215 results.
[1] 2 3
Are You Ready for a HIPAA Audit?
Author: Wiedemann, Lou Ann
Source: Journal of AHIMA
Publication Date: April 2017
Editor’s Note: The following is an excerpt from the new “External HIPAA Audit Readiness Toolkit” developed by AHIMA. The full toolkit is free for AHIMA members.
THE HITECH OMNIBUS Rule mandated that the US Department of Health and Human Services (HHS) condu....
Using Aliases to Protect Privacy in Healthcare
Author: Barrett, Charlotte S; Beidler, Aurae; Davis, Nancy; Glondys, Barbara
Source: Journal of AHIMA
Publication Date: November 2016
Developing policies and standard procedures when working with patient aliases is one way to both respect patient privacy but also ensure the accuracy and integrity of patient data.
As defined in AHIMA’s Pocket Glossary, an “alias” is “a name added to,....
Guidelines for a Compliant Business Associate Agreement (2016)
Author: AHIMA Work Group
Source: AHIMA practice brief
Publication Date: October 2016
This update supersedes the November 2013 practice brief, Guidelines for a Compliant Business Associate Agreement.
The Privacy Rule portion of the Health Insurance Portability and Accountability Act (HIPAA) defines a "business associate (BA) as a person or entity that performs....
Information Governance for Offsite Data Security
Author: Saharia, Devendra
Source: Journal of AHIMA
Publication Date: April 2016
Disruptive technology can turn any industry on its head—virtually overnight. Just five years ago, summoning a taxi was an inefficient, time-consuming effort that often involved dialing up a dispatcher, who contacted a driver, who would then make their way to your location, perhaps in an h....
Shifting from Reactive to Proactive HIPAA Audits
Author: Brinda, Danika
Source: Journal of AHIMA
Publication Date: January 2016
Stories about workforce members inappropriately accessing health information continue to plague the Department of Health and Human Services’ Data Breach Portal—which lists US provider data breaches that affect more than 500 individuals. Recently two data breaches reported on th....
Cybersecurity 101
Author: Lucci, Susan; Walsh, Tom
Source: Journal of AHIMA
Publication Date: November 2015
One of the most alarming statistics in the news, which is growing with intent and severity, is the prevalence of cyber-attacks, particularly in healthcare. It is an alarming trend that has gained a good deal of attention. For example, in July 2015, UCLA reported that up to 4.5 million pati....
Ensuring Your Business Associates Provide ‘Satisfactory Assurances’
Author: Lewis, Sharon; McLendon, Kelly
Source: Journal of AHIMA
Publication Date: October 2015
HIPAA uses the term “satisfactory assurances” four times in the text of its Privacy and Security Rules. Each time the statement is used it describes a covered entity’s (CE) responsibility to obtain satisfactory assurances from a business associate who creates, receives, maintains, or tran....
Cracking Encryption: Despite Benefits, Technology Still Not Widely Used to Combat Multi-Million Dollar Breaches
Author: Butler, Mary
Source: Journal of AHIMA
Publication Date: April 2015
In movies and on television lately, Hollywood has made encryption and decryption look exciting, glamorous, and world-saving. The film The Imitation Game and the BBC show The Bletchley Circle chronicle how British code breakers decrypted military strategy codes from the Nazi encryption tool....
Industry Awaits Phase 2 of HIPAA Audit Program
Author: Asmonga, Donald D.
Source: Journal of AHIMA
Publication Date: January 2015
The wait for the second round of mandated privacy and security audits from the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) continues. OCR is currently working through final details for the revised audit plan as they await finalization of new technolog....
HIPAA Breach Enforcement Roundup
Author: Cacciatore, Victoria; Downing, Katherine
Source: Journal of AHIMA
Publication Date: July 2014
Criminal attacks on healthcare systems have risen 100 percent since 2010, according to a recent Ponemon study.1 This makes it obvious that the privacy and security of patient health information is vulnerable and highly susceptible to data breach. The HIPAA Breach Notification Rule became e....
