HIPAA

Healthcare providers must be vigilant in ensuring that software upgrades, also known as patches, are kept current. Failure to do so can lead to a HIPAA Security Breach with all its associated penalties. For example Windows XP no longer has security updates and should not be used in healthcare settings.

On January 17, 2018, the OCR released another known problem with the chips on some computers. The notice stated:

Healthcare and Public Health Sector partners-

It is important for providers to understand the critical nature of the Business Associate Agreement (BAA). Far too many healthcare providers are neglecting this component of HIPAA, which can be a costly mistake. For years providers have been warned that if they are a HIPAA Covered Entity (CE) they MUST have properly executed BAAs for all their business associates. Failure to do so could cost millions. Penalties begin at $50,000 per violation with a maximum of $1.5 million per year for repeats of the same violation.

Combined Deskbook Resources

Please wait while we redirect you to the deskbook resource page.
If you do not redirect in a few seconds click this link

  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  

Redirected to FindACode

Employee Exclusions Screenings Must be High Priority

Many healthcare organizations are not aware of how critically important it is to screen their employees against ALL state and federal exclusions databases. The OIG is reviewing organizations in ALL federal healthcare programs - this includes Medicare, Medicaid, CHIP, etc. - for those who have employed individuals on ANY exclusions database. Not only must you screen employees on the OIG Exclusions database, but employers are also responsible to check state exclusions databases as well.

At HIPAA Summit, OCR head Jocelyn Samuels also outlines forthcoming efforts with ONC, FDA.

Phase II of the federal HIPAA audit program remains "under development," Jocelyn Samuels, director of the Health and Human Services Department's Office for Civil Rights, said Monday at the 23rd National HIPAA Summit in the District of Columbia.

Read the entire article by FierceHealthIT here.

Protected Health Information De-Identification Standards

On November 26, 2012, the OCR released specific guidance regarding the de-identification of Protected Health Information (PHI). This guidance is the result of input from experts in various fields, workshops and in-depth research regarding various de-identification approaches. The intent of this guidance was to assist covered entities to understand:

HIPAA Compliance Resources (Resource 278)

For additional information on HIPAA, see Section F-Compliance in the Behavioral Health MultiBook.

Appointments, Reminders, Text Messaging, and HIPAA

March 2015

Compliance Resources (Resource 263)

Because compliance covers so many areas of a healthcare provider practice, a more thorough explanation is found in Section F-Compliance in the Behavioral Health MultiBook. Generally, healthcare providers need to understand:

HIPAA Final Rule Strengthens Privacy and Security Protections

On January 17, 2013, the long awaited final rule was announced. It will be published in the Federal Register on January 25, 2013. Providers need to be aware that the final rule, which replaces the current interim rule, is effective on March 26, 2013. The compliance deadline for covered entities is September 23, 2013.

Pages

Subscribe to RSS - HIPAA