HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases

More»

E-learning

  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation

More»

Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


More»

Cyber criminals hacked into part of a computer network at UCLA Health System in California, compromising records of at least 4.5 million people, the university hospital system reported on Friday.

There is no evidence yet the hackers obtained access to or acquired individuals’ PHI, although the compromised areas of the network do contain names, addresses, birthdates, Social Security numbers, medical record numbers, Medicare or health plan numbers, and other medical information, according to a statement from UCLA Health.

The health system is working with the FBI and has also hired private computer forensic experts to secure information on network servers.

Read More→

Submit your HIPAA questions to Editoquestionr John Castelluccio at jcastelluccio@hcpro.com and we will work with our experts to provide the information you need.

Q: Do healthcare organizations need to log all documents before shredding? I have my staff log all documents that were scanned and indexed before they are placed in the bin for shredding. Once I receive the certificate of destruction, we match the log sheets with the certificate of destruction for documentation purposes. Once matched with our log sheets, the certificates of destruction are kept in log books. This is done with the anticipation of court appearance. I will need to produce policies and procedures for certificates of destruction.

Read More→

Categories : HIPAA Q&A
Comments (0)

cadeucus-medicalAnyone who has a Blue Cross Blue Shield (BCBS) health insurance plan, with a few exceptions, should have free identity protection services as of January 1, 2016.

The national Blue Cross Blue Shield Association (BCBSA) announced July 14 that it would offer these free services as a permanent benefit to more than 106 million customers at all Blue companies nationwide.

This is the latest step in the health insurance giant’s efforts to protect customer safety and security in a world where cyber-attacks are a constant threat to every business and government entity. BCBS companies have, consequently, taken aggressive steps to protect their customers and lead the healthcare industry in cybersecurity, according to a press statement.

Read More→

hosp01St. Elizabeth’s Medical Center in Boston has agreed to a corrective action plan and civil fine of $218,400 with OCR to address deficiencies in its HIPAA compliance program following employee practices at the hospital that exposed ePHI on more than 1,000 patients.

OCR initially received a complaint in November 2012 that hospital employees were allegedly storing patient records containing PHI in an unsecure online document sharing application without analyzing the risks of doing so, according to a July 8 resolution agreement between OCR and St. Elizabeth’s. Those documents contained the ePHI of at least 498 patients.

Read More→

Submit your HIPAA questions to Editoquestionr John Castelluccio at jcastelluccio@hcpro.com and we will work with our experts to provide the information you need.

Q: The hospital where I work uses a large radiology group for radiology interpretations, for which the group bills the hospital. Both are covered entities (CE).

The hospital provides the group with an electronic data feed of all demographic information needed for billing on patients admitted to the hospital. The feed transmits information about all patients, because it is impossible to know at admission which patients will need radiology services. The group uses the demographic data to prepare interpretative radiology reports and then bills us for the professional services. Should either party be concerned about unauthorized disclosure or is it okay to provide the additional patient information because the stream is needed for group’s payment activity? Read More→