Black Market PHI Does Exist: Why It’s Time to Take Security Risk Assessments Seriously
Author:
Source: Journal of AHIMA
Publication Date: May 2014
Many health information management (HIM) experts have wondered whether there is protected health information (PHI) on the black market. In short, the answer is “yes.” According to a 2012 Ponemon Institute study, 90 percent of healthcare organizations surveyed have had at least....
On the HIPAA Hook
Author: Hicks, Andrew
Source: Journal of AHIMA
Publication Date: April 2014
Some healthcare business associates are still asking if HITECH-HIPAA impacts them. The answer is just as important to their affiliated healthcare providers.
Thousands of companies are now legally obligated to comply with the HITECH-HIPAA regulations because of their busines....
Security Risk Analysis and Management: An Overview (2013 update)
Author: Walsh, Tom
Source: AHIMA practice brief
Publication Date: November 2013
Editor’s note: This update replaces the January 2011 practice brief “Security Risk Analysis and Management: An Overview.”
Managing risks is an essential step in operating any business. It’s impossible to eliminate all threats; however, healthcare organizati....
Guidelines for a Compliant Business Associate Agreement - Retired
Author: AHIMA
Source: AHIMA practice brief
Publication Date: November 2013
This 2013 practice brief version has been retired and is retained here for historical purposes. Read the 2016 updated version of this Practice Brief here.
The Privacy Rule portion of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 defines a "business....
HIPAA Security Overview - Retired
Author: Miaoulis, William M
Source: AHIMA practice brief
Publication Date: November 2013
Editor’s note: This update replaces the April 2004 and the November 2010 practice briefs titled “A HIPAA Security Overview.”
The HIPAA security rule has remained unchanged since its implementation more than a decade ago. However, the Health Information Technology for Economic a....
Privacy and Security Training (2013 update) - Retired
Author: Downing, Kathy; Lucci, Susan; Lerch, Diane M
Source: AHIMA practice brief
Publication Date: October 2013
Editor's note: This update replaces the November 2010 practice brief "HIPAA Privacy and Security Training."
On January 25, 2013, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the long-awaited Health Insurance Portability and Accoun....
When to Send a Breach Notification: New HIPAA Rules Revise “Harm” Standard
Author: Warner, Diana
Source: Journal of AHIMA
Publication Date: April 2013
The HITECH Act’s omnibus HIPAA modification final rule, released January 25, 2013, finalized sweeping changes to privacy and security regulations. Though much of the proposed rule was adopted, the omnibus rule included major changes made to the “harm threshold” standard i....
HIPAA Mighty and Flawed: Regulation has Wide-Reaching Impact on the Healthcare Industry
Author: Solove, Daniel J
Source: Journal of AHIMA
Publication Date: April 2013
How HIPAA has performed overall as a privacy law is open to interpretation, but most agree it has had a wide-reaching impact on the healthcare industry. In comparison to the dozens of federal privacy laws for various industries, HIPAA is one of the most comprehensive and detailed.
Analysis of Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under HITECH and GINA; Other Modifications to the HIPAA Rules
Author: AHIMA
Source: AHIMA regulation analysis
Publication Date: January 25, 2013
Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule
Author: U.S. Office for Civil Rights
Source: U.S. Department of Health & Human Services | U.S. Office for Civil Rights
Publication Date: January 2013
Rule modifies HIPAA by implementing statutory amendments under HITECH to strengthen the privacy and security protection for individuals’ health information; modifies the Breach Notification Rule under the HITECH Act, modifes the HIPAA Privacy Rule to strengthen the privacy protections for genetic information and makes certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on regulated entities.
HIPAA Compliance for Clinician Texting
Author: Greene, Adam H
Source: Journal of AHIMA
Publication Date: April 2012
The HIPAA privacy and security rules need not act as an obstacle to efficient communications, but keeping texting compliant requires planning and diligence.
Text (or SMS) messaging has become nearly ubiquitous on mobile devices. According to one survey, approximately 72 perce....
Keeping It Private: Staying Compliant with the HIPAA Privacy and Security Rules
Author: Tomes, Jonathan P.
Source: Journal of AHIMA
Publication Date: March 2012
HHS's renewed interest in auditing for compliance is a good reminder to covered entities to ensure their privacy and security programs are up to date.
