Home/HIPAA Zone

Do You Risk Violating HIPAA on Social Media?

As technology continues to evolve, so does social media, with more and more platforms arising for people to communicate – anytime, anyplace to anyone. The increase in social media presence in healthcare creates greater vulnerability toward breaches of patient confidentiality. Here are some tips to avoid violating HIPAA with social media: Do not talk about

How would your staff react to an auditor or investigator?

Audits and investigations are stressful events either with or without prior notice. Medical staff should be prepared for an unannounced visit. First Healthcare Compliance provides a sample policy that assists clients in preparing the front office. Here are some recommendations to ensure that proper steps are taken: Immediately contact your supervisor, manager and/or Compliance Officer

Are you trying to prevent medical identity theft?

Medical identity theft continues to be major problem in the US with approximately 2.32 million adults or close family members falling victim in 2014. According to the Fifth Annual Study on Medical Identity Theft by the Ponemon Institute, medical identity theft is on the rise with a 21.7% increase since last year.      

Do You Meet the Security Rule Requirements for a Covered Entity?

Covered entities should be aware of differences between the Privacy and Security Rule requirements regarding protected health information. One major distinction is that the HIPAA Security Rule only applies to electronic protected health information (e-PHI). A covered entity is responsible for maintaining confidentiality, integrity and availability of all e-PHI. Under the HIPAA Security Rule, covered

Do You Meet the Privacy Rule Requirements for a Covered Entity?

Covered entities have several requirements under the Privacy Rule. The purpose of the rule is to protect and secure individually identifiable patient information and the covered provider has the ultimate responsibility for HIPAA compliance. Compliance with the Privacy Rule was required on April 14, 2003. According to the OCR’s HIPAA Audit Program Protocol for covered

Are You a Covered Entity?

HIPAA defines a covered entity as one of the following: Healthcare provider who transmits information in an electronic form Health Plan Healthcare clearinghouse Most providers are covered entities, managing insurance-related transactions electronically, like submitting claims to a health plan. What Are Your Responsibilities as a Covered Entity? Covered entities must comply with all of the

Are You Aware of the Updated CMS Timeline for Meaningful Use?

Recent CMS modification allows more flexibility in certified EHR technology for 2014. Participation by providers will likely increase as will the ability to meet objectives such as e-prescribing, reporting quality measures and checking lists of drug interactions and drug allergies. Eligible providers can use the 2011 Edition CEHRT or a combination of 2011 and 2014

Theft Tops Data Breach Incidents IN 2014

The OCR reports 54 data breach incidents affecting more than 500 people in first six months of 2014. About half are related to theft, most commonly involving laptops, desktop computers and other portable electronic devices. Compared to 2013, the percentage of breaches related to theft has increased (Redspin 2013 Breach Report). Theft is responsible for