On Friday, May 27, 2011, the Department of Health and Human Services (HHS) published the HIPAA Privacy Rule Accounting of Disclosures under the Health Information Technology for Economic and Clinical Health Act Notice of Proposed Rule Making (NPRM). I’m still going through it but here are my preliminary thoughts… (more…)
Posts Tagged ‘HHS’
Preliminary Thoughts about the HIPAA Accounting of Disclosures NPRM
Tuesday, May 31st, 2011HIPAA Compliance Investigations And The Insider Threat
Wednesday, February 2nd, 2011I’ve been getting a lot more questions about HIPAA and HITECH lately from folks I’ve never met, but who have concerns about the security and privacy of their health information (“protected health information” or “PHI” as referenced within HIPAA/HITECH), businesses that are trying to understand how to protect PHI according to the regulatory requirements, and a growing number who express frustration with the unsecure ways in which clients, customers, patients and business partners are sharing information with them. There just are not enough hours in the day to answer them all, but I decided I’d start sharing some of the questions, and my corresponding answers, that seem to be topics that a wide range of readers may be interested in.
I was recently contacted by someone who had a question about a recent HIPAA complaint against Rowan Regional Medical Center (more…)
HIPAA/HITECH Breach Notice Rule: Applies To PHI of Deceased Individuals + Training A Key Element
Monday, August 24th, 2009After a few days unable to make time to post to the blog, or technical difficulties preventing me when I did make time, I’m happy to resume my posting!
Today I want to offer a few thoughts about the breach notice rules that were released last week by the HHS and the FTC in compliance with the HITECH Act requirements…
HIPAA Violation: Medical Clinic Leaves Box With PHI On Public Dumpster
Tuesday, December 30th, 2008This summer I had planned to do a dumpster-diving project with my sons, but then the Iowa floods postponed those plans. However, after reading the following I’m motivated to plan to do this in the spring after basketball and G&T activities are finished for the winter…
New HHS Guidance States HIPAA Does Not Apply To PHRs
Sunday, December 28th, 2008I hope you are all having a wonderful holiday season! I hadn’t planned to take the past few days off from blogging, but something like the flu (probably the flu) hit me like a bag of bricks on Christmas day and I’ve been curled in a fetal position in my bed for the past few days. Oddly enough while laying there feeling like my bones were all slowly dissolving (and thinking about the types of body braces you’d need to create to deal with something like that!) I was also thinking about how silly it was for the Health Insurance Portability and Accountability Act (HIPAA; and any industry-specific data protection law) to define that the only organization’s that would legally need to safeguard protected health information (PHI) are the narrowly defined covered entities (CEs); healthcare providers, healthcare insurers and healthcare clearinghouses.
HHS’s New Privacy & Security Framework Based Upon The OECD Privacy Principles
Friday, December 19th, 2008Earlier this week, the Department of Health and Human Services issued a framework, “Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information December 15, 2008” for protecting patient privacy and securing medical records, in particular online protected health information (PHI) records.
ED and HHS Gives Guidance for HIPAA and FERPA Relationship
Friday, December 12th, 2008Audit Shows That After 5 Years CMS *STILL* Has No Documented Procedures For Ensuring HIPAA compliance
Thursday, October 30th, 2008This week the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a very interesting assessment of how well, and how effectively, the Centers for Medicare & Medicaid Services (CMS) was performing their Health Insurance Portability and Accountability Act (HIPAA) oversight responsibilities.
Audit Shows That After 5 Years CMS *STILL* Has No Documented Procedures For Ensuring HIPAA compliance
Thursday, October 30th, 2008This week the Department of Health and Human Services (HHS) Office of Inspector General (OIG) released a very interesting assessment of how well, and how effectively, the Centers for Medicare & Medicaid Services (CMS) was performing their Health Insurance Portability and Accountability Act (HIPAA) oversight responsibilities.
HIPAA Compliance During Emergencies and Disasters
Tuesday, October 7th, 2008Yesterday the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) posted a new HIPAA frequently asked question (FAQ) to their site; a great question that many organizations do not even consider until after the fact…
