HIPAA

Many physicians and physician practices have gotten a break from the Red Flags Rule—the law intended to prevent identity theft and medical identity theft—thanks to Congress.

All those final HITECH Act and HIPAA rules you’ve been waiting for will become reality in 2011, according to a senior OCR official.

HIPAA privacy officers don’t have eyes in the back of their heads. Nor can they be everywhere at once. But they can increase their ability to monitor compliance by sharing the responsibility with other staff members.

Happy New Year! As we begin 2011, here are five HIPAA-related resolutions all HIM directors and privacy officers should consider making:

Social media and networking have created a dilemma for many healthcare organizations: They carry both benefits and risks.

It appears OCR and state attorneys general will be taking a more serious approach to enforcing HIPAA and HITECH. It’s essential that covered entities (CE) and business associates (BA) who haven’t begun a security compliance review do so. This is a requirement of the HIPAA Security Rule evaluation standard.

“Patient revenue trumps privacy and risk management,” according to the sponsor of a new study that gives healthcare organizations failing grades for not adequately protecting patients’ PHI.

While your healthcare organization awaits a breach notification final rule from HHS, there are some practical steps you can take to prepare should you need to notify patients of a privacy breach.

You worry about laptop computers and other portable devices being stolen. But what about digital cameras?

Q. An insurance company is requesting copies of medical records to review our CPT coding. These cases are at least a year old and have been paid already. The insurance company said its review will not affect our payment. Do we need patient authorization to release these records, since this does not involve treatment, payment, or office operations?