Author: Wiedemann, Lou Ann

Source: Journal of AHIMA

Publication Date: April 2017

Editor’s Note: The following is an excerpt from the new “External HIPAA Audit Readiness Toolkit” developed by AHIMA. The full toolkit is free for AHIMA members.


THE HITECH OMNIBUS Rule mandated that the US Department of Health and Human Services (HHS) condu....

Author: Barrett, Charlotte S; Beidler, Aurae; Davis, Nancy; Glondys, Barbara

Source: Journal of AHIMA

Publication Date: November 2016

Developing policies and standard procedures when working with patient aliases is one way to both respect patient privacy but also ensure the accuracy and integrity of patient data.


As defined in AHIMA’s Pocket Glossary, an “alias” is “a name added to,....

Author: AHIMA Work Group

Source: AHIMA practice brief

Publication Date: October 2016

This update supersedes the November 2013 practice brief, Guidelines for a Compliant Business Associate Agreement.



The Privacy Rule portion of the Health Insurance Portability and Accountability Act (HIPAA) defines a "business associate (BA) as a person or entity that performs....

Author: Saharia, Devendra

Source: Journal of AHIMA

Publication Date: April 2016

Disruptive technology can turn any industry on its head—virtually overnight. Just five years ago, summoning a taxi was an inefficient, time-consuming effort that often involved dialing up a dispatcher, who contacted a driver, who would then make their way to your location, perhaps in an h....

Author: Brinda, Danika

Source: Journal of AHIMA

Publication Date: January 2016

Stories about workforce members inappropriately accessing health information continue to plague the Department of Health and Human Services’ Data Breach Portal—which lists US provider data breaches that affect more than 500 individuals. Recently two data breaches reported on th....

Author: Lucci, Susan; Walsh, Tom

Source: Journal of AHIMA

Publication Date: November 2015

One of the most alarming statistics in the news, which is growing with intent and severity, is the prevalence of cyber-attacks, particularly in healthcare. It is an alarming trend that has gained a good deal of attention. For example, in July 2015, UCLA reported that up to 4.5 million pati....

Author: Lewis, Sharon; McLendon, Kelly

Source: Journal of AHIMA

Publication Date: October 2015

HIPAA uses the term “satisfactory assurances” four times in the text of its Privacy and Security Rules. Each time the statement is used it describes a covered entity’s (CE) responsibility to obtain satisfactory assurances from a business associate who creates, receives, maintains, or tran....

Author: Butler, Mary

Source: Journal of AHIMA

Publication Date: April 2015

In movies and on television lately, Hollywood has made encryption and decryption look exciting, glamorous, and world-saving. The film The Imitation Game and the BBC show The Bletchley Circle chronicle how British code breakers decrypted military strategy codes from the Nazi encryption tool....

Author: Asmonga, Donald D.

Source: Journal of AHIMA

Publication Date: January 2015

The wait for the second round of mandated privacy and security audits from the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) continues. OCR is currently working through final details for the revised audit plan as they await finalization of new technolog....

Author: Cacciatore, Victoria; Downing, Katherine

Source: Journal of AHIMA

Publication Date: July 2014

Criminal attacks on healthcare systems have risen 100 percent since 2010, according to a recent Ponemon study.1 This makes it obvious that the privacy and security of patient health information is vulnerable and highly susceptible to data breach. The HIPAA Breach Notification Rule became e....

Author:

Source: Journal of AHIMA

Publication Date: May 2014

Many health information management (HIM) experts have wondered whether there is protected health information (PHI) on the black market. In short, the answer is “yes.” According to a 2012 Ponemon Institute study, 90 percent of healthcare organizations surveyed have had at least....

Author: Hicks, Andrew

Source: Journal of AHIMA

Publication Date: April 2014

Some healthcare business associates are still asking if HITECH-HIPAA impacts them. The answer is just as important to their affiliated healthcare providers.


Thousands of companies are now legally obligated to comply with the HITECH-HIPAA regulations because of their busines....

