responses. February 27th, 2017 How to Properly Dispose Protected Health Information (PHI)Published February 27th, 2017 |HIPAA requires covered entities to properly dispose of Protected Health Information (PHI) in the following manner:
Paper, film, or other hard copy media has been shredded or destroyed such that the PHI cannot be read or otherwise cannot be reconstructed.
Electronic media has been cleared, purged, or destroyed consistent with NIST Special Publication 800-88, Guidelines for Media ... February 22nd, 2017 Mobile Devices are HIPAA Security ConcernPublished February 22nd, 2017 |
Mobile devices are one of the most problematic areas for HIPAA security. Their ease of portability also makes it easy for them to be stolen or hacked. Because so many of the HIPAA breaches reported involved mobile devices, additional guidance has been issued by HealthIT.gov. Their informative web page offers additional ... February 2nd, 2017 Psychotherapy Notes Provision of HIPAAPublished February 2nd, 2017 |Of special interest to all behavioral health practitioners (both Covered Entities and NON-covered entities) is HIPAA's provision for psychotherapy notes. The privacy rule recognizes that psychotherapy notes need more protection than other types of PHI. Even if you are not a covered entity, we recommend understanding and implementing office procedures ... January 23rd, 2017 HIPAA Exempt Offices (Paper)Published January 23rd, 2017 |
It is a common misconception that every doctor’s office is (or must become) a HIPAA covered entity; however, the list of those who still qualify for exemption from HIPAA is rapidly shrinking. There are exceptions to the HIPAA requirements; if a practice sends or receives no transactions electronically, it is ... November 29th, 2016 Medical Billing and Coders Professional LiabilityPublished November 29th, 2016 |
Companies who regularly handle such sensitive information as patient medical records have a particular responsibility to maintain the confidentiality of the data. Failure to exercise the appropriate degree of care – whether intentional or not – can have a significant adverse financial impact on your firm.
The Federal Health Insurance Portability ... June 7th, 2016 HIPAA Helps and FAQsPublished June 7th, 2016 |The Health Insurance Portability and Accountability Act (HIPAA) has been around for quite some time. There are many misconceptions about HIPAA compliance that our office still gets calls about. This page is to help clear up some of these misconceptions. April 30th, 2016 Phase 2 of OCR HIPAA Audits BeginsPublished April 30th, 2016 |Phase 2 of HIPAA audits have begun. What do you need to know? April 13th, 2016 HIPAA Proposed Rule to Update Substance Abuse Confidentiality RegulationsPublished April 13th, 2016 |On February, 9, 2016 HHS published proposed revisions (81 FR 6988) to the Confidentiality of Alcohol and Drug Abuse Patient Records regulations, 42 CFR Part 2. Find out what changes are being considered. April 13th, 2016 Lack of Business Associate Agreement (BAA) Costs Non-Profit 1.55 MillionPublished April 13th, 2016 |Failure to have a properly executed Business Associate Agreements (BAA) costs one organization $1.55 Million. In today's highly technological environment, it is too easy to skip the necessary precautions and easy for electronic devices to get lost or stolen. Are you prepared? April 6th, 2016 HIPAA Violations - The Process Is The AnswerPublished April 6th, 2016 |It's not just the names and addresses that matter -- It's the compliance. If you can demonstrate that you are hleping yourself to maintain HIPAA compliance by careful documentation and proper procedures, you can go a long way toward avoiding being fined by the HIPAA squads.
Complete & Easy HIPAA Compliance is a clear, simple “Just help me do what I have to do!” workbook that contains all the things the designated security officer must do to instantiate a robust HIPAA compliance program. It comes complete with over 45 forms and letters which can be used to state the office policies, spell out procedures, and ensure that each patient will be protected in their rights under HIPAA policy. It also can help demonstrate that a compliance program is in progress. March 16th, 2016 Protected Health Information De-Identification StandardsPublished March 16th, 2016 - Last Review/Update January 27th, 2017 |This article contains detailed information on the OCR guidance regarding the de-identification of Protected Health Information (PHI). Avoid HIPAA violations and learn specifically what de-identification is. February 24th, 2016 Employee Exclusions Screenings Must be High PriorityPublished February 24th, 2016 |Many healthcare organizations are not aware of how critically important it is to screen their employees against ALL state and federal exclusions databases. This article has important information for organization to ensure compliance. August 10th, 2015 Appointments, Reminders, Text Messaging, and HIPAAPublished August 10th, 2015 - Last Review/Update January 27th, 2017 |As more and more people are using mobile and wireless devices, a new term - mHealth - has emerged. According to a National Institute of Health consensus group, mHealth is “the use of mobile and wireless devices to improve health outcomes, healthcare services and health research.” Historically, the biggest gaps and HIPAA violations have been linked to ... July 20th, 2015 HIPAA Standards for ClaimsPublished July 20th, 2015 |(Rev. 3086, Issued: 10-03-14, Effective: ICD-10: Upon Implementation of ICD-10, ASC X12: January 1, 2012, Implementation ICD-10: Upon Implementation of ICD- 10; ASC X12: November 4, 2014)
The standards adopted under HIPAA include both a transaction standard and an implementation guide.
