Author: Lee, Michael R.

Source: Journal of AHIMA

Publication Date: April 2003

In the event of a privacy-related legal challenge, the content of your organization’s notice of privacy practices (NPP) will be a focal point for both plaintiff and defense arguments with respect to the protected health information (PHI) disclosure activities of your organization. Is your....

Author: Gallagher, Patrick; Pavoni, Mary Mike

Source: In Confidence (newsletter)

Publication Date: April 02, 2003

HIPAA laws have strengthened patients’ rights concerning access to their private medical information while at the same time making them more aware of their rights. Consequently, more patients are going to be requesting an accounting of disclosures (AOD) in the future.
According to secti....

Author: Carol, Ruth

Source: Journal of AHIMA

Publication Date: April 2003

Author: Rhodes, Harry B.; Hughes, Gwen

Source: AHIMA practice brief | Journal of AHIMA

Publication Date: April 2003

This practice brief has been updated. See the latest version here. This version is made available for historical purposes only.

Author: Pritts, Joy

Source: In Confidence (newsletter)

Publication Date: April 02, 2003

April 14, 2003, might mark the beginning of HIPAA compliance, but it does not signify the end of state health privacy laws. HIPAA does not preempt (supersede) state laws that either don’t conflict with HIPAA or are more stringent than the federal regulation. Figuring out which state laws rema....

Author: Dougherty, Michelle

Source: In Confidence (newsletter) | AHIMA Q and A

Publication Date: April 02, 2003

Question: Our organization is struggling with how to handle employee access to medical records.We have an electronic medical record system and employees are accessing their own medical records during working hours. We are having a significant debate at our organization about the rights of emp....

Author: Rode, Dan

Source: Journal of AHIMA

Publication Date: May 2003

With the release of the final HIPAA security regulations in February, HIM has taken yet another step toward the transition from paper to the electronic health record (EHR). This article discusses key areas of security compliance and how your organization can be prepared.

When PHI Go....

Author: Dunn, Rose T

Source: External - used with permission

Publication Date: May 02, 2003

This worksheet has been developed to provide guidance on components to consider in developing the basis for a reasonable, cost-based charge for the Accounting for Disclosure (164.528). This worksheet is not intended to be all inclusive. Users are encouraged to discuss inclusions to this analysis with their facility’s cost accountant.

Author: Dunn, Rose T

Source: Journal of AHIMA

Publication Date: May 2003

The privacy rule allows a covered entity to charge a cost-based fee for providing an accounting of disclosure (AOD). Has your organization determined these costs? Calculating the actual costs may be more involved than you think. This article will discuss the requirements for setting the fee an....

Author: Harman, Laurinda B.

Source: In Confidence (newsletter)

Publication Date: May 02, 2003

There was a time when the decision regarding access to information generated about adopted children was relatively easy and the HIM professional could refer to the state statutes for guidance. This article suggests that the legal aspect is a necessary but insufficient basis for making decisio....

Author: Weintraub, Abner E.

Source: Journal of AHIMA

Publication Date: May 2003

With the April 14 HIPAA privacy deadline behind us, many covered entities are still struggling to become compliant. Limited budgets and staff, conflicting advice, and unforeseen delays have all conspired to keep many covered entities from meeting the deadline.


What do you tell....

Author: Shanley, Suzanne

Source: In Confidence (newsletter)

Publication Date: May 02, 2003

Under the security rule, covered entities must ensure that some process is put in place to record and review system access and activity. Audit controls are required to record any alterations to confidential patient information, including changes to content and the addition or deletion of info....

Author: Dunn, Rose T

Source: External - used with permission

Publication Date: May 02, 2003

Reprinted with permission from Rose T. Dunn, CPA, RHIA, FACHE, First Class Solutions, Inc., 2003.

Author: AHIMA Professional Practice Team

Source: AHIMA Q and A

Publication Date: June 02, 2003

Q: Under the privacy rule, how should a physician’s office handle a request from parents for a written statement recommending limitation of their child’s activities at school?

A: Most covered entities have policies requiring written requests or authorizations for disclosure of....

Author: Jacobs, Jodi

Source: In Confidence (newsletter)

Publication Date: June 02, 2003

Oral privacy is not a new need or requirement in healthcare. However, because it is now backed by a federal mandate, it is receiving newfound attention. With the passing of the April 14, 2003, deadline for HIPAA compliance, hospitals, pharmacies, clearinghouses, physician’s offices, military....

Author: Ruano, Michael

Source: In Confidence (newsletter)

Publication Date: June 02, 2003

Part four in a 10-part series.
This article is the fourth of a 10-part series that introduces the domains of information security and relates them to federal HIPAA regulations. The information security domain of cryptography is probably the most complex and mathematical of all the domai....

Author: Quinsey, Carol Ann

Source: Journal of AHIMA

Publication Date: June 2003

Obtaining “satisfactory assurance” in the privacy rule may sound like something new, but the concept has been around for a long time. Do you know what it means and how it affects your HIM department? This article will explain what obtaining satisfactory assurance means and how it can....

Author: Apple, Gordon J.