Author: Walsh, Tom

Source: AHIMA practice brief

Publication Date: November 2013

Editor’s note: This update replaces the January 2011 practice brief “Security Risk Analysis and Management: An Overview.”


Managing risks is an essential step in operating any business. It’s impossible to eliminate all threats; however, healthcare organizati....

Author: AHIMA

Source: AHIMA practice brief

Publication Date: November 2013

This 2013 practice brief version has been retired and is retained here for historical purposes. Read the 2016 updated version of this Practice Brief here.



The Privacy Rule portion of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 defines a "business....

Author: Miaoulis, William M

Source: AHIMA practice brief

Publication Date: November 2013

Editor’s note: This update replaces the April 2004 and the November 2010 practice briefs titled “A HIPAA Security Overview.”


The HIPAA security rule has remained unchanged since its implementation more than a decade ago. However, the Health Information Technology for Economic a....

Author: Downing, Kathy; Lucci, Susan; Lerch, Diane M

Source: AHIMA practice brief

Publication Date: October 2013

Editor's note: This update replaces the November 2010 practice brief "HIPAA Privacy and Security Training."


On January 25, 2013, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the long-awaited Health Insurance Portability and Accoun....

Author: Warner, Diana

Source: Journal of AHIMA

Publication Date: April 2013

The HITECH Act’s omnibus HIPAA modification final rule, released January 25, 2013, finalized sweeping changes to privacy and security regulations. Though much of the proposed rule was adopted, the omnibus rule included major changes made to the “harm threshold” standard i....

Author: Solove, Daniel J

Source: Journal of AHIMA

Publication Date: April 2013

How HIPAA has performed overall as a privacy law is open to interpretation, but most agree it has had a wide-reaching impact on the healthcare industry. In comparison to the dozens of federal privacy laws for various industries, HIPAA is one of the most comprehensive and detailed. 

Author: AHIMA

Source: AHIMA regulation analysis

Publication Date: January 25, 2013

Author: U.S. Office for Civil Rights

Source: U.S. Department of Health & Human Services | U.S. Office for Civil Rights

Publication Date: January 2013

Rule modifies HIPAA by implementing statutory amendments under HITECH to strengthen the privacy and security protection for individuals’ health information; modifies the Breach Notification Rule under the HITECH Act, modifes the HIPAA Privacy Rule to strengthen the privacy protections for genetic information and makes certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on regulated entities.

Author: Greene, Adam H

Source: Journal of AHIMA

Publication Date: April 2012

The HIPAA privacy and security rules need not act as an obstacle to efficient communications, but keeping texting compliant requires planning and diligence.

Text (or SMS) messaging has become nearly ubiquitous on mobile devices. According to one survey, approximately 72 perce....

Author: Tomes, Jonathan P.

Source: Journal of AHIMA

Publication Date: March 2012

HHS's renewed interest in auditing for compliance is a good reminder to covered entities to ensure their privacy and security programs are up to date.

The Department of Health and Human Services' (HHS) announcement of a new program to audit compliance with the HIPAA priva....

Author: McLendon, Kelly

Source: Journal of AHIMA

Publication Date: March 2012

There has been a lack of enforcement of the privacy and security rules ever since HIPAA's inception. As such the adoption of comprehensive HIPAA compliance programs has lagged behind EHR development and implementation.

This in turn has caused little funding to be budgeted by provide....

Author: Dimick, Chris

Source: Journal of AHIMA

Publication Date: February 2012

The HIPAA transaction standards-meant to streamline financial and administrative transactions-have instead devolved into a kind of free-for-all. Now the first operating rules are in hand to standardize use of the standards and gain the efficiencies originally intended.

When it....

Author: Greene, Adam H

Source: Journal of AHIMA

Publication Date: October 2011

Now Is the Time to Review Security Policies and Procedures

In June 2011 the Department of Health and Human Services awarded KPMG a $9.2-million contract to create an audit protocol and audit organizational compliance with the HIPAA privacy and security requirements.1 The co....