Claims sent electronically to Medicare must abide by the HIPAA standards ... March 18th, 2015 HIPAA Audits Still on HoldPublished March 18th, 2015 - Last Review/Update June 9th, 2016 |At HIPAA Summit, OCR head Jocelyn Samuels also outlines forthcoming efforts with ONC, FDA.
Phase II of the federal HIPAA audit program remains "under development," Jocelyn Samuels, director of the Health and Human Services Department's Office for Civil Rights, said Monday at the 23rd National HIPAA Summit in the District of Columbia.
Read ... February 9th, 2015 EncryptionPublished February 9th, 2015 - Last Review/Update June 9th, 2016 |How secure is your computer? Do you have a password on your computer? Do you have the automatic log offs turned on? Is your computer encrypted? Are your off-site storage files encrypted?
This document is designed to give some basic information about making your office a little more secure. It is not ... October 24th, 2014 Q & A: Is it a HIPAA Violation to Email Patients?Published October 24th, 2014 - Last Review/Update January 30th, 2017 |Straight from the Office of Civil Rights:
Q: Does the HIPAA Privacy Rule permit health care providers to use e-mail to discuss health issues and treatment with their patients?
A: Yes. The Privacy Rule allows covered health care providers to communicate electronically, such as through e-mail, with their patients, provided they apply ... October 20th, 2014 4Medapproved Partner and Find-A-Code's first Mini-Course WorkshopPublished October 20th, 2014 - Last Review/Update March 2nd, 2016 |Find-A-Code is now a 4Medapproved Partner and we are announcing our first Mini-Course workshop.
PROGRAM ANNOUNCEMENT 10/17/2014 Our first mini-course workshop will be presented by Brian Johnson, CHSP, CHSA:
HIPAA Workforce Certificate for Professionals LIVE Accelerated Workshop (1 Day/1 Hour)
LIVE ONLINE: Oct 29, 2014 at Noon EST, 11am CST, 10am MST and ... October 16th, 2014 Is Compliance a Dirty Word?Published October 16th, 2014 - Last Review/Update January 23rd, 2017 |In October of 2000 in the Federal Register the Office of the Inspector General (who investigates fraud against the federal government on behalf of the Department of Health and Human Services) offered general guidelines for health care facilities to set up a “Compliance Program”. This advice has long been pushed ... October 16th, 2014 Basic Fact Sheet on HIPPA Privacy and Security for Providers - CMSPublished October 16th, 2014 - Last Review/Update January 30th, 2017 |CMS has a released a fact sheet on HIPAA Privacy and Security basics for providers. Designed to provide education on covered entities and Business Associates under the HIPPA Privacy Rule.
Examples of a Covered Entity would be:
Doctors
Clinics
Psychologists
Dentists
Chiropractors
Nursing Homes
Pharmacies
Health Plans
Clearing houses
Any person or organization assisting in transmitting a transaction in electronic form, ... September 11th, 2014 According to HIPAA, who are my Business Associates?Published September 11th, 2014 - Last Review/Update January 30th, 2017 |Providers work with many different groups and many of them have some interaction with Protected Health Information (PHI). In an effort to help us understand who qualifies as Business Associates the Department of Health & Human Services has provided some resources.
But first … what is PHI or individually identifiable health information? ... September 9th, 2014 Cyber Insurance? What kind of Insurance Policy it that?Published September 9th, 2014 - Last Review/Update January 30th, 2017 |Due to the increase of medical transactions stored online and in the cloud, cyber intrusions will only increase.