Source: In Confidence (newsletter)

Publication Date: June 02, 2003

Former President Ronald Reagan coined a phrase during the Cold War, “trust, but verify,” regarding treaties with the former Soviet Union. Today, as we ponder the enforcement environment likely to emerge over HIPAA, a more apt phrase may be “trust, don’t do much, and react to public pressure.”....

Author: AHIMA Professional Practice Team

Source: AHIMA Q and A

Publication Date: June 02, 2003

Q: What are a covered entity’s legal responsibilities when a former employee breaches confidentiality of information gained during his or her employment period?

A: Individual state laws would affect the outcome of litigation if charges were pressed through civil action. If the organ....

Author: Burrington-Brown, Jill

Source: Journal of AHIMA

Publication Date: June 2003

Has your organization addressed sanctions related to privacy and security issues? Both the final privacy rule and final security rule address this issue. The privacy rule states that the covered entity must “have and apply appropriate sanctions against members of its workforce who fail to....

Author: Quinsey, Carol Ann

Source: Journal of AHIMA

Publication Date: July 2003

Are the rules for the suspension of disclosure accounting keeping your organization in suspense?


Section 164.528 of the privacy rule outlines the requirements for accounting of disclosures for individuals. Section 164.528 (a)(2)(i) calls for suspension of disclosure accounting....

Author: Salem, Didier

Source: In Confidence (newsletter)

Publication Date: July 02, 2003

While adherence to most of the HIPAA privacy rule clauses requires establishment of policies, procedures, and training of appropriate personnel, some of the clauses require establishing permanent record-keeping processes. Accounting of disclosures, minimum necessary, complaints, sanctions, an....

Author: Quinsey, Carol Ann

Source: In Confidence (newsletter) | AHIMA Q and A

Publication Date: July 02, 2003

Question: Occasionally HIM departments are asked to prepare a list of cases for physicians or surgeons preparing to take their specialty board exams. The physicians are required to submit such a list to the professional board (such as OB/GYN, general surgery, plastic surgery, etc.) conducting....

Author: Stuard, Susan

Source: In Confidence (newsletter)

Publication Date: July 02, 2003

The accounting of disclosures requirement is one of the most difficult aspects of the HIPAA privacy rule to implement. Initially the rule’s complexity was obscured by the more pressing concerns presented by the requirement to obtain consent and the confusing research and marketing standard. A....

Author: Ruano, Michael

Source: In Confidence (newsletter)

Publication Date: July 02, 2003

Part five in a 10-part series.
This article is the fifth of a 10-part series that introduces the domains of information security and relates them to federal HIPAA regulations. The information security domain of security architecture and models speaks to computer architectures, security....

Author: Weintraub, Abner E.

Source: In Confidence (newsletter)

Publication Date: July 02, 2003

HIPAA is strong medicine for healthcare and for patients. But who’s telling patients what they need to know about protecting their privacy? What benefits would healthcare providers enjoy if patients were clearly informed about HIPAA?
Educating patients about HIPAA offers a number of pot....

Author: Burrington-Brown, Jill

Source: In Confidence (newsletter) | AHIMA Q and A

Publication Date: August 02, 2003

Question: When patients have privacy complaints, should we require them to put it in writing and sign it? Also, how should we handle telephone complaints?
Answer: The privacy rule does not define the process for complaints within covered entities. The covered entity (CE) must provide a....

Author: Gallagher, Lisa; Yale, Ken

Source: In Confidence (newsletter)

Publication Date: August 02, 2003

The HIPAA privacy rule requires that a covered entity (CE) institute appropriate administrative, technical, and physical measures to reasonably safeguard the privacy of protected health information (PHI). In order to keep information “private,” it must be kept safe or secure. Therefore, logic....

Author: Gradle, Brian D.

Source: In Confidence (newsletter)

Publication Date: August 02, 2003

If you were to ask health information managers for a one-word response to HIPAA, the majority of the replies would likely be “privacy.”However, simply because the compliance date for the final security rule (which was published by the government in February and applies to electronic informati....

Author: Cohen, Kathleen

Source: In Confidence (newsletter)

Publication Date: August 02, 2003

How are you making sure that your organization is complying with the HIPAA privacy regulations? Many hospitals are doing HIPAA rounds with privacy officers, going from unit to unit to assess and document HIPAA compliance. But trying to make sense of the data collected during HIPAA rounds can....

Author: Dougherty, Michelle

Source: In Confidence (newsletter) | AHIMA Q and A

Publication Date: September 02, 2003

Question: I have had attorneys complain about being charged the state-allowed copy fee rather than the reduced rate charged to patients under HIPAA. Is an attorney considered the individual’s personal representative?
Answer: Your organization may charge the state-defined copy fee and a....

Author: AHIMA Professional Practice Team

Source: AHIMA Q and A

Publication Date: September 02, 2003

Q: Under HIPAA, how should covered entities respond to requests from public health officials who state that they need protected health information (PHI) to carry out their duties?

A: The privacy rule recognizes that PHI may be needed to respond to threats to public health, including the....

