Tag Archive | "Privacy Rule"
OCR May Expand Accounting of Disclosures under HIPAA
HITECH Act requires use of EHRs as tools to inform about disclosures under Privacy Rule. Health care organizations and providers thought they dodged a bullet long ago when they convinced HHS to exclude disclosures of patient data used in the process of treatment and payments from the HIPAA privacy rules. But now, thanks to the HITECH Act, HHS is back, wondering what would be so terrible about requiring an accounting of such disclosures now. Through a request for information issued in early May titled HIPAA Privacy Rule Accounting of Disclosures Under the Health Information Technology for Economic and Clinical Health Act (75 Fed Reg 23214 May 3, 2010), the HHS Office for Civil Rights says it expects to learn more about the interests of individuals, and the administrative burden on covered entities as well as business associates, concerning accounting for such disclosures. Under current standards of the…
Continue reading...Does OCR Verify PHI Breach Complaints Before Investigating?
Wednesday, April 21, 2010
Question: Does the HHS Office of Civil Rights verify the complaints it gets concerning breaches of private health information in alleged violation of HIPAA’s privacy or security rules before launching an investigation? As a covered entity, we’re concerned that someone might decide to use the breach reporting system on OCR’s web site to make totally unfounded complaints and harass our organization. Read on for the answer, straight from the OCR’s mouth…
Continue reading...Do We Have To Report All Employee Contact With Patients’ PHI?
Wednesday, April 14, 2010
Question: A patient requested that we account for all disclosures of her protected health information (PHI). Does the privacy rule require us to provide her with the names of each employee who accessed her medical information? Answer: No, says Kelley Meeusen, privacy officer for Harrison Hospital in Bremerton, WA. “HIPAA created a clear distinction between ‘uses’ and ‘disclosures,’” and internal employee access is most likely a ‘use,’ he explains.
Continue reading...OCR to Offer Guidance (Someday) on De-Identifying PHI
Wednesday, April 7, 2010
While no one – including HHS – seems to know yet what de-identification of PHI under the HIPAA Privacy Rule is, one good rule of thumb at this point is to be careful what you post publicly now because it might provide a way to reverse engineer de-identified PHI later. Last week, we noted that the HHS OCR held a workshop on de-identifying protected health information under the HIPAA Privacy Rule. If you de-identify PHI, as we also recently noted, the Privacy Rule and its penalties for disclosure don’t apply – you can enter a “safe harbor” if you remove the 18 identifiers in PHI or use a “statistical standard” to de-identify your patient data. Avoiding HIPAA penalties sounds pretty good…but how exactly do you go about de-identifying PHI? HHS OCR, which is responsible for enforcing the Privacy Rule, is not sure yet. Under ARRA, HHS is required to…
Continue reading...- tower200: What concerns me most about the Government plan is...
- Jeffrey Zelmanow: To add to the answer, when considering identifiers...
- Jake @ social work jobs: Switching to a better networked system is a huge r...
- Mia: Just wondering whether there will be an interface ...
- Chuck Everett: I don't agree that the iPad will "jump-start" EMR ...
- Industry Group Announces Top 5 HIT Companies for 2010
- OCR May Expand Accounting of Disclosures under HIPAA
- EMR Use Might Distract Clinicians from Patient Interaction
- HHS Online Data Breach List Thrives
- Most Hospital CIOs Cite EMR as Top Priority
- HIT: Just in Time to Cure the Recession?
- HHS Pumps More Money into HIT Adoption Efforts
- Consumers Called to Contribute to ‘Meaningful Use’ Definition
- DEA Clears One Hurdle to “Meaningful Use” of EHR
- Study Shows File-Sharing Can Kill Your PHI Security Softly
Thursday, June 3, 2010
0 Comments