HIPAA Handbooks

  • Privacy and security training for new and seasoned staff
  • 11 staff/setting focus areas
  • Education on protecting PHI
  • New HITECH Act changes
  • Discounts on bulk purchases

More»

E-learning

  • Role-based training using real-life case scenarios
  • Test-your-knowledge exercises with remediation
  • Post-course test to document staff participation

More»

Other HIPAA Resources

  • Hot-topic audio conferences
  • Books on privacy and security
  • Newsletters
  • e-Newsletter
  • Videos


More»

Archive for Uncategorized

The Medicare Fraud Strike Force swept through 10 states and arrested 243 people—46 of them physicians, nurses, and other licensed medical professionals—for allegedly defrauding the government out of $712 million in false Medicare and Medicaid billings, federal officials announced June 18. In addition to targeting instances of false claims and kickbacks, the strike force also uncovered evidence of medical identity theft.

Among the defendants is Mariamma Viju of Garland, Texas, an RN and the co-owner and nursing director for Dallas Home Health, Inc. A federal indictment accuses Viju and a co-conspirator of stealing patient information from Dallas-area hospitals in order to then solicit those patients for her business, as well as submitting false Medicare and Medicaid claims, and paying out cash kickbacks to beneficiaries.

In total, the scheme netted Viju $2.5 million in fraudulently obtained payments between 2008 and 2013. She was arrested June 16 and charged with one count of conspiracy to commit healthcare fraud, five counts of healthcare fraud, and one count of wrongful disclosure of individually identifiable health information.

Read More→

Categories : HHS, OIG, Uncategorized
Comments (0)

question-marks-300x300Submit your HIPAA questions to Editor Jaclyn Fitzgerald at jfitzgerald@hcpro.com and we will work with our experts to provide the information you need.

Q: Can healthcare providers answer questions from other providers or patients when someone may possibly overhear the conversation? For example, I am an administrator at a provider-based clinic and notice that patients often ask the providers last-minute questions as they are walked back to the front desk after an appointment. This is an area where most staff members and patients can overhear conversations between the provider and patient, yet our providers often respond to a patient’s inquiry in this space rather than taking the patient into an office. Is this a violation of HIPAA?

A: Providers should not assume that the patient is OK with discussing the topic in the open area, even if the question was asked there. This is another example of an incidental disclosure, which HIPAA requires us to minimize. It would be better to bring the patient back into the office to discuss these last-minute questions when possible. Err on the side of caution and encourage your providers to ensure all conversations with patients are as private as possible.

Editor’s note: Chris Simons, MS, RHIA, director of health information and privacy officer at Cheshire Medical Center/Dartmouth-Hitchcock in Keene, New Hampshire, answered this question for HCPro’s Medical Records Briefing. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.

Categories : Uncategorized
Comments (0)

questionbubblesSubmit your HIPAA questions to Editor Jaclyn Fitzgerald at jfitzgerald@hcpro.com and we will work with our experts to provide the information you need.

Q: Can healthcare providers answer questions from other providers or patients when someone may possibly overhear the conversation? For example, I am an administrator at a provider-based clinic and notice that patients often ask the providers last-minute questions as they are walked back to the front desk after an appointment. This is an area where most staff members and patients can overhear conversations between the provider and patient, yet our providers often respond to a patient’s inquiry in this space rather than taking the patient into an office. Is this a violation of HIPAA?

A: Providers should not assume that the patient is OK with discussing the topic in the open area, even if the question was asked there. This is another example of an incidental disclosure, which HIPAA requires us to minimize. It would be better to bring the patient back into the office to discuss these last-minute questions when possible. Err on the side of caution and encourage your providers to ensure all conversations with patients are as private as possible.

Editor’s note: Chris Simons, MS, RHIA, director of health information and privacy officer at Cheshire Medical Center/Dartmouth-Hitchcock in Keene, New Hampshire, answered this question for HCPro’s Medical Records Briefing. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions.

Categories : HIPAA Q&A, Uncategorized
Comments (0)

security (2)The Health Information Trust Alliance (HITRUST) recently announced that it will conduct a study to analyze cyber threats in the healthcare industry. The goal of HITRUST Cyber Discovery is to identify cyberattack patterns and the sophistication of threats.

HITRUST is looking to recruit approximately 210 health plans and provider organizations to participate in the study. It will provide participants with free software and hardware to monitor and analyze networks for approximately 90 days.

There is no charge for participants. Registration closes May 10. Click here for more information or to register.

Categories : Uncategorized
Comments (0)

Although networked medical devices can offer benefits to patients, they can also present privacy and security risks that can threaten patients, according to a report by Intel Security and Atlantic Council’s Cyber Statecraft Initiative.

The report, The Healthcare Internet of Things: Rewards and Risks, offers advice on how to maximize the value of medical devices while minimizing security risks. Providers can easily track and adjust these devices, often without performing invasive procedures. In addition, these devices could help the healthcare industry save $63 billion over the next five years, according to the report.

However, medical devices present privacy concerns because hackers can access the device data, according to the report. Healthcare data is especially valuable to hackers and has become the target of several major attacks, including that of Anthem, Inc., and Premera Blue Cross.

Hackers, thieves, spies, and terrorists can exploit information technology to commit crimes. This is especially problematic with medical devices, since the patient is wearing the device and an attack on it could be life-threatening, according to the report.

The Healthcare Internet of Things: Rewards and Risks offers the following recommendations for protecting device privacy and security:

  • Improve private-private and public-private collaboration
  • Consider security when devices are conceived or manufactured
  • Change regulatory approval for devices
Categories : Uncategorized
Comments (0)