The Department of Health and Human Services' (HHS) announcement of a new program to audit compliance with the HIPAA priva....
Automation for Privacy and Security Compliance
Author: McLendon, Kelly
Source: Journal of AHIMA
Publication Date: March 2012
There has been a lack of enforcement of the privacy and security rules ever since HIPAA's inception. As such the adoption of comprehensive HIPAA compliance programs has lagged behind EHR development and implementation.
This in turn has caused little funding to be budgeted by provide....
Simplification at Last? HHS Rolls out Operating Rules for HIPAA Transaction Standards
Author: Dimick, Chris
Source: Journal of AHIMA
Publication Date: February 2012
The HIPAA transaction standards-meant to streamline financial and administrative transactions-have instead devolved into a kind of free-for-all. Now the first operating rules are in hand to standardize use of the standards and gain the efficiencies originally intended.
When it....
HHS Steps up HIPAA Audits: Now Is the Time to Review Security Policies and Procedures
Author: Greene, Adam H
Source: Journal of AHIMA
Publication Date: October 2011
Now Is the Time to Review Security Policies and Procedures
In June 2011 the Department of Health and Human Services awarded KPMG a $9.2-million contract to create an audit protocol and audit organizational compliance with the HIPAA privacy and security requirements.1 The co....
Tracking the Industry’s Progress: AHIMA Survey on ICD-10 and 5010 Compliance
Author: AHIMA
Source: AHIMA
Publication Date: September 21, 2011
Aligning ICD-10: Federal Initiatives Recognize the Value of Integration
Author: Rode, Dan
Source: Journal of AHIMA
Publication Date: June 2011
The theme of this month's Journal is very timely on two accounts. First, the process for implementing ICD-10-CM/PCS is heating up as the industry is now six months from what many consider the first national milestone: the January 2012 compliance deadline for the HIPAA 5010 transaction upgrade.....
Security Audits of Electronic Health Information (2011 update)
Author: AHIMA
Source: AHIMA practice brief
Publication Date: March 2011
This practice brief has been updated. See the latest version here. This version is made available for historical purposes only.
Managing External Reviewer Requests in the EHR: Considerations, Requirements, and Associated Expenses
Author: Wiedemann, Lou Ann
Source: Journal of AHIMA
Publication Date: March 2011
Managing third-party requests for health information is a routine function for every HIM department. HIM professionals regularly receive record requests from third parties for a variety of reasons, such as revenue integrity audits or admission validation reviews.
Historically, fulfi....
The Year That Was and the Year to Be
Author: Asmonga, Donald D.
Source: Journal of AHIMA
Publication Date: February 2011
The second session of the 111th Congress began with the Democrats in firm control of the House and Senate. Working from their position of power enabled the Democrats to pass healthcare reform.
Although Congress was mired in contentious debates, AHIMA still advocated for its public po....
Security Risk Analysis and Management: an Overview (2011 update)
Author: Walsh, Tom
Source: AHIMA practice brief
Publication Date: January 2011
This practice brief has been updated. See the latest version here. This version is made available for historical purposes only.
ICD-10’s Impact on Noncovered Entities: Many Reasons Will Lead to Voluntary Upgrades
Author: Bowman, Sue E; Leon-Chisen, Nelly
Source: Journal of AHIMA
Publication Date: January 2011
The ICD-10-CM/PCS final rule requires HIPAA covered entities adopt the ICD-10-CM and ICD-10-PCS code sets by October 1, 2013. Adoption is not required for noncovered entities such as property and casualty insurance health plans, workers' compensation programs, and disability insurance programs....
HIPAA Privacy and Security Training (2010 update)
Author: AHIMA
Source: AHIMA practice brief
Publication Date: November 2010
This practice brief has been retired. It is made available for historical purposes only.
HIPAA Security Overview (2010 update)
Author: AHIMA
Source: AHIMA practice brief
Publication Date: November 2010
This practice brief has been updated. See the latest version here. This version is made available for historical purposes only.
