Covered Entity

Home/Covered Entity

Individual’s Rights to Access PHI

An individual’s right to access their protected health information (PHI) should be nothing new to covered entities. In 1996, HIPAA Privacy Rule detailed an individual’s right to access PHI. As part of HITECH and the Final Omnibus Rule, modifications to the Privacy Rule have included additional requirements for covered entities and business associates. Unfortunately, recent

Jumpstart Your Compliance Program

The beginning of the New Year is a popular time for new initiatives. Many healthcare organizations are looking for ways to improve quality and reduce risk. A compliance program is an effective way to detect, deter and prevent wrongdoing in the healthcare setting and an ongoing system assures conformity with governing laws and regulations. An

EEOC Guidance to Healthcare Providers Regarding Patients with HIV

On December 1, 2015 (World AIDS day) the U.S. Equal Employment Opportunity Commission (EEOC) issued the following two separate fact sheets addressing the Americans with Disabilities Act (ADA) protections for individuals with HIV. Healthcare providers should pay careful attention to these documents to understand their duties under the ADA and the medical documentation that may

Deadline for Breach Reporting Coming Soon

As the end of the year approaches, keep in mind that all breaches of unsecured protected health information involving less than 500 individuals must be reported to the Secretary at the Department of Health and Human Services (HHS) within 60 days of the end of the calendar year. If the organization already reported a breach

OIG WORKPLAN 2016

The Office of the Inspector General (OIG) is responsible for protecting the integrity of the programs in Health and Human Services against fraud, waste and abuse as well as recommending improvements to the system that would promote efficiency and efficacy within the limits of the health care laws.   Although OIG oversight includes programs such as

Overview of a Corporate Integrity Agreement (CIA)

Health care fraud recoveries for fiscal years 2009- 2014 exceeded previous records with five straight years of more than $2 billion in annual recovery from cases involving fraud and false claims against federal health care programs such as Medicare and Medicaid.  Most healthcare providers are aware of significant civil liability due to recent enforcement. However,

Are You Prepared for the HIPAA Phase 2 Audits?

After reviewing the HIPAA Privacy case investigations from 2009-2011, the Office of the Inspector General sent a strong message to the Office of Civil Rights in regard to the administration and enforcement of the HIPAA Privacy Rule. The OIG recommendation is clear in the September 2015 executive summary, “OCR Should Strengthen Its Oversight of Covered

Do You Meet the Security Rule Requirements for a Covered Entity?

Covered entities should be aware of differences between the Privacy and Security Rule requirements regarding protected health information. One major distinction is that the HIPAA Security Rule only applies to electronic protected health information (e-PHI). A covered entity is responsible for maintaining confidentiality, integrity and availability of all e-PHI. Under the HIPAA Security Rule, covered

Do You Meet the Privacy Rule Requirements for a Covered Entity?

Covered entities have several requirements under the Privacy Rule. The purpose of the rule is to protect and secure individually identifiable patient information and the covered provider has the ultimate responsibility for HIPAA compliance. Compliance with the Privacy Rule was required on April 14, 2003. According to the OCR’s HIPAA Audit Program Protocol for covered