HIPAA

It is important to realize that many of the devices in your office may contain patient information, even after you are no longer using the devices. Information can be stored in hard drives and memory that is on circuit boards and if the information finds it way into the wrong hands you have a HIPAA Violation.

The Right of Access Rule gives patients and their representatives the right to access, inspect and obtain a copy of their own health information. When a provider receives a request for access to their medical records, they must provide the requested information within 30 days (Some states require a faster response 30 days is the HIPAA requirement).

Last week we published an article that Prestera Health was breached due to a vulnerability in their email system. This Week Jefferson Healthcare in Port Townsend, WA experienced a breach related to their email system.

Prestera Health, the largest behavioral health services provider in West Virginia, serving the counties of Boone, Cabell, Clay, Kanawha, Lincoln, Logan, Mason, Putnam and Wayne in West Virginia experienced a data breach through their email system.

An opinion on when you need Business Associate Agreements when working with Durable Medical Equipment Vendors.

The purpose of these changes is to support individuals’ engagement in their care, remove barriers to coordinated care, and reduce regulatory burdens on the health care industry.

in order to be HIPAA Compliant, you must maintain a "Culture of Compliance" at your office. This can include keeping your software up-to-date, regular required training and addressing risks that pose to your office. This month we address dedicating a privacy officer, testing your backups and proper disposal of patient records.

One of the more common causes of Government Investigations into possible HIPAA violations are patient complaints.

New Haven, Connecticut failed to terminate an employee’s access to their Health Records System after the employee left. The former employee may have accessed a file containing the Protected Health Information of only 498 Patients.

When we discuss HIPAA most of the articles have been on security and breaches, but HIPAA goes well beyond privacy and Security.  One aspect of the HIPAA rule is the “Right of Access”.   OCR (The Office for Civil Rights – the branch of HHS the enforces HIPAA) is enforcing this law even more strongly since the 21 Century Cures Act was published.  OCR has begun to levy fines against organizations that are in violation of the “Right of Access” rule.