Prepare Now for Coming HIPAA Security Reviews
Author:
Source: AHIMA Advantage
Publication Date: October 2010
ICD-9-CM Coding Guidance for LTC Facilities. Appendix A: Planning for the ICD-10-CM Transition for LTC Facilities
Author: AHIMA
Source: AHIMA practice brief attachment
Publication Date: October 2010
On January 16, 2009, the Department of Health and Human Services released final rules to adopt X12 Version 5010 claim form of HIPAA's Transaction and Code Set Standard and ICD-10-CM and ICD-10-PCS. Healthcare organization must implement version 5010 by January 1, 2012. The implementation deadli....
Three Short Years: Organizations Lagging in 5010 and ICD-10 Progress
Author: Dimick, Chris
Source: Journal of AHIMA
Publication Date: September 2010
The calendar is marching steadily toward October 2013, when all healthcare organizations must begin submitting claims using the ICD-10-CM and ICD-10-PCS code sets. Much needs to be done in making the transition, and healthcare organizations should have taken major steps in their preparation al....
Environmental Scan: Unique Health Plan Identifier And Operating Rules for Health Information Transactions
Author: Amatayakul, Margret
Source: U.S. National Committee for Vital and Health Statistics
Publication Date: July 11, 2010
Putting It in Writing: Updating BA Agreements to Cover Breach Notification
Author: Hjort, Beth M.; Rhodes, Harry B.
Source: Journal of AHIMA
Publication Date: June 2010
When ARRA extended sections of the HIPAA privacy and security rules to cover business associates (BAs), it created a seismic shift in their contractual relationships with covered entities (CEs). Further, the changes became effective simultaneous with other ARRA amendments that require CEs and....
Preparing for 5010: Internal testing of HIPAA Transaction Upgrades recommended by December 31
Author: Moynihan, Jim
Source: Journal of AHIMA
Publication Date: January 2010
Vendors will bear the brunt of work tied to the industry’s migration to version 5010 of the X12 HIPAA transaction standards. However, providers are responsible for identifying their systems in need of upgrade, getting software installed and tested, and training staff in new functionalities. Wh....
2010 Healthcare Calendar: The Deadlines and Initiatives to Prepare for This Year
Author: Rode, Dan
Source: Journal of AHIMA
Publication Date: January 2010
Last year saw movement on major HIM issues, starting in January with the publication of the ICD-10-CM/PCS final rule. This was quickly followed by the American Recovery and Reinvestment Act (ARRA), which has dominated healthcare discussions all year, matched only by the healthcare reform d....
CMS’s 2009 Security Assessment Process
Author: Dinh, Angela K.
Source: Journal of AHIMA
Publication Date: September 2009
In 2008 the Centers for Medicare and Medicaid Services (CMS) conducted 10 HIPAA security assessments in covered entities (CEs) nationwide. CMS’s stated purpose was not to identify flaws but to gain a true understanding of industry compliance with the HIPAA security rule.
CMS co....
Analysis of the Final Rule, January 16, 2009, Health Insurance Reform: Modifications to the Health Insurance Portability and Accountability Act (HIPAA) Electronic Transaction Standards
Author: Rode, Dan
Source: AHIMA regulation analysis
Publication Date: February 02, 2009
Analysis of the Final Rule: HIPAA Administrative Simplification: Modification to Medical Data Code Set Standards to Adopt ICD-10-CM and ICD-10-PCS
Author: Rode, Dan
Source: AHIMA regulation analysis
Publication Date: February 02, 2009
Reassessing Your Security Practices in a Health IT Environment: a Guide for Small Health Care Practices
Author: U.S. Office of the National Coordinator for Health Information Technology; U.S. Office for Civil Rights
Source: Government (U.S.)
Publication Date: December 16, 2008
Nationwide Review of the Centers for Medicare & Medicaid Services Health Insurance Portability and Accountability Act of 1996 Oversight
Author: U.S. Department of Health and Human Services. Office of the Inspector General
Source: Government (U.S.)
Publication Date: October 27, 2008
Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule [revision 1]
Author: Scholl, Matthew; Stine, Kevin; Hash, Joan; Bowen, Pauline; Johnson, Arnold; Smith, Carla; Steinberg, Daniel
Source: Government (U.S.)
