HIM/HIPAA

Q: How long are we required to retain the records of out-of-state patients? Do we follow HIPAA’s record retention requirements, our state record retention requirements, or the record retention requirements of the state in which the patient lives?

Q: Are there any best practices for managing additional documentation requests (ADR)?

In this month's Product Watch, we look at a game-changing texting app. With the available technology, covered entities and business associates would be hard-pressed to justify sending PHI using unsecure texts.

Q: Can a doctor provide a doctor’s note for the person who brought his or her patient to the hospital or appointment?

Q: What is a denial avoidance program and how does it differ from a denials management program?

The Office of Civil Rights (OCR) offered considerations to healthcare organizations for securing electronic devices and media in its August Cybersecurity Newsletter.

Although HIPAA laws do not specify any time frame on updating policies and procedures, OCR has expectations. Here are three recent settlements where OCR has included mandates to update policies and procedures. You can apply some of these lessons in your organization.

HIPAA covered entities that maintain poor policies and procedures related to HIPAA compliance—those that are unfinished in draft form, not updated in years, and basically not followed to the letter—have cost them dearly.

The plaintiffs in a class action lawsuit against Premera Blue Cross over a 2015 data breach now allege that the health insurance company destroyed key evidence, according to new documents filed in August.

Think software patching and vulnerability detection is just an IT thing? Certainly it starts there.