So Many Rules, So Little Time

Data Breach at Anthem May Forecast a Trend…

After an online attack on Anthem, by far the largest breach in the industry, security experts warned on Friday that more attacks on health care organizations were likely because of the high value of the data on the black market.

Anthem, one of the country’s largest health insurers, said the hackers did not appear to have stolen information about its customers’ medical claims. But medical identification numbers were taken, along with Social Security numbers...

Learn More...

Why File?

For statistical and research purposes, HHS encourages providers to report any privacy breaches they're aware of. As a reporting incentive, providers are given Federal privilege and confidentiality under the Patient Safety Act and Rule. In other words, if a provider submits knowledge of a violation to a Patient Safety Organization, that report is protected.

Should one of these privileged reports become unlawfully disclosed, the provider is entitled to file a complaint with the OCR, and may receive up to $11,000 for each intentional disclosure.

Learn More...

What's Going On with HHS…

In recent news from the U.S. Department of Health and Human Services, HHS Secretary Sylvia M. Burwell reports on the consumer benefits of the Affordable Care Act.

A report released on September 19, 2014 shows that consumers saved $1 billion on insurance premiums in 2013. Additionally, the Affordable Care Act is implementing stricter accountability with regard to insurance premiums. Insurance companies used to be able to raise annual premiums for no known reason, but the law now requires them to publicly disclose warranted grounds for raising rates any higher than 10%.

Click below to read the rest of this press release and get more of the latest news from HHS.

Learn More...

The HIPAA Privacy Rule

The HIPAA Privacy Rule is a law created to regulate the use and disclosure of protected health information, or PHI. The U.S. Department of Health and Human Services (HHS) issued this rule in 2003 (2004 for small entities).

Its ultimate goal is to help implement the directives put in place by HIPAA in 1996, and to standardize patients' access to their records. The entities this rule holds liable include health plans, health care providers, health care clearinghouses, and business associates of these organizations.

Learn More...

In the Age of Technology…

"The [Omnibus] rule will help protect patient privacy and safeguard patients’ health information in an ever expanding digital age,” said former HHS Secretary Kathleen Sebelius. Implemented in 2013, this rule is the most recent modification to the HIPAA Privacy Rule. Here are a few specific items it covers:

Individuals can now ask for their records in electronic form.

  • The sale of patient health information for marketing or fundraising purposes is strictly prohibited without permission.
  • The maximum penalty for noncompliance is up to $1.5 million dollars, depending on the degree of negligence.
  • Non-medical business associates of healthcare entities, such as attorneys and financial institutions, are now liable under HIPAA.

Learn More...

How to File

All individuals are entitled to file a grievance with the Office for Civil Rights (OCR) if they feel their privacy rights, or someone else's, have been violated. They must typically file their grievance within 180 days of the incident, but sometimes HHS makes exceptions to this rule for "good cause." And, of course, HIPAA prohibits retaliation against anyone who files a complaint.

Learn More...

HIPAA Technical Safeguards for EPHI

With modern technologies becoming more prevalent in the healthcare industry, they create uncharted security challenges for EPHI. Technical Safeguards combat this rising threat.

Learn More...

Patient Privacy

Patient Privacy is a HIPAA rule that gives people certain rights and jurisdiction over their health information. This includes everything from how their information is used, to who sees it, and where they receive it themselves.

For instance, patients have the right to say whether their records are shared with their employer and their family. They can even restrict the disclosure of sensitive data from their health plan if they undergo a treatment or service that they pay for in cash.

Patient Privacy grants individuals access to their health records within 30 days of request. And they get to say how they will be contacted—by phone, email, or regular mail; what phone number or address should be used; and whether the provider can leave a message.

Learn More...

The Violation List

Did you know HHS keeps a publicly accessible list of hundreds of companies that have been found in violation of HIPAA regulation? These incidences include loss, theft, hacking, and improper disposal—involving computers, laptops, paper files, network servers, mobile devices, and email.

Learn More...

One Good Rea$on to Go Digital

Eligible hospitals and healthcare professionals that implement Electronic Healthcare Records (EHR) may be able to get paid up to $63,750. Centers for Medicare & Medicaid Services is offering two different EHR incentive programs for those that adopt and display significant use of certified EHR technology.

Be sure to check out the eligibility requirements and critical attestation deadlines.

Learn More...
  • cart
  • cart
  • cart
  • cart
  • cart