Publication Date: October 24, 2008
Health Insurance Reform: Modifications to the Health Insurance Portability and Accountability Act Electronic Transaction Standards. Proposed Rule
Author: U.S. Department of Health and Human Services. Office of the Secretary
Source: Government (U.S.)
Publication Date: August 22, 2008
HIPAA Security Compliance: What Comes Next?
Author: Dinh, Angela K.
Source: External - used with permission
Publication Date: May 02, 2008
This article, written by an AHIMA HIM Practice Director and published in the Journal of Healthcare Compliance (May/June 2008) offers six tips to help organizations stay current, strive for compliance, and prepare for the future.
Sample - Interview and Document Request for HIPAA Security Onsite Investigations and Compliance Reviews
Author: U.S. Centers for Medicare & Medicaid Services
Source: Government (U.S.)
Publication Date: May 02, 2008
Enhancing Protections for Uses of Health Data: a Stewardship Framework. Summary for Policy Makers
Author: National Committee on Vital and Health Statistics (NCVHS)
Source: Government (U.S.)
Publication Date: April 24, 2008
Integrating Privacy and Security: Coordination Benefits HIPAA Compliance Efforts
Author: Adler, M. Peter
Source: Journal of AHIMA
Publication Date: April 2008
Privacy and security are meant to work in tandem—so why have they grown up apart? An organization that coordinates its compliance efforts can maximize resources and increase effectiveness.
Several years have passed since the compliance deadlines for the HIPAA....
Enhanced Protections for Uses of Health Data: a Stewardship Framework for ‘Secondary Uses’ of Electronically Collected and Transmitted Health Data
Author: National Committee on Vital and Health Statistics (NCVHS)
Source: Government (U.S.)
Publication Date: December 19, 2007
Security Standards: Implementation for the Small Provider
Author: U.S. Centers for Medicare & Medicaid Services
Source: Government (U.S.)
Publication Date: December 10, 2007
HIPAA Security Redux: A Re-evaluation Process and Recommended Areas to Review
Author: Adler, M. Peter
Source: Journal of AHIMA
Publication Date: November 2007
Remember the mad scramble to create a compliance plan before the HIPAA security rule deadline? It’s time to revisit that plan.
Publication of the HIPAA security rule created a flurry of discussions, debate, and activity as healthcare professionals grappled wi....
Safeguards for Remote Access
Author: AHIMA Privacy and Security Practice Council
Source: Journal of AHIMA
Publication Date: July 2007
Working from home has become a common practice as organizations try to maximize the number of productive work hours in a day. A plethora of new portable devices and Web-based technology enables this option by providing off-site access to work-based applications and facilitating the transp....
Value of HIM in Privacy and Security Compliance
Author: Amatayakul, Margret; Work, Mitch
Source: Journal of AHIMA
Publication Date: May 2007
Survey results illustrate HIM participation in compliance efforts and offer a look at common program components
HIM professionals have long been at the forefront of ensuring the privacy and confidentiality of health information. With the introduction of the HIPAA privacy and security rul....
HIPAA Security Guidance
Author: U.S. Centers for Medicare & Medicaid Services
Source: Government (U.S.)
Publication Date: January 03, 2007
The State of HIPAA Privacy and Security Compliance, 2006
Author: AHIMA
Source: AHIMA report
Publication Date: April 19, 2006
This third annual survey looks at how well the industry is maintaining HIPAA privacy and security compliance as a part of the normal course of business as it moves further away from the implementation deadlines.
Running out of Room for Data: HIPAA Requires Healthcare Organizations to Re-assess Data Storage
Author: Brick, Frank
Source: Journal of AHIMA
Publication Date: April 2006
Computer systems are feeling the effects of HIPAA. That's because the act's privacy and security rules require covered entities to securely store and manage more data than ever before. The latest computers to feel the effect are those in small covered entities, where the security rule takes ef....
Managing Data Content: Clinical Data Management Programs Improve Reimbursement
Author: Rhodes, Harry B.
