HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases

More»

E-learning

  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation

More»

Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


More»

questionbubblesubmit your HIPAA questions to Editor Jaclyn Fitzgerald at jfitzgerald@hcpro.com and we will work with our experts to provide the information you need.

Q: Can healthcare providers answer questions from other providers or patients when someone may possibly overhear the conversation? For example, I am an administrator at a provider-based clinic and notice that patients often ask the providers last-minute questions as they are walked back to the front desk after an appointment. This is an area where most staff members and patients can overhear conversations between the provider and patient, yet our providers often respond to a patient’s inquiry in this space rather than taking the patient into an office. Is this a violation of HIPAA?

A: Providers should not assume that the patient is OK with discussing the topic in the open area, even if the question was asked there. This is another example of an incidental disclosure, which HIPAA requires us to minimize. It would be better to bring the patient back into the office to discuss these last-minute questions when possible. Err on the side of caution and encourage your providers to ensure all conversations with patients are as private as possible.

Editor’s note: Chris Simons, MS, RHIA, director of health information and privacy officer at Cheshire Medical Center/Dartmouth-Hitchcock in Keene, New Hampshire, answered this question for HCPro’s Medical Records Briefing. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.

Categories : HIPAA Q&A, Uncategorized
Comments (0)

security (2)The Health Information Trust Alliance (HITRUST) recently announced that it will conduct a study to analyze cyber threats in the healthcare industry. The goal of HITRUST Cyber Discovery is to identify cyberattack patterns and the sophistication of threats.

HITRUST is looking to recruit approximately 210 health plans and provider organizations to participate in the study. It will provide participants with free software and hardware to monitor and analyze networks for approximately 90 days.

There is no charge for participants. Registration closes May 10. Click here for more information or to register.

Categories : Uncategorized
Comments (0)

planThe Office of the National Coordinator (ONC) released the revised “Guide to Privacy and Security of Electronic Health Information” April 13 to help organizations integrate federal health information privacy and security requirements.

The guide is geared toward HIPAA covered entities and Medicare eligible professionals from smaller organizations. The updated version features information about compliance with the privacy and security requirements of CMS’ Electronic Health Record (EHR) Incentive Programs as well as compliance with HIPAA Privacy, Security, and Breach Notification Rules.

The guide covers such topics as:

  • Increasing patient trust through privacy and security
  • Provider responsibilities under HIPAA
  • Health information rights of patients
  • Security patient information in EHRs
  • Meaningful Use core objectives that address privacy and security
  • A seven-step approach for implementing a security management process
  • Breach notification and HIPAA enforcement

questionSubmit your HIPAA questions to Editor Jaclyn Fitzgerald at jfitzgerald@hcpro.com and we will work with our experts to provide the information you need.

Q: I was recently treated at an urgent care clinic. Upon checking in, I noticed that a television screen in the waiting room displays the first name, last initial, and approximate wait time for each patient. The administrative staff members do not ask whether they can display this information. Is this a violation of HIPAA since anyone in the clinic can look at the television screen and read the names of the patients waiting for treatment?

A: This is an incidental disclosure. The clinic has obviously determined that the small risk to privacy inherent in revealing the first name, last initial, and waiting time is worth the benefit of having the information readily accessible. I recently had a similar experience during my loved one’s surgery and found it very helpful to know where he was in the process (e.g., operating room, postanesthesia care unit).

I would suggest that if this practice disturbs you, you ask them not to post your information. The practice should be able to accommodate your request (analogous to a facility directory in a hospital setting).

Editor’s note: Chris Simons, MS, RHIA, director of health information and privacy officer at Cheshire Medical Center/Dartmouth-Hitchcock in Keene, New Hampshire, answered this question for HCPro’s Medical Records Briefing. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.

Categories : HIPAA Q&A
Comments (1)

Although networked medical devices can offer benefits to patients, they can also present privacy and security risks that can threaten patients, according to a report by Intel Security and Atlantic Council’s Cyber Statecraft Initiative.

The report, The Healthcare Internet of Things: Rewards and Risks, offers advice on how to maximize the value of medical devices while minimizing security risks. Providers can easily track and adjust these devices, often without performing invasive procedures. In addition, these devices could help the healthcare industry save $63 billion over the next five years, according to the report.

However, medical devices present privacy concerns because hackers can access the device data, according to the report. Healthcare data is especially valuable to hackers and has become the target of several major attacks, including that of Anthem, Inc., and Premera Blue Cross.

Hackers, thieves, spies, and terrorists can exploit information technology to commit crimes. This is especially problematic with medical devices, since the patient is wearing the device and an attack on it could be life-threatening, according to the report.

The Healthcare Internet of Things: Rewards and Risks offers the following recommendations for protecting device privacy and security:

  • Improve private-private and public-private collaboration
  • Consider security when devices are conceived or manufactured
  • Change regulatory approval for devices
Categories : Uncategorized
Comments (0)