Complying with HIPAA’s privacy and security requirements can be complex and overwhelming. But the Department of Health and Human Services does provide some helpful guidance. Here’s a list of resources we found that might help you understand what’s required and plan your security programs: 1. HHS Security Rule … [Read more...] about HIPAA resources and guidance
HIPAA
Model Policy: HIPAA notice of privacy practices
Why you need this policy: HIPAA requires medical practices to prepare and post a Notice of Privacy Practice (NPP) notifying patients of their rights to their own personal health information (PHI) and how the practice uses and discloses the PHI it collects from patients. The NPP is as old as the HIPAA law itself; but recent changes (contained in a law called the HITECH … [Read more...] about Model Policy: HIPAA notice of privacy practices
Are your business associate agreements up to date with the latest HIPAA requirements?
The Omnibus Final rule implementing HITECH made some changes affecting Business Associate (BA) agreements. While Sept. 23 was the compliance deadline for most obligations under the Final Rule, some agreements enjoy a grace period and may not need to be updated until September 2014. But you should take the opportunity now to make sure you haven’t overlooked any issues concerning … [Read more...] about Are your business associate agreements up to date with the latest HIPAA requirements?
The 3 keys to better HIPAA compliance: risk assessment, training, revised notice
Three HIPAA items need every manager’s immediate attention. They are: • Risk Analysis; • documentation of HIPAA training; and • a revised Notice of Privacy. HIPAA’s enforcer is the Office for Civil Rights (OCR), and it’s taking the job seriously, says Nathan A. Kottkamp, a health care attorney with McGuireWoods in Richmond, VA. When the OCR comes to call, it will ask to see … [Read more...] about The 3 keys to better HIPAA compliance: risk assessment, training, revised notice
HIPAA: it’s time to update the office’s privacy notice
The mega rule deadline is September 23, 2013 What should managers be doing right now for HIPAA? They should be updating the Notice of Privacy Practices and getting patients to sign off on the revision. And they have only until September 23, 2013 to get it done. Along with that, they need to be paying close attention to some other HIPAA requirements that are getting … [Read more...] about HIPAA: it’s time to update the office’s privacy notice
HIPAA’s rules get tighter and its penalties get higher
and breach notification takes a new turn Even stronger controls have just been set out for HIPAA. They come in the final regulations for the Omnibus Health Insurance Portability and Accountability Act, or the HIPAA rule. They appear in the January 25 Federal Register and become effective March 26. However, offices and business associates have until September 23 to … [Read more...] about HIPAA’s rules get tighter and its penalties get higher
HIPAA is now striking small offices; the first hit is on mobile devices
HIPAA, which has traditionally focused its attention on larger entities, is now closing in on smaller organizations and smaller violations. A hospice in Idaho has been fined $50,000 for a security breach of its electronic health information. This is the first time HIPAA has gone after a breach affecting fewer than 500 patients, and the government says the fine is “a strong … [Read more...] about HIPAA is now striking small offices; the first hit is on mobile devices
More information on marketing and compliance
Here are resources from the article, "9 important do's and don'ts for using social media to promote your practice": Federal Trade Commission, Guides Concerning the Use of Endorsements and Testimonials in Advertising, 16 CFR Part 255; available by clicking here HIPAA regulation regarding marketing: 45 CFR 164.501, 164.508(a)(3) HHS explanatory information about … [Read more...] about More information on marketing and compliance