News & Analysis

September 1, 2010
Briefings on HIPAA

When HITECH was signed into law February 17, 2009, privacy and security officers predicted the provision that gives patients greater rights to accounting of disclosures on their electronic health records (EHR) would prove to be the most difficult.

September 1, 2010
Briefings on HIPAA

The cost of failure to comply with the HIPAA Security Rule has significantly increased during the past few years. This cost is not related solely to regulatory changes; it is also associated with data loss and corruption, legal risks, and damage to business image. Many healthcare organizations relegate disaster recovery planning and disaster preparedness to the back burner. This represents a regulatory compliance concern and a significant risk to organizations.

September 1, 2010
Briefings on HIPAA

Q. In the April issue of BOH, one of the Q&As discussed who must send out breach notification letters if the business associate (BA) was responsible for the breach. The answer was covered entities. Didn’t HITECH make BAs covered entities?

September 1, 2010
Briefings on HIPAA

OCR is seeking comments on the HIPAA proposed rule published July in the Federal Register through September 13.

September 1, 2010
Briefings on HIPAA

Dena Boggan, CPC, CMC, CCP, chuckled when someone recently suggested that her staff audit some patient records.

“I wish I had a staff,” laughed Boggan, HIPAA privacy/security officer at St. Dominic Jackson (MS) Memorial Hospital. 

However, this is fairly typical in many healthcare settings, where HIPAA privacy and security officers often are the only individuals who are responsible for compliance.

August 1, 2010
Briefings on HIPAA

The HIPAA Security Rule requires covered entities (CE) to conduct periodic evaluations of their information security programs.

However, Phyllis A. Patrick, MBA, FACHE, CHC, wonders how many organizations have completed the kind of evaluation the Security Rule standard requires.

Pages