HIPAA (the Health Insurance Portability and Accountability Act), was enacted in 1996. It protects health insurance coverage for workers and their families when they change or lost their jobs. It requires the creation of nationwide standards for electronic health record transactions, and it seeks to protect the privacy and security of health data.
Because it affects every realm of the medical field, mental & behavioral health care providers must maintain HIPAA compliance, which has become more complex with the advanced use of technology and electronic data transmission. In early 2013, a 563 page Omnibus Rule HIPAA amendment was released, effective March 26 and requiring compliance by September 23, 2013.
We focus on how HIPAA affects mental / behavioral health and substance usage providers.
(Disclaimer: Ultimately, it is the responsibility of each practice to ensure HIPAA compliance, including the 2013 Omnibus revisions. PIMSY EMR/SMIS has gathered information from various resources believed to be authorities in their field. However, neither PIMSY EMR/SMIS nor the authors warrant that the information is in every respect accurate and/or complete. PIMSY EMR/SMIS assumes no responsibility for use of the information provided. Neither PIMSY EMR/SMIS nor the authors shall be responsible for, and expressly disclaim liability for, damages of any kind arising out of the use of, reference to, or reliance on, the content of these educational materials. These materials are for informational purposes only. PIMSY EMR/SMIS does not provide medical, legal, financial or other professional advice and readers are encouraged to consult a professional advisor for such advice.)
by Donna Koger, 2.21.17
Okay, so we’ve told you about encryption on computers, but what about mobile devices like iPads, iPhones and Androids? Can you encrypt these so that PHI on them is not accessible by anyone but you? The answer is yes and it is actually quite simple in most cases.
by Donna Koger, 1.26.17
No, seriously, what is keeping you from complete HIPAA compliance? Are you afraid it will cost too much and take up too much of your time? Do you know it’s not that difficult to be fully compliant – and it is very important for your survival as a business?
by Donna Koger, 2.11.17
The Plain HIPAA Facts
How do you know what is true and what is false in the HIPAA world? Many people have been confused about HIPAA information that could interfere with their total compliance. Here are five samples of compliance misinformation:
1. Over & Out
by Donna Koger, 12.7.16
As most of you already know, on March 21, 2016, OCR announced “Phase 2” of its audit program. Some providers have already received emails asking for updated contact information so OCR can effectively communicate with the entities selected for an audit.
by Leigh-Ann Renz, 9.14.16
The recent hurricane got us thinking: what’s your disaster backup plan? The HIPAA Security Rule requires all Covered Entities (CEs) to draft a disaster recovery plan, by service definition, that includes what measures your practice will take in case of a natural disaster....
by Donna Koger, 7.26.16
The Office for Civil Rights (OCR) has released new HIPAA Audit Protocol for Phase 2 audits and Business Associate Listing Template for Covered Entities. As OCR says, “Selected auditees will be requested to provide detailed information regarding their Business Associates.”
by Donna Koger, 7.19.16
Business Associate Agreement – Not Just Another Document
Did you know there have been $6 million in HIPAA Fines levied so far this year for lack of Business Associate Agreement (BAA) documents?
To avoid this type of HIPAA fine, you may need to do some inventory in your...
by Donna Koger, 6.13.16
It’s essential to take the steps necessary to prepare against a data breach, but after one does occur, knowing how to respond can make all the difference.
1. Widen your response team
Your incident response group may have been doing the initial investigation as a small team,...
by Donna Koger, 6.13.16
Most of you are probably aware that HIPAA requires your health organization provide a Privacy Statement or Notice of Privacy Practices (NPP) to all your patients. However, many of you are probably using an outdated version of this document that doesn’t measure up to the most...
by Donna Koger, 5.12.16
Don’t Let It Hit You on the Way Out
We’ll bet you don’t want to end up like the Massachusetts Ear Group who has to pay $1.5 million to resolve HIPAA regulation charges. Unfortunately, this is yet another reminder for practices, providers, clearinghouses and business associates...