Tag Archive | "HIPAA"
HIPAA Compliance: Outsource PHI Security Safely With These 5 Steps
Learn these facts before you nail down your HIPAA plan with a consultant. You may be relieved to find a consultant who is willing to take over the overwhelming task of helping you protect the privacy in your medical records — but keep in mind that not all outsourced privacy protection companies are the same. Last week, the Federal Trade Commission (FTC) settled with LifeLock, Inc., a company that offered identity protection services. “According to the lawsuit, LifeLock claimed its service would protect consumers against all forms of identity theft, when, in fact, LifeLock offered only limited protection against only some forms of ID theft,” the FTC’s statement noted regarding its $11 million settlement with LifeLock. If you’d like help staying current with HIPAA privacy regulations, consider these tips before you outsource any of your privacy needs. 1. The Government Does Allow HIPAA Consultants. Practices that are gun-shy about asking for…
Continue reading...Reader Question: Are Photographs PHI Identifiers?
Thursday, March 18, 2010
Question: For demonstration purposes in a sales context, if a picture or video of a patient were used with no identifying information, would this violate Health Insurance Portability and Accountability Act (HIPAA)? Answer: A photo is an identifier, explains Kristen Rosati, a partner at Coppersmith Gordon Schermer Owens & Nelson. Why? Read on …
Continue reading...Cost of Security Breaches Continues to Escalate
Wednesday, March 3, 2010
Surprise! Stuff on a middle manager’s laptop is more valuable than stuff on a CEO’s. Yet another health care company made the news recently with a stolen laptop: A local Florida paper reported on Feb. 15, 2010 that two laptops stolen from AvMed Health Plans’ corporate office in Gainesville, FL contained personal information — including PHI — of over 200,000 people. Studies show that security breach incidents are costing companies — including health care providers and plans – more and more money, as well as customers. In the AvMed case, the data was not protected properly, according to a statement by AvMed, which began notifying affected patients in early February of the breach, which occurred in late December.
Continue reading...An HIT Pro’s Guide to the CMS Web Site’s Greatest Hits
Wednesday, February 10, 2010
Yeah, yeah, yeah. You’re a HIT Rock Star like all the rest of the folks who read this blog, but here’s the real question: Can you find your way around the Centers for Medicare and Medicaid Services Web site? If the mere thought of getting around the CMS web site makes you feel like a one-HIT wonder, take heart. CMS has come up with this handy sheet that highlights its top web destinations. And for your convenience, we’ve listed the CMS links here that HIT & EMR types will be looking for. CMS Acronym Finder: Talk Medicare lingo like the hepcat you are. E-prescribing: Who’s cool enough to be an ‘EP?’ Find out here. Electronic Billing & EDI Transactions. CMS Glossary: Take a magical mystery tour through Medicare mumbo jumbo — & finally understand what they’re talking about. HIPAA. Need I say more? It’s a…
Continue reading...Shore Up Your HIPAA Compliance Before Enforcement Storm Hits This Year
Wednesday, February 3, 2010
Tip: You’re not off the hook if the breach is your vendor’s fault. Using electronic health records may cut costs and reduce errors, but they also can increase your compliance risks — and scrutiny from the feds. Wake-up call: You are accountable for compliance even if a third party installs and maintains your records system. Providers will still be responsible for ensuring the same privacy protections as if they did have their own IT department, points out Jim Sheldon-Dean with Lewis Creek Systems in Charlotte, Vt.
Continue reading...Should You Handle Medical Privacy for Psychiatric Care Differently?
