Author: AHIMA

Source: AHIMA

Publication Date: September 21, 2011

Author: Greene, Adam H

Source: Journal of AHIMA

Publication Date: October 2011

Now Is the Time to Review Security Policies and Procedures

In June 2011 the Department of Health and Human Services awarded KPMG a $9.2-million contract to create an audit protocol and audit organizational compliance with the HIPAA privacy and security requirements.1 The co....

Author: Rode, Dan

Source: Journal of AHIMA

Publication Date: February 2012

This year the healthcare industry will contend with more changes to HIPAA resulting from the American Recovery and Reinvestment Act of 2009 and the Affordable Care Act of 2010. In order to understand where the HIPAA regulations are heading, it helps to take a look back at the roads they ha....

Author: Dimick, Chris

Source: Journal of AHIMA

Publication Date: February 2012

The HIPAA transaction standards-meant to streamline financial and administrative transactions-have instead devolved into a kind of free-for-all. Now the first operating rules are in hand to standardize use of the standards and gain the efficiencies originally intended.

When it....

Author: Derlink, Amy L; Schembari, Elaine

Source: Journal of AHIMA

Publication Date: March 2012

Responding to an audit can be hectic and stressful, but HIM professionals must remember to hold external record reviewers accountable to good privacy and security practices.

When you visit the hair salon, take an exercise class, or sit across from a financial planner, you expect them....

Author: Tomes, Jonathan P.

Source: Journal of AHIMA

Publication Date: March 2012

HHS's renewed interest in auditing for compliance is a good reminder to covered entities to ensure their privacy and security programs are up to date.

The Department of Health and Human Services' (HHS) announcement of a new program to audit compliance with the HIPAA priva....

Author: McLendon, Kelly

Source: Journal of AHIMA

Publication Date: March 2012

There has been a lack of enforcement of the privacy and security rules ever since HIPAA's inception. As such the adoption of comprehensive HIPAA compliance programs has lagged behind EHR development and implementation.

This in turn has caused little funding to be budgeted by provide....

Author: Greene, Adam H

Source: Journal of AHIMA

Publication Date: April 2012

The HIPAA privacy and security rules need not act as an obstacle to efficient communications, but keeping texting compliant requires planning and diligence.

Text (or SMS) messaging has become nearly ubiquitous on mobile devices. According to one survey, approximately 72 perce....

Author: Dimick, Chris

Source: Journal of AHIMA

Publication Date: April 2012

It has been a decade since the first privacy officers took their jobs in response to the HIPAA privacy rule. A slew of changes since then have added more responsibility, required more skills, and demanded more time of them than anyone could have imagined.

When Nancy Davis, R....

Author: U.S. Office for Civil Rights

Source: Government (U.S.) | U.S. Department of Health & Human Services

Publication Date: September 04, 2012

Author: U.S. Department of Health and Human Services

Source: Government (U.S.)

Publication Date: January 25, 2013

Author: AHIMA

Source: AHIMA regulation analysis

Publication Date: January 25, 2013

Author: U.S. Office for Civil Rights

Source: U.S. Department of Health & Human Services | U.S. Office for Civil Rights

Publication Date: January 2013

Rule modifies HIPAA by implementing statutory amendments under HITECH to strengthen the privacy and security protection for individuals’ health information; modifies the Breach Notification Rule under the HITECH Act, modifes the HIPAA Privacy Rule to strengthen the privacy protections for genetic information and makes certain other modifications to the HIPAA Privacy, Security, Breach Notification, and Enforcement Rules (the HIPAA Rules) to improve their workability and effectiveness and to increase flexibility for and decrease burden on regulated entities.

Author: Dimick, Chris

Source: AHIMA regulation analysis | Journal of AHIMA

Publication Date: March 2013

At 138 fine-print pages, the final rule detailing the HITECH Act’s modifications to HIPAA privacy and security requirements is not a quick or easy read. But it is an important read since the content of the Federal Register post drastically impacts HIM professionals and their business....

Author: Bowen, Rita K.

Source: Journal of AHIMA - website

Publication Date: April 2013

The HIPAA Omnibus Rule, the new Final Rule modifying HIPAA, was published in the Federal Register on January 25, 2013. The amended rule went into effect on March 26 and full compliance is expected by September 23. For HIM professionals, the most far-reaching of the changes to HIPAA is that....

Author: Hofman, Judi

Source: Journal of AHIMA

Publication Date: April 2013

Due to new HIPAA rules, HIM must strike an appropriate privacy balance when releasing decedent records

Author: Solove, Daniel J

Source: Journal of AHIMA

Publication Date: April 2013

Ten years ago after countless years of germination and many twists and turns, the HIPAA Privacy Rule finally became effective. It would soon be followed by the HIPAA Security Rule-which was published in 2003 and became effective in 2005-and eventually by the HIPAA Enforcement Rule and the....

Author: Rode, Dan

Source: Journal of AHIMA

Publication Date: April 2013

The Office for Civil Rights (OCR) has published the long-awaited final omnibus rules covering many HITECH Act requirements in the January 25, 2013 Federal Register (78FR5566). The rule is officially titled “Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notific....

Author: White, Susan E

Source: Journal of AHIMA

Publication Date: April 2013

One of the newest buzz words in data analytics is “Big Data,” and the data created through the healthcare industry is some of the “biggest” around. The widespread implementation of electronic health records (EHRs) and the need to share data to measure quality and ma....

Author: Warner, Diana

Source: Journal of AHIMA

Publication Date: April 2013

The HITECH Act’s omnibus HIPAA modification final rule, released January 25, 2013, finalized sweeping changes to privacy and security regulations. Though much of the proposed rule was adopted, the omnibus rule included major changes made to the “harm threshold” standard i....

