Medical Billing Blog: Section - HIPAA

Archive of all Articles in the HIPAA Section

This is the archive containing links to all articles written in the HIPAA section of our blog.

Click any of the article links below to read the entire article or browse another section to the right to read articles on another subject.

Who’s Accessing Your Health Data?

Despite the fact that ransomware and hacking attacks draw the biggest headlines, it is actually improper insider access that causes the highest number of data breaches. Such are the results from the most recent Protenus “Breach Barometer,” which analyzes reported and sometimes not so publicly reported breaches in healthcare each month. For those who follow privacy and security in healthcare, the Protenus findings are not that surprising. Reports of inappropriate access by insiders are frequent and show a disturbing trend. Many of the reports allege that information was not used in any detrimental manner. Only that snooping occurred. However, there are two problems with that view. First, even small insider

Read more
Published By: Melissa C. - OMG, LLC. CEO | No Comments

Managing HIPAA Risk with Outside Consultants

The rising complexity of healthcare, particularly as it relates to providers’ growing technical needs, is increasingly prompting healthcare organizations to seek the help of outside consultants. In engagements with healthcare entities, thought IT consultants try to minimize interaction with patient data, they often have access to protected health information (PHI). When working with HIPAA Covered Entities, consultants are treated as “business associates” and are required to comply with Privacy Rules designed to protect PHI. Managing HIPAA compliance when engaging outside consultants requires that consultants enter into a Business Associate Agreement (BAA). The BAA must: Describe the permitted and required uses of PHI by the business associate in the context of

Read more
Published By: Melissa C. - OMG, LLC. CEO | No Comments

HIPAA Certified: Not So Fast

A healthcare organization is looking for a new electronic medical record, secure messaging application or any other solution. It compares a number of vendors, product features and gets close to choosing one. Just before making the ultimate decision, someone asks, what about HIPAA? As this question enters the discussion, another person says that the chosen product is HIPAA “certified.” Hearing that the product is certified, everyone is satisfied and thinks that HIPAA obligations are all set. Unfortunately, HIPAA “certification” does not settle any issue. The question of certification is one that has been around almost as long as HIPAA itself. From the legal perspective, certification is not even worth the

Read more
Published By: Melissa C. - OMG, LLC. CEO | No Comments

Deadlines: Regulations on HIPAA Compliance for Physicians

The deadline of September 23, 2013 has come and gone on the calendar. It was on this day the federal government enacted changes to the Health Insurance Portability and Accountability Act, better known as HIPAA. Medical physicians must be compliant with privacy and security and changes will include things like how to properly secure a patient’s health information or what you must tell a patient about their privacy rights. Medical physicians have 6 months to comply, and for many this is a difficult task to stay on so that the deadline is met. Compliance of the act includes the following updates to the regulations. Physicians must conduct a risk analysis

Read more
Published By: Melissa C. - OMG, LLC. CEO | No Comments

Windows XP Will Not Be HIPAA Compliant in April 2014

If you are still using Windows XP machines, you need to be getting rid of them soon. As Mike points out over at Hitech Answers, April 8th is when Microsoft ends all security updates, which puts you in direct violation with HIPAA. “Time’s up. On April 8, 2014, Microsoft is ending security updates and patches for Windows XP and Office 2003. Just having a Windows XP computer on your network will be an automatic HIPAA violation, which makes you non-compliant with Meaningful Use and will be a time bomb that could easily cause a reportable and expensive breach of protected patient information. HIPAA fines and loss of Meaningful Use money

Read more
Published By: OMG, LLC. - Corporate Entries | No Comments

Outsourcing a Dirty Word toYou?

The word “outsourcing” has become a dirty word for many physicians that have been burned by medical billing companies that either outsourced their claims to medical billing companies that use neither secure networks nor adhere to HIPAA regulation in order to maximize their profits; or the outsourcing company just turned out to not be reliable and it wound up costing the practice money to utilize their services. Don’t let a bad experience keep you from partnering with a legitimate medical billing company that can not only help you get your reimbursements faster but also realize great profits by maximizing every single medical billing claim that is filed to make sure

Read more
Published By: Melissa C. - OMG, LLC. CEO | No Comments

HIPAA Clarifications Coming for Mental Health Workers

If you work in the mental health area, you can expect there to be a coming clarification on how HIPAA and FERPA should be interpreted along with a other state and federal privacy laws dealing mostly with situations concerning mental health workers when dealing with patients in conjunction with educations and law enforcement. This change is largely in part to the misinterpretations of privacy laws that were contributed to the Virginia Tech shootings earlier this spring, however it was not attributed to the laws themselves, concluded federal officials in a report to the President. The report was a compilation of data that was put together by several different agencies including

Read more
Published By: Melissa C. - OMG, LLC. CEO | No Comments

The Sensitive Issue of Handling Hard Copies

A question that comes up often is exactly how should a medical practice dispose of the hard copies of files? The answer isn’t rocket science, shredding is the only good answer. When you are ready to dispose of hard copies medical files, anything with a patient’s name on it should be shredded. If you don’t have the staff available and you don’t want to invest in an industrial-sized shredder, a good alternative would be to hire an outside shredding service that will either come to your offices and shred on site; or pick up your files, lock and store them in sealed containers and put them on a closed end

Read more
Published By: Melissa C. - OMG, LLC. CEO | No Comments

Are Your E-Transmissions HIPAA Compliant?

If you haven’t taken the time to evaluate your data; both the data that you actively send as well as the data at rest. If you don’t you could be in violation of the new HIPAA violations. The last security rule made by HIPAA (and while the final ruling does not mandate that you encrypt all of your email transmission)it does require that you examine how all of your data is transferred on an overall scale. There are two key items that will help you evaluate how your data is transmitted. (1)integrity controls and (2)encryption. Integrity control sounds a little confusing, but it really just means proper access controls and

Read more
Published By: Melissa C. - OMG, LLC. CEO | No Comments

Understanding HIPAA Requirements for E-Security

If you haven’t taken the time to evaluate your data; both the data that you actively send as well as the data at rest. If you don’t you could be in violation of the new HIPAA violations. Recently, HIPAA made a final security rule and while the final ruling does not mandate that you encrypt all of your email transmission but it does require that you examine how all of your data is transferred on an overall scale. There are two key items that will help you evaluate how your data is transmitted. (1)integrity controls and (2)encryption. Integrity control sounds a little confusing, but it really just means proper access

Read more
Published By: Kathryn E, CCS-P - Retired | No Comments