Search Results

= Members only

Current search

215 results.

[1] 2 3

Are You Ready for a HIPAA Audit?

Author: Wiedemann, Lou Ann

Source: Journal of AHIMA

Publication Date: April 2017



Editor’s Note: The following is an excerpt from the new “External HIPAA Audit Readiness Toolkit” developed by AHIMA. The full toolkit is free for AHIMA members.


THE HITECH OMNIBUS Rule mandated that the US Department of Health and Human Services (HHS) condu....

Information Governance for Offsite Data Security

Author: Saharia, Devendra

Source: Journal of AHIMA

Publication Date: April 2016



Disruptive technology can turn any industry on its head—virtually overnight. Just five years ago, summoning a taxi was an inefficient, time-consuming effort that often involved dialing up a dispatcher, who contacted a driver, who would then make their way to your location, perhaps in an h....

Shifting from Reactive to Proactive HIPAA Audits

Author: Brinda, Danika

Source: Journal of AHIMA

Publication Date: January 2016



Stories about workforce members inappropriately accessing health information continue to plague the Department of Health and Human Services’ Data Breach Portal—which lists US provider data breaches that affect more than 500 individuals. Recently two data breaches reported on th....

Cybersecurity 101

Author: Lucci, Susan; Walsh, Tom

Source: Journal of AHIMA

Publication Date: November 2015



One of the most alarming statistics in the news, which is growing with intent and severity, is the prevalence of cyber-attacks, particularly in healthcare. It is an alarming trend that has gained a good deal of attention. For example, in July 2015, UCLA reported that up to 4.5 million pati....

Industry Awaits Phase 2 of HIPAA Audit Program

Author: Asmonga, Donald D.

Source: Journal of AHIMA

Publication Date: January 2015



The wait for the second round of mandated privacy and security audits from the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) continues. OCR is currently working through final details for the revised audit plan as they await finalization of new technolog....

HIPAA Breach Enforcement Roundup

Author: Cacciatore, Victoria; Downing, Katherine

Source: Journal of AHIMA

Publication Date: July 2014



Criminal attacks on healthcare systems have risen 100 percent since 2010, according to a recent Ponemon study.1 This makes it obvious that the privacy and security of patient health information is vulnerable and highly susceptible to data breach. The HIPAA Breach Notification Rule became e....

On the HIPAA Hook

Author: Hicks, Andrew

Source: Journal of AHIMA

Publication Date: April 2014



Some healthcare business associates are still asking if HITECH-HIPAA impacts them. The answer is just as important to their affiliated healthcare providers.


Thousands of companies are now legally obligated to comply with the HITECH-HIPAA regulations because of their busines....

HIPAA Security Overview - Retired

Author: Miaoulis, William M

Source: AHIMA practice brief

Publication Date: November 2013


Editor’s note: This update replaces the April 2004 and the November 2010 practice briefs titled “A HIPAA Security Overview.”


The HIPAA security rule has remained unchanged since its implementation more than a decade ago. However, the Health Information Technology for Economic a....

Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules; Final Rule

Author: U.S. Office for Civil Rights

Source: U.S. Department of Health & Human Services | U.S. Office for Civil Rights

Publication Date: January 2013

Rule modifies HIPAA by implementing statutory amendments under HITECH to strengthen the privacy and security protection for individuals’ health information; modifies the Breach Notification Rule under the HITECH Act, modifes the HIPAA Privacy Rule to strengthen the privacy protections for genetic information and makes certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on regulated entities.

HIPAA Compliance for Clinician Texting

Author: Greene, Adam H

Source: Journal of AHIMA

Publication Date: April 2012



The HIPAA privacy and security rules need not act as an obstacle to efficient communications, but keeping texting compliant requires planning and diligence.

Text (or SMS) messaging has become nearly ubiquitous on mobile devices. According to one survey, approximately 72 perce....

Automation for Privacy and Security Compliance

Author: McLendon, Kelly

Source: Journal of AHIMA

Publication Date: March 2012


There has been a lack of enforcement of the privacy and security rules ever since HIPAA's inception. As such the adoption of comprehensive HIPAA compliance programs has lagged behind EHR development and implementation.

This in turn has caused little funding to be budgeted by provide....

The Year That Was and the Year to Be

Author: Asmonga, Donald D.

Source: Journal of AHIMA

Publication Date: February 2011


The second session of the 111th Congress began with the Democrats in firm control of the House and Senate. Working from their position of power enabled the Democrats to pass healthcare reform.

Although Congress was mired in contentious debates, AHIMA still advocated for its public po....

CMS’s 2009 Security Assessment Process

Author: Dinh, Angela K.

Source: Journal of AHIMA

Publication Date: September 2009


In 2008 the Centers for Medicare and Medicaid Services (CMS) conducted 10 HIPAA security assessments in covered entities (CEs) nationwide. CMS’s stated purpose was not to identify flaws but to gain a true understanding of industry compliance with the HIPAA security rule.

CMS co....

Spoliation of Medical Evidence

Author: Tomes, Jonathan P.

