HIPAA

HHS released a notice of proposed rulemaking in July modifying the HIPAA Privacy, Security, and Enforcement Rules under the HITECH Act.

Use this Q&A to test staff members’ knowledge of HIPAA privacy.

Your incident response plan should be in strict compliance with HITECH requirements, says Kate Borten, CISSP, CISM, president of The Marblehead Group in Marblehead, MA.

Q. We received a request under the California Public Records Act from the local newspaper for copies of incident reports of injuries to staff by psychiatric patients. County counsel stated that only patient information that is specifically made confidential by law can be redacted.

You want your staff members to report incidents when they suspect a privacy or security violation involving PHI has occurred.

Hospitals and provider networks account for the highest number of breaches on the OCR list of entities reporting breaches of unsecured PHI affecting 500 or more individuals, a new report indicates.

ARRA brought us an expanded version of HIPAA. Along with it came the clear message that if the last time you visited your HIPAA policies and procedures was April 15, 2005, you have a problem.

Use this Q&A to test staff members’ HIPAA knowledge.

On July 8, HHS released a proposed rule to modify the HIPAA Privacy, Security, and Enforcement Rules, extending HIPAA compliance requirements to subcontractors of business associates (BA) and strengthening patient rights to health information privacy. The rule is available for viewing at http://edocket.access.gpo.gov/2010/pdf/2010-16718.pdf.

When HITECH was signed into law February 17, 2009, privacy and security officers predicted the provision that gives patients greater rights to accounting of disclosures on their electronic health records (EHR) would prove to be the most difficult.