Source: Journal of AHIMA
Publication Date: February 2006
Although we’ve made progress in advancing the EHR initiative, we continue to struggle with data content management. The data content management crisis is not unique to healthcare, according to Ruth Stanat, global business consultant. All businesses—not just healthcare—are &l....
HIPAA Administrative Simplification: Standards for Electronic Health Care Claims Attachments CMS-0050-P
Author: Rode, Dan
Source: AHIMA testimony and comments
Publication Date: January 20, 2006
January 20, 2006
Honorable Michael O. Leavitt
Secretary
Department of Health and Human Services
CMS-0050-P
Hubert H. Humphrey Building
Room 445-G
200 Independence Avenue, SW
Washington, DC 20201
Re: HIPAA Administrative Simplification: Standards for E....
You Can't Throw IT in the Dumpster Anymore: Tips for Finding a Qualified Electronic Waste Disposal Service
Author: Harford, Joseph P.; Rizzo, Karen
Source: Journal of AHIMA
Publication Date: January 2006
One of the many challenges of the HIPAA age is handling the millions of outdated computers and associated peripheral devices. Once a back-burner issue, computer disposal is now front and center in the healthcare industry. The need to secure a health organization’s network goes well beyon....
HIPAA Compliance in U.S. Hospitals: A Self-Report of Progress Toward the Security Rule
Author: Having, Karen; Davis, Diane C.
Source: Perspectives in Health Information Management
Publication Date: November 2005
Abstract
In January 2004, a random sampling of 1,000 U.S. hospitals was surveyed by researchers at a midwestern university to determine perceived level of compliance with the security requirements of the federal Health Insurance Portability and Accountability Act (HIPAA). Exa....
Medical Record Security/Risk Assessment
Author: Chitvanni, Norma; Corbosiero, Amy ; Raymond, Jacqueline; Robbins, Shari; Shaw, Donna
Source: AHIMA Convention
Publication Date: October 21, 2005
Introduction
The Dana-Farber Cancer Institute (DFCI) in Boston, Massachusetts, is a specialty hospital providing care to adult and pediatric cancer patients. Inpatient adult cancer care is managed via a joint venture with Brigham and Women’s Hospital. Inpatient pediatric cancer care....
Taking Charge of Issues in Auditing for HIPAA Security Rule Compliance
Author: Travis, John
Source: AHIMA Convention
Publication Date: October 21, 2005
Introduction
Many questions have emerged lately about the requirement for auditing under the HIPAA Security Rule, the differences in the requirement for auditing under the HIPAA Privacy Rule, how to define audit objectives, and the appropriate level to audit. The objective of this white p....
Spoliation of Medical Evidence
Author: Tomes, Jonathan P.
Source: Journal of AHIMA
Publication Date: October 2005
To avoid the improper destruction or alteration of records, HIM departments must follow a retention schedule, train personnel, and ensure that corrections leave original entries intact.
Although the legal concept known as spoliation of evidence has been a part of the American legal syste....
Basics of Risk Analysis and Risk Management
Author: U.S. Centers for Medicare & Medicaid Services
Source: Government (U.S.)
Publication Date: August 18, 2005
Destroying Data the DoD Way: Military Standards Help Ensure Compliance for Electronic Data Security
Author: Keating, Angie Singer
Source: Journal of AHIMA
Publication Date: July 2005
The unauthorized use of confidential or sensitive information contained on computer hard drives is a serious problem facing most healthcare organizations. Organizations that do not require proper hard-drive sanitation as part of their total information destruction program face regulatory viola....
How to Safely Recycle PCs
Author: Quinsey, Carol Ann
Source: Journal of AHIMA
Publication Date: June 2005
Securing the privacy of both protected health information and personal information should be a primary concern when personal computers have outlived their usefulness. Recycling or disposing of a computer safely can be a challenge.
It’s not enough to simply give an old computer....
Security Standards: Organizational, Policies and Procedures and Documentation Requirements
Author: U.S. Centers for Medicare & Medicaid Services
Source: Government (U.S.)
Publication Date: May 02, 2005
HIPAA Security: Don't Disband the Committee Just Yet
Author: Brown, Stephen C.
