Category Archives: HIPAA Regulation

HIPAA Portability Rules Change

Just came across this article from Business & Legal Reports. The initial HIPAA rules were issued in 1997. Well, there have been several modifications since then. Are you compliant with the 1997 rules, or the latest (including the modifications)? It’s probably best to be on the safe side and review all of the major changes…

HIPAA Enforcement Lax?

A Silicon Valley Business Journal article reports that enforcement of HIPAA regulations may not be enforced with an iron fist. Well, folks, looks like that’s it for HIPAA Blog. No need to keep updating this site if it’s not going to be enforced. If you’re not going to be prosecuted (or fined heavily)… why worry…

AHA calls for guidance on HIPAA National Provider Identifier (NPI)

The AHA (American Hospital Association) testified before Congress on April 6, 2005 regarding the National Provider Identifier (NPI) regulation. Their testimony recommends additional guidance about subpart identification in particular as well as suggests a timeline for implementation.

Help with HIPAA, SOX, and GLBA Compliance

Here at HIPAA Blog, we learn new acronyms on a nearly daily basis (okay, maybe weekly). Apparently Sarbanes-Oxley is now affectionately referred to as SOX. GLBA? That’s short for the Gramm Leach Bliley Act. Hopefully our longtime readers know what HIPAA stands for, but if you’re new to this business, HIPAA stands for: Health Insurance…

HIPAA Survey Finds Most Firms Are Prepared, Though Issues Loom

A new survey has found that most organizations are ready for the April 20 deadline for meeting HIPAA compliance regulations. Healthcare and related organizations have just over two weeks to meet new rules for protecting patient data or face possible fines, criminal penalties and negative publicity. While many IT professionals involved with Health Insurance Portability…

Living with HIPAA: Enforcement of the Privacy Rule Today

This article is a little dated but has some decent info. Robin Johnson discusses enforcement of HIPAA Laws: It has been almost one year since the April 14, 2003 effective date of the HIPAA Privacy Rule. 1 At this time, your organization has likely implemented HIPAA privacy policies and procedures, prepared a standard authorization form,…

HIPAA FAQs about Lawyers as Business Associates under HIPAA

Want to know exactly what the rules are concerning your lawyer or attorney regarding being a business associate? The OCR has the answers. 1 New – May a covered entity that is a party in a legal proceeding use or disclose PHI for the litigation? 2 New – Must lawyer-business associates require others to agree…

HIPAA Enforcement and Penalties for Noncompliance

Compliance. Consistent with the principles for achieving compliance provided in the Rule, HHS will seek the cooperation of covered entities and may provide technical assistance to help them comply voluntarily with the Rule.87 The Rule provides processes for persons to file complaints with HHS, describes the responsibilities of covered entities to provide records and compliance…

HIPAA State Law

Preemption. In general, State laws that are contrary to the Privacy Rule are preempted by the federal requirements, which means that the federal requirements will apply.85 “Contrary” means that it would be impossible for a covered entity to comply with both the State and federal requirements, or that the provision of State law is an…

HIPAA Privacy Practice Notice

Each covered entity, with certain exceptions, must provide a notice of its privacy practices.51 The Privacy Rule requires that the notice contain certain elements. The notice must describe the ways in which the covered entity may use and disclose protected health information. The notice must state the covered entity’s duties to protect privacy, provide a…

HIPAA Privacy – Pyschotherapy Authorization

A covered entity must obtain an individual’s authorization to use or disclose psychotherapy notes with the following exceptions48: – The covered entity who originated the notes may use them for treatment. – A covered entity may use or disclose, without an individual’s authorization, the psychotherapy notes, for its own training, and to defend itself in…

HIPAA – Permitted Uses and Disclosures

A covered entity is permitted, but not required, to use and disclose protected health information, without an individual’s authorization, for the following purposes or situations: (1) To the Individual (unless required for access or accounting of disclosures) A covered entity may disclose protected health information to the individual who is the subject of the information….