HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases

More»

E-learning

  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation

More»

Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


More»

Courtesy photo

Courtesy photo

Deven McGraw, a well-known health data privacy expert and federal legal advisor, just joined the HHS Office for Civil Rights on June 29. She takes over as deputy director of health information privacy and will head up the agency’s HIPAA policy and enforcement efforts.

OCR announced the appointment earlier in June. McGraw comes to OCR from Manatt, Phelps & Phillips, LLP, where she was a partner and co-chair of the law firm’s privacy and data security practice. The firm has offices in California, New York, Washington, D.C., and Mexico.

McGraw also served as the director of the Health Privacy Project at the Center for Democracy & Technology and the chief operating officer at the National Partnership for Women & Families, both of which are located in Washington, D.C.

Read More→

Categories : HHS, HIPAA News, OCR
Comments (0)

Submit your HIPAA questions to Editoquestionr John Castelluccio at jcastelluccio@hcpro.com and we will work with our experts to provide the information you need.

Q: How should an organization handle patient requests to withhold PHI from the patient’s insurance company?

A: Patients have a right to ask that their insurance companies not be billed for specific encounters. Most healthcare providers require that patients pay for these services themselves before agreeing to provide the services and not bill the patient’s insurance company. Your organization should have a policy/procedure in place to handle such requests. You’ll probably want the patient to make the request in writing. You’ll need to ensure that the information about the encounter is secured in the patient’s medical record, so it isn’t released with any future requests from the insurance company. You’ll also need a mechanism to bill the patient directly and prevent a bill for the services from being sent to the insurance company.

Editor’s note: Mary Brandt, MBA, RHIA, CHE, CHPS, vice president of health information, Central Texas Division, Baylor Scott & White Health in Temple, Texas, answered this question for HCPro’s Briefings on HIPAA. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.

Categories : HIPAA Q&A
Comments (0)

The Medicare Fraud Strike Force swept through 10 states and arrested 243 people—46 of them physicians, nurses, and other licensed medical professionals—for allegedly defrauding the government out of $712 million in false Medicare and Medicaid billings, federal officials announced June 18. In addition to targeting instances of false claims and kickbacks, the strike force also uncovered evidence of medical identity theft.

Among the defendants is Mariamma Viju of Garland, Texas, an RN and the co-owner and nursing director for Dallas Home Health, Inc. A federal indictment accuses Viju and a co-conspirator of stealing patient information from Dallas-area hospitals in order to then solicit those patients for her business, as well as submitting false Medicare and Medicaid claims, and paying out cash kickbacks to beneficiaries.

In total, the scheme netted Viju $2.5 million in fraudulently obtained payments between 2008 and 2013. She was arrested June 16 and charged with one count of conspiracy to commit healthcare fraud, five counts of healthcare fraud, and one count of wrongful disclosure of individually identifiable health information.

Read More→

Categories : HHS, OIG, Uncategorized
Comments (0)

Submit your HIPAA questions to Editoquestionr John Castelluccio at jcastelluccio@hcpro.com and we will work with our experts to provide the information you need.

Q: You are reviewing a computer-generated insurance claim before it is sent to the insurance carrier, and you happen to notice the patient’s name on the claim—it’s an old friend of yours. You quickly read the code for the diagnosis. Is this a breach of confidentiality?

A: Yes, it is, unless you need to know that information to do your job. HIPAA requires us to access only the minimum we need to know to do our jobs. If you don’t need to know your friend’s diagnosis, you shouldn’t look at it.

If you do see it, remember that you may never share with anyone, including your friend, what you have seen. This knowledge can be a heavy burden, but it is our ethical and legal obligation not to share any ­information we obtain in the course of doing our work in healthcare.

Editor’s note: Chris Simons, MS, RHIA, director of health information and privacy officer at Cheshire Medical Center/Dartmouth-Hitchcock in Keene, New Hampshire, answered this question for HCPro’s Medical Records Briefing. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.

Categories : HIPAA Q&A
Comments (0)

A nursing home that unexpectedly shut its doors in May is now facing allegations from neighbors that the owners simply abandoned the facility and left it unsecured with trash, boxes and patient files lying about inside the building, according to a report from Fox 13 News in Utah.

Homeowners who live next to the former Deseret Health and Rehabilitation facility in Sandy, Utah called local police June 2 to report the situation after they saw people entering the building and carrying out items. When a news crew visited the scene, a pile of patient files containing confidential information was just sitting out on the sidewalk, according to Fox 13.

A spokesman from the Utah Department of Health told the station state authorities were concerned at the situation and trying to work with the parent company on proper storage of the patient records.

Categories : Unsecure PHI
Comments (0)