Medical Billing Blog: Section - HIPAA

Archive of all Articles in the HIPAA Section

This is the archive containing links to all articles written in the HIPAA section of our blog.

Click any of the article links below to read the entire article or browse another section to the right to read articles on another subject.

The Latest Details on HIPAA Compliance Audits

Deven McGraw, deputy director of the Department of Health and Human Services’ Office for Civil Rights has announced that the department’s plans for initiating onsite audits is currently on hold and will remain so until more than 200 desk audits have been completed. An article over on Data Breach Today gives us great detail on where HIPAA compliance audits stand with their enforcing agency. McGraw informed the HIMSS17 conference in February of the delay. We have decided that it makes a lot more sense to [first] take a look at all we had in the desk audit process and even prepare the overarching report to the public about how those

By: Melissa Clark, CCS-P, RT - CEO
No Comments

Is Your Practice Violating HIPAA Regulations?

Corpus Christi Medical Associates (CCMA), a family practice in Corpus Christi, Texas, has always found it difficult to comply with HIPAA’s privacy and security regulations. “We struggle to have enough resources to dedicate to the ever-changing environment,” said J. Stefan Walker, MD, a family medicine physician at CCMA. “There is always something new and regulations are constantly evolving. It’s a moving target, and cyber-liability is probably the greatest risk, added Walker.” Despite this sentiment, Walker was determined not to be one of the practices listed on the “Wall of Shame” webpage maintained by the Office for Civil Rights (OCR) at the U.S. Department of Health & Human Services. Practices are

By: Melissa Clark, CCS-P, RT - CEO
No Comments

Who’s Accessing Your Health Data?

Despite the fact that ransomware and hacking attacks draw the biggest headlines, it is actually improper insider access that causes the highest number of data breaches. Such are the results from the most recent Protenus “Breach Barometer,” which analyzes reported and sometimes not so publicly reported breaches in healthcare each month. For those who follow privacy and security in healthcare, the Protenus findings are not that surprising. Reports of inappropriate access by insiders are frequent and show a disturbing trend. Many of the reports allege that information was not used in any detrimental manner. Only that snooping occurred. However, there are two problems with that view. First, even small insider

By: Melissa Clark, CCS-P, RT - CEO
No Comments

Managing HIPAA Risk with Outside Consultants

The rising complexity of healthcare, particularly as it relates to providers’ growing technical needs, is increasingly prompting healthcare organizations to seek the help of outside consultants. In engagements with healthcare entities, thought IT consultants try to minimize interaction with patient data, they often have access to protected health information (PHI). When working with HIPAA Covered Entities, consultants are treated as “business associates” and are required to comply with Privacy Rules designed to protect PHI. Managing HIPAA compliance when engaging outside consultants requires that consultants enter into a Business Associate Agreement (BAA). The BAA must: Describe the permitted and required uses of PHI by the business associate in the context of

By: Melissa Clark, CCS-P, RT - CEO
No Comments

HIPAA Certified: Not So Fast

A healthcare organization is looking for a new electronic medical record, secure messaging application or any other solution. It compares a number of vendors, product features and gets close to choosing one. Just before making the ultimate decision, someone asks, what about HIPAA? As this question enters the discussion, another person says that the chosen product is HIPAA “certified.” Hearing that the product is certified, everyone is satisfied and thinks that HIPAA obligations are all set. Unfortunately, HIPAA “certification” does not settle any issue. The question of certification is one that has been around almost as long as HIPAA itself. From the legal perspective, certification is not even worth the

By: Melissa Clark, CCS-P, RT - CEO
No Comments

Deadlines: Regulations on HIPAA Compliance for Physicians

The deadline of September 23, 2013 has come and gone on the calendar. It was on this day the federal government enacted changes to the Health Insurance Portability and Accountability Act, better known as HIPAA. Medical physicians must be compliant with privacy and security and changes will include things like how to properly secure a patient’s health information or what you must tell a patient about their privacy rights. Medical physicians have 6 months to comply, and for many this is a difficult task to stay on so that the deadline is met. Compliance of the act includes the following updates to the regulations. Physicians must conduct a risk analysis

By: Melissa Clark, CCS-P, RT - CEO
No Comments

Windows XP Will Not Be HIPAA Compliant in April 2014

If you are still using Windows XP machines, you need to be getting rid of them soon. As Mike points out over at Hitech Answers, April 8th is when Microsoft ends all security updates, which puts you in direct violation with HIPAA. “Time’s up. On April 8, 2014, Microsoft is ending security updates and patches for Windows XP and Office 2003. Just having a Windows XP computer on your network will be an automatic HIPAA violation, which makes you non-compliant with Meaningful Use and will be a time bomb that could easily cause a reportable and expensive breach of protected patient information. HIPAA fines and loss of Meaningful Use money

By: Corporate - Public and Client Relations
No Comments