Dentists: Don’t Forget HIPAA Compliance

Since the inception of HIPAA in 1996, its broad implications have affected all areas of health care including dentistry. And, if asked, most dentists and their staff would say they know what the HIPAA regulations are, and yes, they have been trained, but are they really up to date with HIPAA’s ever expanding changes and compliance requirements?  Are they trained in the areas of HIPAA Security, Privacy, Enforcement and Breach Notification Rules and do they know that they must be in compliance with the 2013 HIPAA Omnibus Final Rule by September 23, 2013? Compared to the ever-growing size of medical practices today, most dental offices are still rather small with…

READ MORE

ONC Touts its 10 Step Plan for Meeting Meaningful Use Privacy and Security Attestation Requirements

In a recent Tweet, the Office of the National Coordinator for Health Information Technology (ONC) stated:  “Move into the 21st Century and check out the Privacy & Security 10-Step Plan before you implement an Electronic Health Record.”  ONC makes the following recommendation to an Eligible Professional (EP) covered entity participating in the Medicare and Medicaid Financial Incentive Program for Adoption and Meaningful Use of Certified Electronic Health Record (EHR) Technology:  “An EP must meaningfully use certified EHR technology for an EHR reporting period, and then attest to CMS [the Centers for Medicare & Medicaid Services] that he or she has met meaningful use for that period.  Start your 10-step process at…

READ MORE

Five HIPAA Compliance Activities Your Organization Must Undertake

HIPAA Administrative Simplification was enacted on August 21, 1996 as Subtitle F of Title II of Public Law 104-191. The so-called HITECH Act “Omnibus” regulation that modifies HIPAA privacy and security provisions will be published in the Federal Register by the end of this summer, according to the head of HHS’ National Coordinator for Health Information Technology, Farzad Mostashari, M.D. Based on the timeline in the Notice of Proposed Rule Making, compliance by all covered entities and their business associates would be required 240 days after publication, most likely sometime in May 2013, assuming the end-of-summer deadline is met.  All covered entities and their business associates will be required to comply with provisions of…

READ MORE

OCR’s Publicly Disclosed Large Breaches Now Top 20 Million Impacted Individuals

May 16, 2012.  The Department of Health and Human Services’ (HHS) HIPAA/HITECH Act privacy and security enforcement arm, Office for Civil Rights (OCR), is responsible under the HITECH Act to publicly disclose privacy and security breaches that affect 500 or more individuals on its Breach Notification Web site.  With the now reported Utah Department of Health hacking/IT incident breach occurring in the period March 10-April 2, 2012 and affecting a reported 780,000 individuals, the total number in 435 breaches reported since September 22, 2009, now totals 20,079,189 impacted individuals.  Of the total number of breaches where location of breached information is known (e.g., electronic or hard copy source), 72% of…

READ MORE

ONC Issues Meaningful Use Guide for Privacy & Security Attestation Compliance

May 9, 2012.  The Office of the National Coordinator for Health Information Technology (ONC) has issued a Guide to Privacy and Security of Health Information (Version 1.1 022312).  This Guide is targeted to medical practitioners who participate in the Medicare and Medicaid Program for Adoption and Meaningful Use of Certified Electronic Health Record Technology. Chapters are: 1. What Is Privacy & Security and Why Does It Matter? 2. Privacy & Security and Meaningful Use. 3.  Privacy & Security Step Plan for Meaningful Use. 4.  Integrating Privacy and Security into Your Practice. 5.  Privacy and Security Resources. The Guide highlights two of the Stage 1 Meaningful Use Objectives and Corresponding Measures…

READ MORE

BCBST Pays $1.5 Million to HHS to Settle Potential HIPAA Privacy and Security Violations

On March 13, 2012, Blue Cross Blue Shield of Tennessee (BCBST) agreed to a payment of $1.5 million to the Department of Health and Human Services (HHS) and to a corrective action plan as part of a Resolution Agreement with HHS for potential violation of Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule violations.  According to a HHS Press Release of the same date, “the enforcement action [by HHS’ Office for Civil Rights (OCR)] is the first resulting from a breach report required by the Health Information Technology for Economic and Clinical Health (HITECH) Act Breach Notification Rule.” According to the HHS Press Release: “The investigation followed…

READ MORE

OCR Announces November 2011 Start of Privacy and Security Compliance Audits

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is responsible for privacy and security enforcement under Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health (HITECH) Act provisions. OCR has announced that it is initiating compliance audits beginning this month, as authorized by the HITECH Act.  This action precedes the imminent release of the Final HIPAA/HITECH Act Privacy, Security, Breach Notification, and Enforcement Rules, expected before the end of 2011, and will strengthen enforcement and accountability for compliance with existing and forthcoming Rule modifications.   To avoid the consequences of potential penalties for non-compliance, covered entities and business…

READ MORE

HITECH Act Breached Individuals Skyrocket in Latest OCR Web Site Posting

Under the Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment Act of 2009, covered entities are required to report to the Secretary of the U.S. Department of Health and Human Services (HHS) any privacy or security breach affecting 500 or more individuals within 60 days of discovery of the breach by the covered entity or its business associate.  The HHS Office for Civil Rights (OCR), which is responsible for privacy and security enforcement under the Health Insurance Portability and Accountability Act (HIPAA) and HITECH Act provisions that strengthened privacy and security enforcement, is required to post those breaches…

READ MORE

Get Ready Now for Toughened HIPAA/HITECH Act Privacy and Security Rules and Enforcement, and Big Noncompliance Fines

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted on August 21, 1996, as Public Law 104-191.   HIPAA Administrative Simplification provisions in Subtitle F, Title II included transactions and code sets, privacy, security, and unique identifiers.  Except for several identifiers, the federal government promulgated enabling regulations under the Administrative Procedure Act.  For example, the Privacy Rule required compliance by healthcare providers, healthcare clearinghouses, and health plans—Covered Entities—by April 14, 2003, and the Security Rule required compliance by April 20, 2005, with small health plans for each rule having an additional year in which to comply. On February 17, 2009, the Health Information Technology for Economic and…

READ MORE

Nearly 8.3 Million Individuals Impacted by 249 Privacy and Security Breaches Reported by HHS; More Training on Safeguarding PHI Required

Under the Health Information Technology for Economic and Clinical Health Act (HITECH Act), enacted as part of the American Recovery and Reinvestment Act of 2009, covered entities are required to report to the Secretary of the U.S. Department of Health and Human Services (HHS) any privacy or security breach affecting 500 or more individuals within 60 days of discovery of the breach by the covered entity or its business associate.  The HHS Office for Civil Rights (OCR), which is responsible for privacy and security enforcement under the Health Insurance Portability and Accountability Act (HIPAA) and HITECH Act provisions that strengthened privacy and security enforcement, is required to post those breaches…

READ MORE