Tag Archive | "HIPAA"
OCR May Expand Accounting of Disclosures under HIPAA
HITECH Act requires use of EHRs as tools to inform about disclosures under Privacy Rule. Health care organizations and providers thought they dodged a bullet long ago when they convinced HHS to exclude disclosures of patient data used in the process of treatment and payments from the HIPAA privacy rules. But now, thanks to the HITECH Act, HHS is back, wondering what would be so terrible about requiring an accounting of such disclosures now. Through a request for information issued in early May titled HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic and Clinical Health Act (75 Fed Reg 23214 May 3, 2010), the HHS Office for Civil Rights says it expects to learn more about the interests of individuals, and the administrative burden on covered entities as well as business associates, concerning accounting for such disclosures. Under current standards of the…
Continue reading...Twenty Ways Your Facility Could Be Violating HIPAA
Thursday, June 3, 2010
Use this checklist on your next walkthrough to make sure you’re not overlooking crucial security breaches. It’s always a good idea to complete regular walkthroughs in your health care organization in order to quickly and easily monitor your staff’s HIPAA compliance. Read on to find a helpful tool for HIT pros in the form of a checklist.
Continue reading...Patients Don’t Trust EHR, Survey Says
Wednesday, May 26, 2010
Experts emphasize balance between patient care and privacy. Personal health data is less secure now than it was a year ago, according to a recent online survey by nCircle, an IT solutions provider. Almost half of the 257 people who participated in the survey said they are anxious about the fact that multiple partners of their health care providers (i.e., such as EHR vendors and insurers) have access to personal electronic information — increasing the risk of security breaches.
Continue reading...HHS Online Data Breach List Thrives
Wednesday, May 19, 2010
Many reported cases involve electronic systems, but paper records are still a security threat. Theft, loss, unauthorized access, or hacking. Whatever the breach is, HHS encourages people to turn to their computers and report it online. HHS then reports the specifics of breaches of security that affect 500 or more individuals. Presently, 64 cases are posted online, which allegedly affected about 1.2 million individuals.
Continue reading...For PHI Peace of Mind, Be Kind & Remind
Wednesday, May 12, 2010
Crafting log-on banners helps staff safeguard protected info. Don’t have the time or energy to tie strings around your workforce’s fingers to remind them about the importance of safeguarding the privacy of protected health information (PHI)? Well, here’s a far more practical and effective way to remind your staff to be on guard when it comes to handling PHI.
Continue reading...Use Role-Based Access Control to Limit PHI Leaks
Wednesday, April 21, 2010
Stop unauthorized PHI disclosures before they start with ‘RBAC.’ If you don’t limit the amount of confidential data your staff can access, how can you ensure that unauthorized disclosures of medical information don’t occur, in violation of HIPAA? One way is to implement a Role-Based Access Control (RBAC) model to determine who has access to your organization’s medical data files. We’ll show you how to get started.
Continue reading...Does OCR Verify PHI Breach Complaints Before Investigating?
Wednesday, April 21, 2010
Question: Does the HHS Office of Civil Rights verify the complaints it gets concerning breaches of private health information in alleged violation of HIPAA’s privacy or security rules before launching an investigation? As a covered entity, we’re concerned that someone might decide to use the breach reporting system on OCR’s web site to make totally unfounded complaints and harass our organization. Read on for the answer, straight from the OCR’s mouth…
Continue reading...Do We Have To Report All Employee Contact With Patients’ PHI?
Wednesday, April 14, 2010
Question: A patient requested that we account for all disclosures of her protected health information (PHI). Does the privacy rule require us to provide her with the names of each employee who accessed her medical information? Answer: No, says Kelley Meeusen, privacy officer for Harrison Hospital in Bremerton, WA. “HIPAA created a clear distinction between ‘uses’ and ‘disclosures,’” and internal employee access is most likely a ‘use,’ he explains.
Continue reading...Will You De-Identify Your Patients’ PHI?
Wednesday, April 7, 2010
De-identification safe harbors in the new HIPAA Privacy rule may be tempting: The new penalty provisions of the rule do not apply – nor does HIPAA in general – to the loss or disclosure of protected health information that has been “de-identified,” or, so to speak, “cleaned.” If your practice or organization is interested in learning how to de-identify health information so that you don’t have to worry quite so much about the new penalties – which can now reach $1.5 million – read on for a primer, along with the possible downsides.
Continue reading...OCR to Offer Guidance (Someday) on De-Identifying PHI
Wednesday, April 7, 2010
While no one – including HHS – seems to know yet what de-identification of PHI under the HIPAA Privacy Rule is, one good rule of thumb at this point is to be careful what you post publicly now because it might provide a way to reverse engineer de-identified PHI later. Last week, we noted that the HHS OCR held a workshop on de-identifying protected health information under the HIPAA Privacy Rule. If you de-identify PHI, as we also recently noted, the Privacy Rule and its penalties for disclosure don’t apply – you can enter a “safe harbor” if you remove the 18 identifiers in PHI or use a “statistical standard” to de-identify your patient data. Avoiding HIPAA penalties sounds pretty good…but how exactly do you go about de-identifying PHI? HHS OCR, which is responsible for enforcing the Privacy Rule, is not sure yet. Under ARRA, HHS is required to…
Continue reading...- tower200: What concerns me most about the Government plan is...
- Jeffrey Zelmanow: To add to the answer, when considering identifiers...
- Jake @ social work jobs: Switching to a better networked system is a huge r...
- Mia: Just wondering whether there will be an interface ...
- Chuck Everett: I don't agree that the iPad will "jump-start" EMR ...
- Industry Group Announces Top 5 HIT Companies for 2010
- OCR May Expand Accounting of Disclosures under HIPAA
- EMR Use Might Distract Clinicians from Patient Interaction
- HHS Online Data Breach List Thrives
- Most Hospital CIOs Cite EMR as Top Priority
- HIT: Just in Time to Cure the Recession?
- HHS Pumps More Money into HIT Adoption Efforts
- Consumers Called to Contribute to ‘Meaningful Use’ Definition
- DEA Clears One Hurdle to “Meaningful Use” of EHR
- Study Shows File-Sharing Can Kill Your PHI Security Softly
Thursday, June 3, 2010
0 Comments