Author: Cassidy, Bonnie S.

Source: Journal of AHIMA

Publication Date: November 2000

If you're wondering how to interpret the proposed privacy and security rules related to HIPAA, you're not alone. The requirements of these rules—and the similarities and differences between them—are surrounded by confusion and controversy.

Having recently attended AHIMA's....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: September 2002

The HIPAA transactions, security, and privacy regulations identify five agreements and relationships that can be established between healthcare entities to achieve economies of scale and lessen HIPAA's administrative burden. They are: affiliated covered entity (ACE)

business associa....

Author: Cassidy, Bonnie S.

Source: Journal of AHIMA

Publication Date: October 2000

Confused about the differences between privacy and security? You’re not alone. Combine these with the jargon-laden chain of trust and business partner agreement issues, and a whole new set of questions about HIPAA implementation emerges.

Privacy, pursuant to HIPAA, addresses the righ....

Author: Klasa, Marge

Source: AHIMA Convention

Publication Date: October 21, 2005

Introduction

Maintaining the privacy and security of patient health information (PHI) is not only best practice, it is a HIPAA mandate for all Covered Entities (CE).1  But how does the CE know if its Business Associates (BA) and vendors agree to protect and secure patients’ PH....

Author: Butler, Mary

Source: Journal of AHIMA

Publication Date: April 2014

Have a spare 32.8 million hours? The US Department of Health and Human Services (HHS) sure hopes so.


As noted in the Federal Register, that figure is the total number of hours the HHS Office for Civil Rights (OCR) estimated it would take all HIPAA-covered entities combined....

Author: Derlink, Amy L; Schembari, Elaine

Source: Journal of AHIMA

Publication Date: March 2012

Responding to an audit can be hectic and stressful, but HIM professionals must remember to hold external record reviewers accountable to good privacy and security practices.

When you visit the hair salon, take an exercise class, or sit across from a financial planner, you expect them....

Author: Rode, Dan

Source: Journal of AHIMA

Publication Date: April 2013

The Office for Civil Rights (OCR) has published the long-awaited final omnibus rules covering many HITECH Act requirements in the January 25, 2013 Federal Register (78FR5566). The rule is officially titled “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notific....

Author: Haines, Pamela T.

Source: Journal of AHIMA

Publication Date: April 2004

If you are writing business associate agreements for a healthcare provider these days, you have probably discovered there are often no magic words or formulas that will produce an agreement. Although sample forms available from various sources may be helpful, generally no two business associat....

Author: Downing, Katherine

Source: Journal of AHIMA

Publication Date: April 2014

On January 25, 2013, the US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) published the long-awaited HITECH-HIPAA Omnibus Final Rule in the Federal Register. As anticipated, the Omnibus Rule includes some of the most significant changes to patient priva....

Author: Twiggs, Mariela; Goldstein, Sara

Source: Journal of AHIMA

Publication Date: October 2016

Healthcare provider organizations rely on a variety of entities to help them carry out healthcare activities and functions. If these entities create, maintain, or transmit protected health information (PHI) on behalf of a provider organization, they are considered a business associate (BA....

Author: Rode, Dan

Source: Journal of AHIMA

Publication Date: October 2009

Training and Retraining Needed


The addition of new federal privacy and security provisions does not relieve covered entities of their ongoing HIPAA training requirements. Entities must continue to provide HIPAA training to “employees, volunteers, trainees, and other perso....

Author: Hjort, Beth M.; Rhodes, Harry B.

Source: Journal of AHIMA

Publication Date: June 2010

When ARRA extended sections of the HIPAA privacy and security rules to cover business associates (BAs), it created a seismic shift in their contractual relationships with covered entities (CEs). Further, the changes became effective simultaneous with other ARRA amendments that require CEs and....

Author: Hicks, Andrew

Source: Journal of AHIMA

Publication Date: April 2014

Some healthcare business associates are still asking if HITECH-HIPAA impacts them. The answer is just as important to their affiliated healthcare providers.


Thousands of companies are now legally obligated to comply with the HITECH-HIPAA regulations because of their busines....

Author: Sullivan, Tori E.

Source: Journal of AHIMA

Publication Date: October 2002

It's April 10, 2003, and a privacy officer is reviewing her policies for the imminent privacy regulations, title II of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The compliance deadline is April 13, 2003, and she is already feeling stressed about meeting the date.....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: February 2002

An increasing number of healthcare workforce members are telecommuting. As transcriptionists, coders, customer service representatives, and others are working from home, many providers are weighing the benefits against potential privacy and security risks.

Who Is Working from Home....

Author: AHIMA Staff

Source: AHIMA Q and A

Publication Date: April 02, 2002

Q: I have been asked to identify all of my organization’s business associates so we can update their contracts prior to the April 2003 HIPAA privacy rule compliance date. Unfortunately, existing contracts are not maintained in one place. How should I tackle this project?


A: At....

Author: AHIMA Staff

Source: AHIMA Q and A

Publication Date: March 02, 2002

Q: We have a transcriptionist who picks up tapes, transcribes them off-site, and returns them each day. Is this practice legal under HIPAA?


A: The HIPAA privacy rule does not prohibit the use of tapes for dictation, nor the use of an outside transcription vendor. The privacy rule do....

Author: Roach, Michael C.

Source: In Confidence (newsletter)

Publication Date: November 02, 2001

The HIPAA privacy regulations require that covered entities have written agreements in place before disclosing protected health information (PHI) to business associates.1 The regulations also require specified provisions be included in business associate agreements (BAAs).2 Most likely none of....