Tuesday, February 2, 2010
Question: Our facility is going to offer psychiatric services to certain residents with mental health issues or psychiatric diagnoses.These services will be provided by outside psychiatrists and psychiatric nurse practitioners, and will include individual counseling and group therapy. Do we need to have more HIPAA privacy safeguards related specifically to the psychiatric services? If so, what might they be? Answer: As a first step, decide in consultation with the psychiatric professionals involved what records the facility will maintain, and what records only the psychiatric professional will maintain, advises Heather O. Berchem, an attorney with Murtha Cullina LLP, in New Haven, Conn. The distinction is important because the facility is responsible under HIPAA only for those records maintained by the facility. And the psychiatric professionals will be responsible for complying with HIPAA regarding records they maintain, she says. Important …
Continue reading...HIPAA Compliance: Practical Breach Notification Tips
Wednesday, January 27, 2010
If a breach involves 500+ people, here’s what your health care organization will suffer. Picture this: A nurse hands a patient someone else’s discharge papers but promptly discovers the error and retrieves the protected health information. Would your health care organization have to report that as a breach of unsecured PHI under HIPAA notification rules? The answer: It depends. The scenario wouldn’t constitute a breach — “if the nurse can reasonably conclude that the patient couldn’t have read or otherwise retained the information,” according to the Health & Human Services’ (HHS) interim final rule implementing the new requirements. But suppose the patient turned the corner and was out of sight momentarily and the discharge orders included “a sensitive diagnosis such as HIV, and the facility was in a small community”— or the nurse had reviewed the discharge orders with the patient, says Chicago attorney Michael Roach. Those scenarios could trigger the notification requirements, he…
Continue reading...If a PHI Breach Fits One of These Exceptions, You May Be Home Free
Wednesday, January 27, 2010
Include this information as part of your risk analysis. Knowing what doesn’t count as a breach under new HIPAA notification rules can help you weigh whether to report a disclosure of unsecured protected health information. The rules include four exceptions, as follows: Exception No. 1. An unintended acquisition, access or use of PHI by a person with authority to handle PHI who is acting in good faith. Also, “there’s no further acquisition, access or use of the PHI,” says attorney Kathryn Solley, with Atlanta law firm Seyfarth Shaw LLP.
Continue reading...Follow These 3 Tips to Protect PHI
Tuesday, January 19, 2010
Hint: Paper files can be breached just as easily as electronic files. You may be sure that you’ve dotted all of your i’s and crossed all of your t’s, but if you miss even a small piece of the privacy puzzle, you can compromise your entire system. Take a look at these three reminders to ensure that you’re starting 2010 with your privacy program on the right foot: 1. Don’t Let Paper Get Lost in the Shuffle. You may think of patient privacy exclusively in terms of protecting electronic patient data, but paper files are just as likely to be compromised. “With the advent of the HITECH changes, breaches occurring with paper records will be treated the same way as electronic data,” says Gregory Michaels, manager of security and compliance solutions at BluePrint Healthcare IT in Cranbury, N.J.
Continue reading...Connecticut AG Sues Health Net for Security Breach
Tuesday, January 19, 2010
State prosecutors see HITECH as a big stick. If you practice medicine or run a plan in Connecticut, make sure all your practice or organization’s security breach notification policies are in order: The Attorney General is not messing around when it comes to HIPAA enforcement. Following its loss in May 2009 of a portable disk drive from a corporate office, Health Net of Connecticut, Inc. has become the first health plan to get popped by a state attorney general under the HITECH Act’s new enforcement provisions, which allow state AGs to enforce HIPAA’s penalty provisions for security violations.
Continue reading...- tower200: What concerns me most about the Government plan is...
- Jeffrey Zelmanow: To add to the answer, when considering identifiers...
- Jake @ social work jobs: Switching to a better networked system is a huge r...
- Mia: Just wondering whether there will be an interface ...
- Chuck Everett: I don't agree that the iPad will "jump-start" EMR ...
- Industry Group Announces Top 5 HIT Companies for 2010
- OCR May Expand Accounting of Disclosures under HIPAA
- EMR Use Might Distract Clinicians from Patient Interaction
- HHS Online Data Breach List Thrives
- Most Hospital CIOs Cite EMR as Top Priority
- HIT: Just in Time to Cure the Recession?
- HHS Pumps More Money into HIT Adoption Efforts
- Consumers Called to Contribute to ‘Meaningful Use’ Definition
- DEA Clears One Hurdle to “Meaningful Use” of EHR
- Study Shows File-Sharing Can Kill Your PHI Security Softly
Monday, March 22, 2010
0 Comments