Source: Journal of AHIMA

Publication Date: October 2005


To avoid the improper destruction or alteration of records, HIM departments must follow a retention schedule, train personnel, and ensure that corrections leave original entries intact.
Although the legal concept known as spoliation of evidence has been a part of the American legal syste....

How to Safely Recycle PCs

Author: Quinsey, Carol Ann

Source: Journal of AHIMA

Publication Date: June 2005


Securing the privacy of both protected health information and personal information should be a primary concern when personal computers have outlived their usefulness. Recycling or disposing of a computer safely can be a challenge.

It’s not enough to simply give an old computer....

HIPAA Security: Don't Disband the Committee Just Yet

Author: Brown, Stephen C.

Source: Journal of AHIMA

Publication Date: May 2005


By now, every healthcare organization has faced the initial security compliance responsibilities associated with HIPAA. However, the compliance road has not yet been fully traveled. The nature of the rule makes compliance a recursive effort of reassessment, continual auditing, regular educatio....

State of HIPAA Privacy and Security Compliance 2005

Author: AHIMA

Source: AHIMA report

Publication Date: April 11, 2005

The results of a survey to assess the current state of HIPAA privacy and security within the healthcare industry.

AHIMA releases the results of this research in conjunction with the second annual National Health Information Privacy and Security Week, April 10-16, 2005. AHIMA is sponsoring National Health Information Privacy and Security Week to raise awareness among healthcare professionals, their employers, the media, and the public regarding the importance of protecting the privacy, confidentiality, and security of personal health information (PHI).

HIPAA Marches On--Or Does It?

Author: Rode, Dan

Source: Journal of AHIMA

Publication Date: March 2005


HIPAA has taught us that standardization is hard. When the act was signed into law in 1996, the optimists among us believed that within four years the healthcare industry would be using a variety of uniform national administrative transactions, most associated with what we now call the revenue....

Reporting Security Incidents

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: March 2005


HIPAA requires covered entities “implement policies and procedures to address security incidents.” There is one implementation specification: to “identify and respond to suspected or known security incidents; mitigate, to the extent practical, harmful effects of security inci....

Safeguarding ePHI from Fire the Dry Way

Author: Brown, Karen

Source: Journal of AHIMA

Publication Date: March 2005


With HIPAA’s security rule compliance date right around the corner, many HIM professionals are still trying to determine if they have adequate safeguards in place to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI).

Many....

HIPAA Audit and System Activity Review: Developing a Process that Focuses on the Greatest Risks First

Author: Hofler, Linda D.; Hardee, Joy; Dildy, Kenneth; Burleson, Deeanna; Grady, Jamie

Source: Journal of AHIMA

Publication Date: March 2005


The privacy and security rules require audits and system activity reviews. Here is one health system's process, a systematic approach that focuses on areas of greatest risk.
Ensuring the privacy and confidentiality of patient information is fundamental to HIM, but it has taken on a new le....

Access Controls: Striking the Right Balance

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: January 2005


As healthcare organizations put the finishing touches on their HIPAA security compliance plans, many are finding that updating access controls is not easy. Clinicians often scoff at the word “control” in general and at “access control” in particular. Not all products ar....

What is Security Auditing?

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: November 2004


The HIPAA security rule includes a requirement for audit controls and to monitor and manage ongoing security for a variety of processes. But the requirement for internal audit was changed to “information security activity review,” and there is no other specific reference to auditin....

Trouble with Audit Controls

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: October 2004


The 2004 Phoenix Health System/HIMSS HIPAA compliance survey indicates that providers find audit controls the most difficult of the HIPAA security standards to implement.
While it is recognized that every organization must conduct a risk analysis to determine the systems or activities th....

Kick Starting the Security Risk Analysis

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: July 2004


Many covered entities are just now starting to approach the compliance aspects of the HIPAA security rule. Why discuss “compliance aspects” and not standards or controls, as we did when preparing for the privacy rule? Privacy and security are long-standing concepts to healthcare,....

Updated Toolkit for Security Strategies

Author: Cooper, Ted

Source: Journal of AHIMA

Publication Date: July 2004


The first version of the Computer-based Patient Record Institute (CPRI) toolkit “Managing Information Security in Health Care” was published on the Web in May 1999 in response to the proposed HIPAA security and electronic signature standard of October 1998. The toolkit is intended....

Primer on Encryption

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: June 2004


Encryption is an addressable implementation specification under HIPAA’s access control and transmission security standards. Many providers are grappling with just how to address these specifications:
Is there a difference between the two specifications, and if so, what is the diff....

HIPAA Security Shopping List (HIPAA on the Job)

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: May 2004


Many information security officials are barraged with requests for the latest security tools. Such shopping lists often do not reflect a structured plan or a true risk analysis to justify their cost or human resource requirements. This column describes some of the latest tools, how you can ev....

2004 HIPAA Privacy & Security Compliance Survey

Author: AHIMA

Source: AHIMA

Publication Date: April 12, 2004

The results of a survey conducted by AHIMA to assess the current state of HIPAA privacy within the healthcare industry. These results are being released in conjunction with the first annual National Health Information Privacy and Security Week.

[1] 2 3