Source: Journal of AHIMA
Publication Date: May 2005
By now, every healthcare organization has faced the initial security compliance responsibilities associated with HIPAA. However, the compliance road has not yet been fully traveled. The nature of the rule makes compliance a recursive effort of reassessment, continual auditing, regular educatio....
State of HIPAA Privacy and Security Compliance 2005
Author: AHIMA
Source: AHIMA report
Publication Date: April 11, 2005
The results of a survey to assess the current state of HIPAA privacy and security within the healthcare industry.
AHIMA releases the results of this research in conjunction with the second annual National Health Information Privacy and Security Week, April 10-16, 2005. AHIMA is sponsoring National Health Information Privacy and Security Week to raise awareness among healthcare professionals, their employers, the media, and the public regarding the importance of protecting the privacy, confidentiality, and security of personal health information (PHI).
Putting the Finishing Touches to Security: Are You Ready?
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: April 2005
Many covered entities have enhanced their security measures over the last several years in preparation for the HIPAA security rule compliance deadline. In the March issue, Tom Walsh provided a readiness checklist to ensure your organization had the necessary processes in place (See “The....
HIPAA Audit and System Activity Review: Developing a Process that Focuses on the Greatest Risks First
Author: Hofler, Linda D.; Hardee, Joy; Dildy, Kenneth; Burleson, Deeanna; Grady, Jamie
Source: Journal of AHIMA
Publication Date: March 2005
The privacy and security rules require audits and system activity reviews. Here is one health system's process, a systematic approach that focuses on areas of greatest risk.
Ensuring the privacy and confidentiality of patient information is fundamental to HIM, but it has taken on a new le....
Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
Author: Hash, Joan; Bowen, Pauline; Johnson, Arnold; Smith, Carla; Steinberg, Daniel
Source: Government (U.S.)
Publication Date: March 02, 2005
Safeguarding ePHI from Fire the Dry Way
Author: Brown, Karen
Source: Journal of AHIMA
Publication Date: March 2005
With HIPAA’s security rule compliance date right around the corner, many HIM professionals are still trying to determine if they have adequate safeguards in place to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI).
Many....
Reporting Security Incidents
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: March 2005
HIPAA requires covered entities “implement policies and procedures to address security incidents.” There is one implementation specification: to “identify and respond to suspected or known security incidents; mitigate, to the extent practical, harmful effects of security inci....
HIPAA Marches On--Or Does It?
Author: Rode, Dan
Source: Journal of AHIMA
Publication Date: March 2005
HIPAA has taught us that standardization is hard. When the act was signed into law in 1996, the optimists among us believed that within four years the healthcare industry would be using a variety of uniform national administrative transactions, most associated with what we now call the revenue....
26.2-mile Security Rule: Is Your Organization Gaining on Compliance or Just Running in Place?
Author: Walsh, Tom
Source: Journal of AHIMA
Publication Date: March 2005
The race to security compliance is a marathon, not a dash. Here’s how to gauge your progress.
With implementation of the HIPAA security rule next month, many organizations are preparing to sprint toward the deadline. However, compliance is more like a marathon than a 100-meter dash....
Security Standards: Physical Safeguards
Author: U.S. Centers for Medicare & Medicaid Services
Source: Government (U.S.)
Publication Date: February 28, 2005
Security Standards: Technical Safeguards
Author: U.S. Centers for Medicare & Medicaid Services
Source: Government (U.S.)
Publication Date: February 28, 2005
Access Controls: Striking the Right Balance
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: January 2005
As healthcare organizations put the finishing touches on their HIPAA security compliance plans, many are finding that updating access controls is not easy. Clinicians often scoff at the word “control” in general and at “access control” in particular. Not all products ar....
HIPAA Acknowledgments: the Need for a Standard Transaction Acknowledgment
Author: WebMD
Source: External web site
Publication Date: November 24, 2004
Security 101 for Covered Entities
Author: U.S. Centers for Medicare & Medicaid Services
Source: Government (U.S.)
Publication Date: November 23, 2004
Security Standards: Administrative Safeguards
Author: U.S. Centers for Medicare & Medicaid Services
Source: Government (U.S.)
Publication Date: November 23, 2004
What is Security Auditing?
