Tag Archive | "OCR"
OCR May Expand Accounting of Disclosures under HIPAA
HITECH Act requires use of EHRs as tools to inform about disclosures under Privacy Rule. Health care organizations and providers thought they dodged a bullet long ago when they convinced HHS to exclude disclosures of patient data used in the process of treatment and payments from the HIPAA privacy rules. But now, thanks to the HITECH Act, HHS is back, wondering what would be so terrible about requiring an accounting of such disclosures now. Through a request for information issued in early May titled HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic and Clinical Health Act (75 Fed Reg 23214 May 3, 2010), the HHS Office for Civil Rights says it expects to learn more about the interests of individuals, and the administrative burden on covered entities as well as business associates, concerning accounting for such disclosures. Under current standards of the…
Continue reading...Does OCR Verify PHI Breach Complaints Before Investigating?
Wednesday, April 21, 2010
Question: Does the HHS Office of Civil Rights verify the complaints it gets concerning breaches of private health information in alleged violation of HIPAA’s privacy or security rules before launching an investigation? As a covered entity, we’re concerned that someone might decide to use the breach reporting system on OCR’s web site to make totally unfounded complaints and harass our organization. Read on for the answer, straight from the OCR’s mouth…
Continue reading...OCR to Offer Guidance (Someday) on De-Identifying PHI
Wednesday, April 7, 2010
While no one – including HHS – seems to know yet what de-identification of PHI under the HIPAA Privacy Rule is, one good rule of thumb at this point is to be careful what you post publicly now because it might provide a way to reverse engineer de-identified PHI later. Last week, we noted that the HHS OCR held a workshop on de-identifying protected health information under the HIPAA Privacy Rule. If you de-identify PHI, as we also recently noted, the Privacy Rule and its penalties for disclosure don’t apply – you can enter a “safe harbor” if you remove the 18 identifiers in PHI or use a “statistical standard” to de-identify your patient data. Avoiding HIPAA penalties sounds pretty good…but how exactly do you go about de-identifying PHI? HHS OCR, which is responsible for enforcing the Privacy Rule, is not sure yet. Under ARRA, HHS is required to…
Continue reading...How the Threat of PHI Breaches Decreases Quality of Care
Thursday, March 25, 2010
Plus, your chance to ‘eavesdrop’ on security breaches among healthcare providers across the nation. Any health information professional who uncritically sings the praises of electronic health records should check out this psychiatrist’s op ed piece in The Wall Street Journal. EHRs have the potential to actually decrease quality of care “if patients fear sharing information with their doctors because they know it isn’t private,” writes Dr. Deborah Peel, a practicing psychiatrist who’s the founder of Patient Privacy Rights. “When patients realize they can’t control who sees their electronic health records, they will be far less likely to tell their doctors about drinking problems, feelings of depression, or exposure to sexually transmitted diseases.” And there’s ample evidence that patients already doubt that their medical records are private and secure, despite those long HIPAA forms they routinely sign in doctors’ offices. For example, fifty-nine percent of…
Continue reading...HHS OCR Is New HIPAA Security Regulator
Tuesday, August 4, 2009
You’ve got a new sheriff in town for HIPAA enforcement. The Department of Health and Human Services is handing over the administration and enforcement of the Security Rule of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to the HHS Office for Civil Rights. CMS formerly oversaw enforcement of the rule. The Security Rule specifies a series of administrative, technical, and physical security procedures for covered entities to use to assure the confidentiality of electronic-protected health information. OCR has enforced HIPAA’s Privacy Rule since 2003. CMS hopes the Security’s Rule’s move to OCR will trim some administrative inefficiency and improve regulation, given that privacy and security are so closely connected. “The Health Information Technology for Economic and Clinical Health (HITECH) Act, part of the American Recovery and Reinvestment Act of 2009 (ARRA), mandated improved enforcement of the Privacy Rule and the Security Rule,” points out
Continue reading...- tower200: What concerns me most about the Government plan is...
- Jeffrey Zelmanow: To add to the answer, when considering identifiers...
- Jake @ social work jobs: Switching to a better networked system is a huge r...
- Mia: Just wondering whether there will be an interface ...
- Chuck Everett: I don't agree that the iPad will "jump-start" EMR ...
- Industry Group Announces Top 5 HIT Companies for 2010
- OCR May Expand Accounting of Disclosures under HIPAA
- EMR Use Might Distract Clinicians from Patient Interaction
- HHS Online Data Breach List Thrives
- Most Hospital CIOs Cite EMR as Top Priority
- HIT: Just in Time to Cure the Recession?
- HHS Pumps More Money into HIT Adoption Efforts
- Consumers Called to Contribute to ‘Meaningful Use’ Definition
- DEA Clears One Hurdle to “Meaningful Use” of EHR
- Study Shows File-Sharing Can Kill Your PHI Security Softly
Thursday, June 3, 2010
0 Comments