Author: Derhak, Mike

Source: In Confidence (newsletter)

Publication Date: September 02, 2003

Inappropriate sharing of protected health information. Sending intimidating e-mails. Browsing inappropriate Web sites. Downloading unauthorized Web content. Software, music, or video piracy. These are just a few examples of internal security breaches companies may face. According to the 2003....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: October 2003

Shadow charts, independent databases, or “orphan systems,” as they are sometimes called, are among the most controversial and difficult to manage forms of protected health information (PHI) that exist. Yet some providers are having success using HIPAA’s privacy and security stan....

Author: Burrington-Brown, Jill

Source: In Confidence (newsletter) | AHIMA Q and A

Publication Date: October 02, 2003

Question: How should we handle protected health information (PHI) we receive either in error or for a patient that never shows up for their appointment?
Answer: When you receive PHI in the mail, by fax, or by any other method, you should treat it as carefully as if it were PHI generated....

Author: Burrington-Brown, Jill

Source: AHIMA Q and A | Journal of AHIMA

Publication Date: October 2003

Q: Does the privacy rule allow us to release patient information over the telephone without authorization? How do I decide when I should ask for verification of a treatment relationship with the patient?

A: In the past, HIM professionals have carefully guarded the releasing of patient i....

Author: AHIMA Task Force

Source: AHIMA Task Force

Publication Date: October 20, 2003

This practice brief has been updated. See the latest version here. This version is made available for historical purposes only.

Author: AHIMA Task Force

Source: AHIMA practice brief

Publication Date: October 2003

This practice brief has been updated. See the latest version here. This version is made available for historical purposes only.

Author: AHIMA Task Force

Source: AHIMA practice brief

Publication Date: October 2003

This practice brief has been updated. See the latest version here. This version is made available for historical purposes only.

Author: Ruano, Michael

Source: In Confidence (newsletter)

Publication Date: November 02, 2003

Part nine in a 10-part series.
This article is the ninth of a 10-part series that introduces the domains of information security and relates them to federal HIPAA regulations. The information security domain of law, investigation, and ethics covers these topics in depth and provides a p....

Author: Hjort, Beth M.

Source: In Confidence (newsletter)

Publication Date: November 02, 2003

Q: Hospitals must have sensitive yet confidential policies for handling concerned family and friends with questions about loved ones within their facilities. How can a covered entity (CE) be confident about appropriate telephone release of information when it’s so difficult to validate a call....

Author: Fodor, Joseph

Source: Journal of AHIMA

Publication Date: January 2004

As electronic health records (EHRs) become more commonplace in healthcare, changes, adjustments, and improvements will be inevitable. When designing, implementing, upgrading, or remediating an EHR system, your organization’s implementation team should consider the impact of complying wit....

Author: Hagland, Mark

Source: Journal of AHIMA

Publication Date: February 2004

New technologies are enhancing the ability to protect patient information. But there’s more to successful implementation than just what’s inside the box.

Melanie Schattauer, RHIA, Jack Obert, and their colleagues at Mercy St. John’s Health System in Springfield, M....

Author: Walsh, Tom

Source: Journal of AHIMA

Publication Date: February 2004

Proving security compliance later requires establishing documentation now. HIM professionals have a valuable role to play.

HIM professionals played central roles in their organization’s privacy efforts, ensuring that appropriate policies, procedures, and documents were in plac....

Author: Davino, Margaret

Source: Journal of AHIMA

Publication Date: March 2004

Healthcare providers can outsource transcription, but they can’t outsource their obligation to safeguard privacy. Here’s how to minimize risk.
Healthcare providers are faced with multiple pressures, many of them financial. The need for management to meet financial constraints....

Author: Hjort, Beth M.

Source: AHIMA practice brief

Publication Date: March 2004

This practice brief has been retired. It is made available for historical purposes only.

Author: Kloss, Linda L

Source: Journal of AHIMA

Publication Date: April 2004

The past year has been a remarkable one for highly public challenges to privacy of personal health information. Access to records has been sought for presidential candidates and in high-profile cases such as Michael Jackson, Rush Limbaugh, and Kobe Bryant. The Department of Justice is attempti....

Author: Haines, Pamela T.

Source: Journal of AHIMA

Publication Date: April 2004

If you are writing business associate agreements for a healthcare provider these days, you have probably discovered there are often no magic words or formulas that will produce an agreement. Although sample forms available from various sources may be helpful, generally no two business associat....

Author: Firouzan, Patricia Anania; McKinnon, James

Source: Perspectives in Health Information Management

Publication Date: April 2004

Abstract


A 20-question survey was sent in the mail to HIM directors in Pennsylvania healthcare facilities to solicit feedback regarding implementation issues of the HIPAA privacy rule requirements. Questions focused on gathering basic demographic data, information on HIM involveme....

Author: Schrader, Michael

Source: Journal of AHIMA

Publication Date: May 2004

In Santa Barbara County, a regional data-sharing network offers a model for the future of HIM infrastructures.
Located north of Los Angeles, Santa Barbara County is a favorite destination, known for its beaches, resorts, and vineyards. Local homeowners include Oprah Winfrey, Martin Shee....