HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases



  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation


Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


Archive for November, 2012

CMS could be paying incentives to professionals and hospitals that do not fully meet the meaningful use requirements, according to an OIG report released November 29.

Currently, CMS has not implemented strong prepayment safeguards, and its ability to safeguard incentive payments postpayment is also limited, OIG reported. The ONC, which oversees the program, has requirements for EHR reports that may contribute to CMS’s oversight obstacles.

OIG conducted the early assessment of CMS’s oversight of the Medicare EHR incentive program, for which CMS estimates it will pay $6.6 billion in incentive payments between 2011 and 2016. Because professionals and hospitals self-report data to demonstrate that they meet program requirements, CMS’s efforts to verify these data will help ensure the integrity of Medicare EHR incentive payments.

Categories : EHRs
Comments (0)

OCR has issued guidance for de-identifying PHI. It offers methods and approaches to achieve de-identification in accordance with HIPAA and explains and answers questions regarding the two methods that can be used to satisfy the Privacy Rule’s de-identification standard: expert determination and safe harbor.

“This guidance is intended to assist covered entities to understand what is de-identification, the general process by which de-identified information is created, and the options available for performing de-identification,” OCR wrote on its website. “In developing this guidance, the Office for Civil Rights solicited input from stakeholders with practical, technical and policy experience in de-identification.”

Read the full guidance document.

Categories : HIPAA privacy, OCR
Comments (0)

Can paper patient records be kept in a public storage unit? The storage company we are considering has a digital entry at their main gate, and we would have a keyed lock on the storage unit door.

Categories : HIPAA Q&A
Comments (10)

Q&A: Accessing the UB-04 form

Posted by: | Comments (0)
Email This Post Print This Post

Q. Do I have the right as a Medicare beneficiary to access the UB-04 form that a hospital submits as a bill for payment to Medicare? May I access and receive a copy of my coding abstract? I understand that these documents are part of the electronic data that is part of my record, which is considered part of the designated record set.

A. The Privacy Rule gives you the right to access ­records in the designated record set. This is defined as information used by a covered entity to make decisions about individuals. For providers, the designated record set includes medical and billing records. For health plans, the designated record set includes enrollment, payment, claims adjudication, and case management records.

The UB-04 form is a billing record, so it is part of the designated record set to which you have access.

The coding summary is an administrative record and may not be considered part of your medical record. If the covered entity defines the medical record to exclude administrative records, such as coding summaries, the covered entity may deny your request to access your coding summary. However, codes that were submitted for billing will appear on the UB-04.

Mary D. Brandt, MBA, RHIA, CHE, CHPS, answered this question in the December issue of the HCPro, Inc. newsletter Briefings on HIPAA.

Categories : HIPAA Q&A
Comments (0)

PHI disclosures

Posted by: | Comments (1)
Email This Post Print This Post

I was under the understanding that we can make PHI disclosures using our electronic health record for payment/treatment/healthcare operations without a consent and that we did not need to track these requests for the accounting of disclosures.

Has this changed?

Tanya Gilson

Categories : HIPAA Q&A
Comments (1)