Cyber insurance also known as privacy and network security insurance can help cover the costs incurred if your computer system is compromised, or after a data breach which can include a HIPAA ... September 9th, 2014 Do I Need Error and Omissions (E&O) Insurance for My Billing Company?Published September 9th, 2014 - Last Review/Update January 30th, 2017 |Do I Need Error and Omissions (E&O) Insurance for My Billing Company?
Over the years Medical billing has been considered low risk, now it has developed into a huge liability with HIPAA, E&O and Business Associate Agreements to name a few.
HIPAA has rocked the world for small businesses. Looking at the ... August 29th, 2014 Who in the World are my Business Associates?Published August 29th, 2014 - Last Review/Update January 30th, 2017 |The associates in the provider’s world and healthcare society are filled with loads of potential business associates and endless Individual identifiable health information.
 We have had so many questions about business associates I thought I would go to the source and put together some information from HHS.gov, otherwise known as U.S. ... July 16th, 2014 Windows XP and HIPAA Non-compliancePublished July 16th, 2014 - Last Review/Update January 25th, 2017 |For anyone who is not a computer techie, the announcement by Microsoft about discontinuing support for Windows XP may not mean much. However, from a HIPAA perspective, this is very important information because Section 164.308(a)(5)(ii)(B) of the HIPAA Security Rules includes an 'addressable' requirement of Protection from Malicious Software where ... July 15th, 2014 How the Internet is Reshaping Medical Coding and BillingPublished July 15th, 2014 - Last Review/Update January 25th, 2017 |Since the Internet is affecting (usually for better) every industry, why should it come as a surprise that medical coding and billing is now heavily dependent on the Internet? Actually, a number of important challenges and changes in the healthcare industry, and in technology as a whole, are pushing medical ... March 18th, 2014 How can I make sure new hires have not been in trouble with Medicare?Published March 18th, 2014 - Last Review/Update January 25th, 2017 |To avoid liability, it is recommended to routinely check (every 3 months) the LEIE to ensure that new hires and current employees are not on the excluded list.
One of the many parts of the compliance program is to see if your current staff (including yourself, regular staff and associate doctors) have been placed on the OIG (Office of the Inspector General) List of Excluded Individuals and Entities (LEIE).
OIG has the authority to exclude individuals and entities from Federally funded health care programs and maintains a list (List of Excluded Individuals and Entities or LEIE)of all currently excluded individuals and entities. Anyone who hires an individual or entity on the LEIE may be subject to monetary penalties.
It’s as simple as 1…2…3..
Read More
February 19th, 2014 Are Text Messages HIPAA Compliant?Published February 19th, 2014 - Last Review/Update January 27th, 2017 |As more and more people are using mobile and wireless devices, a new buzzword has emerged: mHealth. According to a National Institute of Health consensus group, mHealth is "the use of mobile and wireless devices to improve health outcomes, healthcare services and health research." Historically, the biggest gaps and HIPAA violations ... September 30th, 2013 Are You Compliant with the New HIPAA Regulations?Published September 30th, 2013 - Last Review/Update January 27th, 2017 |September 23rd, 2013 was the deadline for HIPAA Omnibus Final Rule compliance. It seems to have just snuck up on everybody. ChiroCode has spoken with some clincis who say that they don't need to worry about it because ”they are just a small practice.” Please, do not wait any longer to ... September 6th, 2013 Ominbus Final Rule and BAA Contracts DeadlinePublished September 6th, 2013 - Last Review/Update January 27th, 2017 |The official deadline for HIPAA covered entities to reach compliance with the provisions of the Omnibus Rule is officially set as September 23, 2013. This date is right around the corner and as a result, providers are concerned about meeting this deadline. The definition for a business associate has been ... September 29th, 2012 Privacy Rule De-IdentifiersPublished September 29th, 2012 - Last Review/Update January 27th, 2017 |The HIPAA Privacy Rule provides two ways to de-identify information, which are listed here with the 18 de-identifiers. There are more articles. View all articles... View articles for the current subject by subtopic: HIPAA TipsAccess to this feature is available in the following products:
Click here to Sign In to your account. HIPAA Resources/Links
HIPAA Books & Training
Laws & Regulations |
If you know of a resource that should be included here (links, data, etc.) please Contact Us.