Upcoming Webinars

Site Updates

Disclaimer

The analysis of any legal or medical billing is dependent on numerous specific facts — including the factual situations present related to the patients, the practice, the professionals and the medical services and advice. Additionally, laws and regulations and insurance and payer policies are subject to change. The information that has been accurate previously can be particularly dependent on changes in time or circumstances. The information contained in this web site is intended as general information only. It is not intended to serve as medical, health, legal or financial advice or as a substitute for professional advice of a medical coding professional, healthcare consultant, physician or medical professional, legal counsel, accountant or financial advisor. If you have a question about a specific matter, you should contact a professional advisor directly. CPT copyright American Medical Association. All rights reserved. CPT is a registered trademark of the American Medical Association.

Menu
Log in
Forgot password


Search
Log in
Forgot password

HIPAA Blog and Updates

Welcome to out HIPAA blog.  Here we post news, articles, and site updates on HIPAA.  

<< First  < Prev   1   2   3   4   Next >  Last >> 

  • Extension of the Public Comment Period for Proposed Modifications to the HIPAA Privacy Rule

    9 Mar 2021 3:09 PM | Zachary Edgar (Administrator)

    Today, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) announces a 45-day extension of the public comment period for the Notice of Proposed Rulemaking (NPRM) to modify the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.

    OCR first released the NPRM to the public on the HHS website on December 10, 2020, and it was published in the Federal Register on January 21, 2021.  The 45-day extension moves the current deadline for the public to submit comments from March 22, 2021, to May 6, 2021. The notice of extension of the comment period is available at https://public-inspection.federalregister.gov/2021-05021.pdf - PDF.

    The proposed changes to the HIPAA Privacy Rule include strengthening individuals’ rights to access their own health information, including electronic information; improving information sharing for care coordination and case management for individuals; facilitating greater family and caregiver involvement in the care of individuals experiencing emergencies or health crises; enhancing flexibilities for disclosures in emergency or threatening circumstances, such as the Opioid and COVID-19 public health emergencies; and reducing administrative burdens on HIPAA covered health care providers and health plans, while continuing to protect individuals’ health information privacy interests.

    OCR encourages and will carefully consider comments from all stakeholders, including patients and their families, consumer advocates, HIPAA covered entities (health plans, health care clearinghouses, and most health care providers) and their business associates, health care professional associations, health information management professionals, health information technology vendors, and government entities.

    “OCR anticipates a high degree of public interest in providing input on the proposals because the HIPAA Privacy Rule affects nearly anyone who interacts with the health care system,” said Acting OCR Director Robinsue Frohboese.  “The 45-day extension of the comment period to May 6, 2021, will give the public a full opportunity to consider the proposals and submit comments to inform future policy.” 

    Interested members of the public may submit their comments on the NPRM no later than May 6, 2021. The NPRM is available for review and comment at https://www.federalregister.gov/documents/2021/01/21/2020-27157/proposed-modifications-to-the-hipaa-privacy-rule-to-support-and-remove-barriers-to-coordinated-care.


  • OCR Settles Sixteenth Investigation in HIPAA Right of Access Initiative

    12 Feb 2021 3:12 PM | Zachary Edgar (Administrator)

    The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its sixteenth settlement of an enforcement action in its HIPAA Right of Access Initiative. OCR announced this initiative to support individuals’ right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule.

    Sharp HealthCare, doing business as Sharp Rees-Stealy Medical Centers (“SRMC”), has agreed to take corrective actions and pay $70,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard. SRMC is located in California and provides health care through four acute-care hospitals, three specialty hospitals, three affiliated medical groups, and a health plan.

  • OCR Settles Fifteenth Investigation in HIPAA Right of Access Initiative

    10 Feb 2021 3:19 PM | Zachary Edgar (Administrator)

    The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its fifteenth settlement of an enforcement action in its HIPAA Right of Access Initiative.  OCR announced this initiative to support individuals’ right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule.  Renown Health, P.C., a private, not-for-profit health system in Nevada, has agreed to take corrective actions and pay $75,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard.

  • Health Insurer Pays $5.1 Million to Settle Data Breach Affecting Over 9.3 Million People

    15 Jan 2021 3:24 PM | Zachary Edgar (Administrator)

    The Lifetime Healthcare Companies, including its affiliates Excellus Health Plan, Inc. doing business as Excellus BlueCross BlueShield and Univera Healthcare, Lifetime Health Medical Group, Lifetime Benefit Solutions, Lifetime Care, and The MedAmerica Companies (collectively "Excellus Health Plan") have agreed to pay $5.1 million to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) and to implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules related to a breach affecting over 9.3 million people. Excellus Health Plan is a New York state health services corporation that provides health insurance coverage to over 1.5 million people in Upstate and Western New York.

