On October 10, 2011, there was a report in the Baltimore Sun, “Law firm loses hard drive with patient records: Attorneys represent St. Joseph cardiologist sued for malpractice.” I posted about the report to one of the LinkedIn groups I participate in, pointing out that this is yet one more example of (more…)
Posts Tagged ‘BA’
Do Subpoenas Trump HIPAA and/or Trample Security Of PHI?
Saturday, December 10th, 2011UCLA Health System Pays $865K to Settle Celebrity Privacy HIPAA Violations
Friday, July 8th, 2011Here’s yet another HIPAA violations penalty to add to what seems to be a quickly growing list. In this case it was a violation of the minimum necessary access principle, in addition to providing the information to reporters, who then published the information. And, it is likely based upon the required actions that go beyond the fine, that the policies, procedures, training, awareness, and access logging processes was lacking as well. (more…)
Designated Record Sets: Know What They Are! (AD NPRM Discussion #1)
Thursday, June 2nd, 2011My last blog post provided a preliminary overview of the Accounting of Disclosures Notice of Proposed Rulemaking (AD NPRM). I got a lot of questions as a result directly, in addition to the blog comments. When trying to understand regulations, and how to put them into practice within an organization, I’ve found it is best to break them down into bite-sized chunks, starting from the basics and building from there. Today I want to spend a little time looking at what makes up a “designated record set,” or DRS, since the access report requirement is specific to accesses to DRS’s… (more…)
Preliminary Thoughts about the HIPAA Accounting of Disclosures NPRM
Tuesday, May 31st, 2011On Friday, May 27, 2011, the Department of Health and Human Services (HHS) published the HIPAA Privacy Rule Accounting of Disclosures under the Health Information Technology for Economic and Clinical Health Act Notice of Proposed Rule Making (NPRM). I’m still going through it but here are my preliminary thoughts… (more…)
HIPAA/HITECH Final Rule Set To Be Published in March
Tuesday, January 4th, 2011On December 20, 2010, the U.S. federal government published “Part II: Regulatory Information Service Center: Introduction to The Regulatory Plan and the Unified Agenda of Federal Regulatory and Deregulatory Actions.” If you are a healthcare Covered Entity (CE), Business Associate (BA) or BA subcontractor, as defined under HIPAA and HITECH, this should be of interest to you. Why? Because within it is the long-awaited Department of Health and Human Services (HHS) timeline for when they would publish the final rule of the Notice of Proposed Rule Making (NPRM) that came out in July, 2010. The date? Well, (more…)