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: November 2004
The HIPAA security rule includes a requirement for audit controls and to monitor and manage ongoing security for a variety of processes. But the requirement for internal audit was changed to “information security activity review,” and there is no other specific reference to auditin....
HIPAA Requirements for Secure Record Storage and Data Transfer
Author: Rosenbaum, Arnold S.; Nelson, Gina A.
Source: AHIMA Convention
Publication Date: October 15, 2004
HHS Secretary Tommy Thompson released the Final Regulations for Security Standards in final form in February 2003. The security standards were developed to help safeguard confidential health information, which is being processed increasingly by computers.
The mandates require covered ent....
Perspectives on Managing Regulations: HIPAA
Author: Davis, Nancy; Lemery, Chrisann
Source: AHIMA Convention
Publication Date: October 15, 2004
Introduction
On April 14, 2003, health care providers and health plans, as covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA), were required to be in compliance with the Privacy Rule. Effective April 14, 2005, these same covered entities wil....
More Than Code Revisions in the 2004 Changes to ICD-9-CM
Author: Giannangelo, Kathy
Source: Journal of AHIMA - Coding Notes
Publication Date: October 2004
Coding professionals in acute care hospitals know that ICD-9-CM code modifications are implemented every October 1. This year, however, changes taking place will have far-reaching effects. The reason? The diagnosis portion of ICD-9-CM named under HIPAA has become the standard code set for repo....
Trouble with Audit Controls
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: October 2004
The 2004 Phoenix Health System/HIMSS HIPAA compliance survey indicates that providers find audit controls the most difficult of the HIPAA security standards to implement.
While it is recognized that every organization must conduct a risk analysis to determine the systems or activities th....
HIPAA Security FAQs
Author: U.S. Centers for Medicare & Medicaid Services
Source: Government (U.S.)
Publication Date: August 16, 2004
Please be advised that these FAQs were generated from a database that is updated frequently. For the most up-to-date information, please visit http://questions.cms.hhs.gov.
Date: 9/30/2004
Question #1889: Are covered entities protected when they make disclosures t....
HIPAA Implementation: the Case for a Rational Roll-out Plan
Author: WebMD
Source: External web site
Publication Date: July 19, 2004
Kick Starting the Security Risk Analysis
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: July 2004
Many covered entities are just now starting to approach the compliance aspects of the HIPAA security rule. Why discuss “compliance aspects” and not standards or controls, as we did when preparing for the privacy rule? Privacy and security are long-standing concepts to healthcare,....
Updated Toolkit for Security Strategies
Author: Cooper, Ted
Source: Journal of AHIMA
Publication Date: July 2004
The first version of the Computer-based Patient Record Institute (CPRI) toolkit “Managing Information Security in Health Care” was published on the Web in May 1999 in response to the proposed HIPAA security and electronic signature standard of October 1998. The toolkit is intended....
Primer on Encryption
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: June 2004
Encryption is an addressable implementation specification under HIPAA’s access control and transmission security standards. Many providers are grappling with just how to address these specifications:
Is there a difference between the two specifications, and if so, what is the diff....
HIPAA Security Shopping List (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: May 2004
Many information security officials are barraged with requests for the latest security tools. Such shopping lists often do not reflect a structured plan or a true risk analysis to justify their cost or human resource requirements. This column describes some of the latest tools, how you can ev....
National Health Information Privacy and Security Week: Understanding the HIPAA Privacy and Security Rules
Author: AHIMA
Source: AHIMA presentation | AHIMA recognition week resources
Publication Date: April 12, 2004
2004 HIPAA Privacy & Security Compliance Survey
Author: AHIMA
Source: AHIMA
Publication Date: April 12, 2004
The results of a survey conducted by AHIMA to assess the current state of HIPAA privacy within the healthcare industry. These results are being released in conjunction with the first annual National Health Information Privacy and Security Week.
Security Awareness: The Right Messages
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: April 2004
How many of you have warned your e-mail users about “phishers”—e-mail that appears to come from a trusted source asking the recipient to click on a link to update personal details? But the site is really a fake, and the e-mail is a scam to steal personal information.
[1] 2 3