  • OCR Settles Fourteenth Investigation in HIPAA Right of Access Initiative

    12 Jan 2021 3:36 PM | Zachary Edgar (Administrator)

    The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services announces its fourteenth settlement of an enforcement action in its HIPAA Right of Access Initiative.  OCR announced this initiative as an enforcement priority in 2019 to support individuals’ right to timely access their health records at a reasonable cost under the HIPAA Privacy Rule. 

    Banner Health, on behalf of the Banner Health affiliated covered entities (Banner Health ACE), has agreed to take corrective actions and pay $200,000 to settle potential violations of the HIPAA Privacy Rule’s right of access standard.  Banner Health is a non-profit health system based in Phoenix, Arizona. Banner Health operates 30 hospitals and numerous primary care, urgent care, and specialty care facilities and is one of the largest health care systems in the United States.

  • What is the Difference Between “Required” and “Addressable” Specification in the HIPAA Security Rule?

    17 Jul 2019 1:18 PM | Zachary Edgar (Administrator)

    The purpose of the Health Insurance Portability and Accountability (HIPAA) Security Rule is to:

    • Ensure the confidentiality, integrity, and availability of all electronic protected health information that the covered entity (healthcare provider, health plan) or business associate creates, receives, maintains, or transmits;
    • Protect against any reasonably anticipated threats or hazards to the security or integrity of such information;
    • Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under the Privacy Rule; and
    • Ensure compliance of the covered entity’s workforce.  45 C.F.R. §164.306.

    The Security Rule is broken down into five different sections: Administrative Safeguards, Physical Safeguards, Technical Safeguards, Organizational Requirements, and Policies and Procedures and Documentation Requirements.  Each one of these sections has multiple “standards” that must be followed by the covered entity.  Many of these “standards” have more detailed implementation specifications which can either be “Required” or “Addressable”. 

    A “required” implementation specification must be implemented by the covered entity.

    An “addressable” implementation specification is more flexible, but it is not optional.  A covered entity must perform an assessment to determine whether the implementation specification is a reasonable and appropriate safeguard for implementation in the covered entity’s environment. In general, after performing the assessment, a covered entity decides if it will:

    • Implement the addressable implementation specification;
    • Implement an equivalent alternative measure that allows the entity to comply with the standard; or
    • Not implement the addressable specification or any alternative measures, if equivalent measures are not reasonable and appropriate within its environment.

    Covered entities must document the assessment and decision made regarding each specification.

    If a given addressable implementation specification is determined to be reasonable and appropriate, the covered entity must consider options for implementing it. The decision regarding which security measures to implement to address the standards and implementation specifications will depend on a variety of factors, including:

    • The entity's risk analysis – What current circumstances leave the entity open to unauthorized access and disclosure of EPHI?
    • The entity’s security analysis - What security measures are already in place or could reasonably be put into place?
    • The entity’s financial analysis - How much will implementation cost?

    Citation

    45 CFR §164.306

    U.S. Department of Health and Human Services, HIPAA Security Series, Security 101 for Covered Entities

    NIST SP 800-66

  • Indiana Medical Records Service Pays $100,000 to Settle HIPAA Breach

    22 May 2019 12:06 PM | Zachary Edgar (Administrator)

    Medical Informatics Engineering, Inc. (MIE) has paid $100,000 to the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services, and has agreed take corrective action to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. MIE is an Indiana company that provides software and electronic medical record services to healthcare providers.

    Read the HHS Press Release


  • Tennessee Diagnostic Medical Imaging Services Company Pays $3,000,000 to Settle Breach Exposing Over 300,000 Patients' Protected Health Information

    15 May 2019 12:04 PM | Zachary Edgar (Administrator)

    Tennessee diagnostic medical imaging services company pays $3,000,000 to settle breach exposing over 300,000 patients' protected health information – May 6, 2019

    Touchstone Medical Imaging ("Touchstone") has agreed to pay $3,000,000 to OCR, and to adopt a corrective action plan to settle potential violations of the HIPAA Security and Breach Notification Rules. Touchstone, based in Franklin, Tennessee, provides diagnostic medical imaging services in Nebraska, Texas, Colorado, Florida, and Arkansas.

    Read the HHS Press Release


<< First  < Prev   1   2   3   4   Next >  Last >> 

About Us

Therapy Comply is a healthcare compliance firm that seeks to bring high quality web-based compliance guidance and one-on-one consulting services to small and medium size physical, occupational, and speech therapy practices.

Learn More 

Join Us

Join today as either a monthly or a yearly member and enjoy full access to the site and a significant discount to our live and recorded webinars.  Members also have access to compliance and billing support.

Join Today 

Find Us


Powered by Wild Apricot Membership Software