March 22, 2013. Today, we continue going through the HIPAA Privacy Rule, section by section, as modified in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. We begin a two-day examination of the modifications pertaining to 45 CFR 164.520: Notice of Privacy Practices for Protected…
Tag: authorization
HIPAA Final Rule: Protected Health Information of Deceased Individuals
March 12, 2013. Today, we continue going through the HIPAA Privacy Rule, section by section, as modified in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Our focus last week and early this week has been on 45 CFR 164.502: Uses and disclosures of protected…
HIPAA Final Rule: Covered Entities–Permitted Uses and Disclosures & Required Disclosures
March 4, 2013. Today, we start going through the HIPAA Privacy Rule, section by section, as modified in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Our focus today is on covered entities in 45 CFR 164.502: Uses and disclosures of protected health information: General…
HIPAA Final Rule: Modified Privacy Rule Definition–Marketing
March 1, 2013. Today, we continue to examine definitions pertaining to the HIPAA Privacy Rule, for which we shall begin to examine modifications next week. Today’s definition is marketing, as modified in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here are excerpts from the…
HIPAA Final Rule: HIPAA Privacy Rule & FERPA: Student Immunization Records
February 22, 2013. Today, we examine modified HIPAA Privacy Rule considerations regarding healthcare provider disclosure of immunization records for students in the Final Rule: Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013. The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Student immunization records are protected under two federal laws: HIPAA, via the HIPAA Privacy Rule, as…
CMS and ONC Publish Final Rules for Meaningful Use Stage 2 Security in Federal Register
September 4, 2012. The Department of Health and Human Services (HHS) entities: Centers for Medicare & Medicaid Services (CMS) and Office of the National Coordinator for Health Information Technology (ONC), published their Final Rules for Meaningful Use Stage 2 in today’s Federal Register. This posting focuses on the preamble relating to the following Stage 2 security objective in the CMS Final Rule entitled Medicare and Medicaid Programs; Electronic Health Record Incentive Program: “Protect electronic health information created or maintained by the Certified EHR Technology [CEHRT] through the implementation of appropriate technical capabilities.” Reference numbers in brackets refer to the page number(s) in the September 4, 2012, Federal Register. Associated with this objective…
ONC Publishes Stage 2 EHR Technology Certification Criteria NPRM
On March 7, 2012, the Office of the National Coordinator for Health Information Technology (ONC) of the Department of Health and Human Services (HHS) published in the Federal Register its notice of proposed rule making (NPRM) entitled Health Information Technology: Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record [EHR] Technology, 2014 Edition; Revisions to the Permanent Certification Program for Health Information Technology [pp. 13832-13885]. Comments to HHS may be made until 5 PM on May 7, 2012. The summary of the NPRM is included here: “Under section 3004 of the Public Health Service Act, the Secretary of Health and Human Services is proposing to revise the initial set…
Accountability Key Privacy/Security Principle of Meaningful Use 2011 Objectives
On December 15, 2008, the Office of the National Coordinator for Health Information Technology of the U.S. Department of Health and Human Services (HHS) published its 11 page report: Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information. The eight principles in this report underpin the HIPAA Administrative Simplification Privacy and Security Rule standards, provide a foundation of the Privacy provisions of the HITECH Act in the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009, and are a key objective of proposed 2011 Objective recommendations for Meaningful Use published by HHS’ Health IT Policy Committee on June 16, 2009….
Facility Access Controls: Access Control and Validation Procedures-What to Do and How to Do It
In our series on the HIPAA Administrative Simplification Security Rule, this is the third implementation specification for the Physical Safeguard Standard, Facility Access Controls. This implementation specification is addressable. Remember, addressable does not mean “optional.” Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard. As we have noted in earlier postings on HIPAA.com, business associates of covered entities will be required to comply with the Security Rule safeguard standards, beginning February 17, 2010. This requirement is one of the HITECH Act provisions of the American Recovery and Reinvestment Act ARRA, signed by President Obama on February 17, 2009. What…