Author: Humphrey, Heather L.

Source: Journal of AHIMA

Publication Date: February 2005

A few years ago, the Y2K crisis refocused the data world. Suddenly medical device manufacturers saw the inherent risks data brought to the business industry. What began with answering a simple question about date functionality quickly moved to conversations about personal information, its appr....

Author: Reeder, Linda

Source: AHIMA Convention

Publication Date: September 23, 2002

Author: McDavid, Jan P

Source: Journal of AHIMA

Publication Date: May 2013

Business associates (BAs) of HIPAA-covered entities like hospitals and doctor's offices should already be intimately acquainted with HIPAA's privacy and security regulations. BAs should already have business associate agreements with every covered entity with whom they work and assume resp....

Author: Hjort, Beth M.; Rhodes, Harry B.

Source: AHIMA Advocacy and Policy

Publication Date: January 22, 2010

Author: Thomason, Mary

Source: AHIMA sample form

Publication Date: November 21, 2002

Author: AHIMA

Source: AHIMA practice brief

Publication Date: November 2013

This 2013 practice brief version has been retired and is retained here for historical purposes. Read the 2016 updated version of this Practice Brief here.



The Privacy Rule portion of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 defines a "business....

Author: AHIMA Work Group

Source: AHIMA practice brief

Publication Date: October 2016

This update supersedes the November 2013 practice brief, Guidelines for a Compliant Business Associate Agreement.



The Privacy Rule portion of the Health Insurance Portability and Accountability Act (HIPAA) defines a "business associate (BA) as a person or entity that performs....

Author: Mandell, Steve; Manny, Barbara

Source: AHIMA Convention

Publication Date: September 23, 2002

Author: Lewis, Sharon; McLendon, Kelly

Source: Journal of AHIMA

Publication Date: October 2015

HIPAA uses the term “satisfactory assurances” four times in the text of its Privacy and Security Rules. Each time the statement is used it describes a covered entity’s (CE) responsibility to obtain satisfactory assurances from a business associate who creates, receives, maintains, or tran....

Author: Jones, Rhys W.

Source: In Confidence (newsletter)

Publication Date: January 02, 2001

Background


The Health Insurance Portability and Accountability Act (HIPAA) and its related transaction, security, and privacy regulations apply directly to certain entities, but not to all recipients of health information. The regulations define three classes of “covered enti....

Author: Hjort, Beth M.

Source: In Confidence (newsletter) | AHIMA Q and A

Publication Date: September 02, 2001

Q: I understand that HIPAA’s privacy rule sets up expectations for covered entities to help ensure that protected health information disclosed to business associates is restricted for redisclosure. How can covered entities control them?
A: The Department of Health and Human Services rea....

Author: Davis Wright Tremaine LLP

Source: External web site

Publication Date: April 14, 2003

Author: Butler, Mary

Source: Journal of AHIMA - website

Publication Date: April 2014

The HITECH-HIPAA Final Rule has changed the way healthcare organizations do business, and those with seats in the C-suite can’t afford to stay out of the weeds with the new regulations.


Daniel Solove, founder of the HIPAA training firm TeachPrivacy, and law professor at....

Author: Bowen, Rita K.

Source: Journal of AHIMA - website

Publication Date: April 2013

The HIPAA Omnibus Rule, the new Final Rule modifying HIPAA, was published in the Federal Register on January 25, 2013. The amended rule went into effect on March 26 and full compliance is expected by September 23. For HIM professionals, the most far-reaching of the changes to HIPAA is that....

Author: Tomes, Jonathan P.

Source: Journal of AHIMA - website

Publication Date: January 2014

HIM professionals and privacy and security officers are likely already familiar with their facility’s business associates. But with the recent dramatic changes to the business associate relationship in the HITECH Act and the Omnibus Final Rule, there is plenty of new ground....

Author: Tomes, Jonathan P.

Source: Journal of AHIMA - website

Publication Date: January 2014

This is the second installment in a three-part article series on avoiding liability for breaches by business associates. This article will provide guidance on how to avoid liability for breaches by business associates.


For background on the changes to the busin....

Author: Tomes, Jonathan P.

Source: Journal of AHIMA - website

Publication Date: January 2014

This is the third installment in a three-part article series on avoiding liability for breaches by business associates. This article will discuss adjustments needed in the business associate relationship, as well as ongoing strategies for adapting to the recent changes.
....

Author: Malone, Molly

Source: In Confidence (newsletter)

Publication Date: December 02, 2003

The electronic transmission of healthcare information and outsourcing transcription is becoming commonplace. While many had previously taken the stance that “everybody’s doing it,” HIPAA has added a new dimension to the working lives of health information managers and medical transcription se....

Author: Patel, Nilay B.

Source: Journal of AHIMA

Publication Date: July 2005

With the April 21, 2005, and April 20, 2006 (for small health plans) HIPAA security regulation deadlines, covered entities may question what a revised contract for a business associate (BA) should contain and how it should be executed. Official guidance is scattered in the Federal Register and....

Author: McSteen, Thomas

Source: Journal of AHIMA

Publication Date: September 2013

The 2013 HIPAA Omnibus Rule marks a key milestone for implementation of the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH). One of the most far-reaching impacts of HITECH and the Omnibus Rule is that business associates (BA) and their subcontractors now mu....