Recent HHS Guidance Underscores the Importance of HIPAA Compliance

Everyone who participates in the United States healthcare system either as a patient, provider business associate, or subcontractor either knows or should know about the Health Insurance Portability and Accountability Act of 1996, Pub. L. 104-191 (Aug. 21, 1996). Industry participants should also have implemented requisite standards espoused by the Privacy Rule, Security Rule, Breach Notification Rule and the Health Information Technology for Economic and Clinical Health Act, Pub. L. 111-5 (Feb. 17, 2009).

By |April 4th, 2019|HIPAA|

Handling Requests to Access PHI under HIPAA

HIPAA provides patients with fundamental rights to access, inspect, and obtain a copy of their health information for as long as the information is maintained by the healthcare provider regardless of the date created, format of the PHI or where the PHI originated. In responding to these requests, providers should be aware of the requirements under the HIPAA Privacy Rule.

By |November 8th, 2018|HIPAA|

HIPAA: Handling Patient Requests for Medical Record Restriction

Healthcare compliance professionals frequently face confusing situations about sharing of protected health information (PHI). The Health Insurance Portability and Accountability Act (HIPAA) supports the protection of privacy of medical records. However, even when a patient does not authorize sharing of his record there are permitted uses and disclosures such as for the purpose of treatment, payment or healthcare operations (TPO).

The 7 Steps to Address a HIPAA Complaint

If a patient voices a concern of privacy violation, do you know how to handle the complaint? View our infographic for the seven steps you need to take immediately to reduce your risk exposure. Take this opportunity to improve your compliance program so that it promotes prevention, detection and resolution of unlawful conduct. Click here for a sample

Ride-Sharing Companies are your new HIPAA Business Associates

Early this month Uber introduced the launch of Uber Health, a new service that allows healthcare organizations to provide transportation for their patients. Within days, Lyft and Allscripts announced a partnership to allow healthcare providers to schedule patient rides using Allscript’s electronic health record network. The move into Non-Emergency Medical Transportation (NEMT) services is an

HIPAA Alert- Improper PHI Disclosure Leads to OCR Settlement

This week, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) announced a $100,000 settlement with Filefax, Inc., an out of business company that once provided medical records storage and disposal services. Based on an anonymous complaint, OCR’s investigation uncovered HIPAA Privacy Rule violations due to the company’s failure to

By |February 22nd, 2018|HIPAA|