HIPAA Final Rule: Modified Privacy Rule Definition–Payment

February 27, 2013.  Today, we start to examine definitions pertaining to the HIPAA Privacy Rule, and begin with payment, as modified in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Here is the discussion in the Final Rule related to the proposed modification to the…

READ MORE

HIPAA Final Rule: HIPAA Privacy Rule & FERPA: Student Immunization Records

February 22, 2013.  Today, we examine modified HIPAA Privacy Rule considerations regarding healthcare provider disclosure of immunization records for students in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Student immunization records are protected under two federal laws:  HIPAA, via the HIPAA Privacy Rule, as…

READ MORE

HIPAA Final Rule: Genetic Information Nondiscrimination Act: Manifestation or Manifested

February 19, 2013.  Today, we finish examination of modifications of HIPAA Privacy under the Genetic Information Nondiscrimination Act (GINA), by focusing on the definition: manifestation or manifested. The modifications of HIPAA Privacy are in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. We presented in…

READ MORE

HIPAA Final Rule: Modification of Business Associate Definition, Part (6)–Exceptions

February 14, 2013.  Today, we finish examining the business associate definition, focusing on exceptions, as modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Paragraph (4) of the modified definition outlines 4 exceptions (45 CFR 160.103, Definitions, as shown at 78 Federal Register 5688):…

READ MORE

HIPAA Final Rule: Business Associate Definition

February 7, 2013.  Today, we provide the business associate definition, as modified by the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Business Associate:  Definition (78 Federal Register 5688)– “(1) Except as provided in paragraph (4) of this definition, business associate means, with respect to a…

READ MORE

Final Administrative Simplification Rules for Plan ID, NPI Addition, and ICD-10 Code Set Compliance Delay Published in Federal Register

September 5, 2012.  Today, the Federal Register published the Centers for Medicare & Medicaid Services (CMS) Final Rule:  Administrative Simplification:  Adoption of a Standard for a Unique Health Plan Identifier; Addition to the National Provider Identifier [NPI] Requirements; and a Change to the Compliance Date for the International Classification of Diseases, 10th Edition (ICD-10-CM and ICD-10-PCS) Medical Data Code Sets.  We provided the detailed “Executive Summary” in our August 24, 2012, posting, based on the preview posting at the Federal Register’s Electronic Public Inspection Desk.  Below we provide the shorter publication “Summary” [p.54664]: “This final rule adopts the standard for a national unique health plan identifier (HPID) and establishes requirements…

READ MORE

BCBST Pays $1.5 Million to HHS to Settle Potential HIPAA Privacy and Security Violations

On March 13, 2012, Blue Cross Blue Shield of Tennessee (BCBST) agreed to a payment of $1.5 million to the Department of Health and Human Services (HHS) and to a corrective action plan as part of a Resolution Agreement with HHS for potential violation of Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rule violations.  According to a HHS Press Release of the same date, “the enforcement action [by HHS’ Office for Civil Rights (OCR)] is the first resulting from a breach report required by the Health Information Technology for Economic and Clinical Health (HITECH) Act Breach Notification Rule.” According to the HHS Press Release: “The investigation followed…

READ MORE

Exploring HIPAA and HITECH Act Definitions: Part 13

From now through December, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…

READ MORE

Exploring HIPAA and HITECH Act Definitions: Part 6

From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification, securing of protected health information, and electronic health record (EHR) standards development and adoption. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will required compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register, Code of Federal Regulations (CFR), or statute, as appropriate. Exploring HIPAA and…

READ MORE