Author: Solove, Daniel J

Source: Journal of AHIMA

Publication Date: April 2013

How HIPAA has performed overall as a privacy law is open to interpretation, but most agree it has had a wide-reaching impact on the healthcare industry. In comparison to the dozens of federal privacy laws for various industries, HIPAA is one of the most comprehensive and detailed. 

Author: McDavid, Jan P

Source: Journal of AHIMA

Publication Date: May 2013

Business associates (BAs) of HIPAA-covered entities like hospitals and doctor's offices should already be intimately acquainted with HIPAA's privacy and security regulations. BAs should already have business associate agreements with every covered entity with whom they work and assume resp....

Author: Warner, Diana

Source: AHIMA practice brief

Publication Date: May 2013

This practice brief reviews the federal regulations that affect research and the requirements regarding the use and protection of an individual's information.

Author: Schmidt, Peg; Downing, Kathy

Source: AHIMA practice brief

Publication Date: August 2013

Editor's note: This update supplants the 2002 practice brief  "Release of Information for Marketing or Fund-raising Purposes."


Since its original compliance date in 2003, the HIPAA privacy rule required covered entities (CEs) to adhere to certain standards relative to the use....

Author: McSteen, Thomas

Source: Journal of AHIMA

Publication Date: September 2013

The 2013 HIPAA Omnibus Rule marks a key milestone for implementation of the 2009 Health Information Technology for Economic and Clinical Health Act (HITECH). One of the most far-reaching impacts of HITECH and the Omnibus Rule is that business associates (BA) and their subcontractors now mu....

Author: U.S. Department of Health and Human Services

Source: Government (U.S.) | External web site | U.S. Department of Health & Human Services

Publication Date: September 2013

This U.S. Department of Health and Human Services web site provides guidance on aspects of the HIPAA privacy rule. New sections added in 2013 address decedents, student immunizations, and refill reminders.

Author: Downing, Kathy; McMillan, Mac

Source: Journal of AHIMA

Publication Date: October 2013

The American Recovery and Reinvestment Act (ARRA) of 2009, in section 13411, requires the US Department of Health and Human Services (HHS) to conduct periodic audits to ensure covered entities and business associates are meeting HIPAA compliance requirements.


The findings of....

Author: McLendon, Kelly; Rose, Angela Dinh

Source: AHIMA practice brief

Publication Date: October 2013

Editor's note: This update supplants the February 2011 practice brief "Notice of Privacy Practices."


Timely, accurate, and complete health information must be collected, maintained, and made available to members of an individual's healthcare team so that members of the team can a....

Author: AHIMA

Source: AHIMA practice brief

Publication Date: October 2013

This practice brief has been updated. See the latest version here. This version is made available for historical purposes only.

Author: Downing, Kathy; Lucci, Susan; Lerch, Diane M

Source: AHIMA practice brief

Publication Date: October 2013

Editor's note: This update replaces the November 2010 practice brief "HIPAA Privacy and Security Training."


On January 25, 2013, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) published the long-awaited Health Insurance Portability and Accoun....

Author: AHIMA

Source: AHIMA

Publication Date: October 2013

Talking points for the adoption of ICD-10-CM/PCS

Author: Downing, Kathy; McLendon, Kelly

Source: Journal of AHIMA

Publication Date: November 2013

Accounting of disclosures (AOD) is one "patient right" listed within the HIPAA Privacy Rule. Since the rules were implemented in 2003, AOD has been a topic of much discussion but has not generated much regulatory action from the US Department of Health and Human Services' (HHS) Office for....

Author: Downing, Kathy; Odia, Godwin

Source: AHIMA practice brief

Publication Date: November 2013

Editor’s note: This update supplants the 2009 practice brief “Redisclosure of Patient Health Information.”


Redisclosure is the act of sharing or releasing health information that was received from another source (e.g., external facility or provider) and made part....

Author: Walsh, Tom

Source: AHIMA practice brief

Publication Date: November 2013

Editor’s note: This update replaces the January 2011 practice brief “Security Risk Analysis and Management: An Overview.”


Managing risks is an essential step in operating any business. It’s impossible to eliminate all threats; however, healthcare organizati....

Author: Dunn, Rose T; Rose, Angela Dinh; Wieland, LaVonne R.

Source: AHIMA practice brief

Publication Date: November 2013

Editor’s note: The following article supplants information contained in the October 2002 “Required Content for Authorizations to Disclose” Practice Brief.


The HIPAA privacy rule became effective April 14, 2003, and established standards for information disclosure....

Author: AHIMA

Source: AHIMA practice brief

Publication Date: November 2013

This 2013 practice brief version has been retired and is retained here for historical purposes. Read the 2016 updated version of this Practice Brief here.



The Privacy Rule portion of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 defines a "business....

Author: Miaoulis, William M

Source: AHIMA practice brief

Publication Date: November 2013

Editor’s note: This update replaces the April 2004 and the November 2010 practice briefs titled “A HIPAA Security Overview.”


The HIPAA security rule has remained unchanged since its implementation more than a decade ago. However, the Health Information Technology for Economic a....

Author: Tomes, Jonathan P.

Source: Journal of AHIMA - website

Publication Date: January 2014

HIM professionals and privacy and security officers are likely already familiar with their facility’s business associates. But with the recent dramatic changes to the business associate relationship in the HITECH Act and the Omnibus Final Rule, there is plenty of new ground....

Author: Tomes, Jonathan P.

Source: Journal of AHIMA - website

Publication Date: January 2014

This is the second installment in a three-part article series on avoiding liability for breaches by business associates. This article will provide guidance on how to avoid liability for breaches by business associates.


For background on the changes to the busin....

Author: Tomes, Jonathan P.

Source: Journal of AHIMA - website

Publication Date: January 2014

This is the third installment in a three-part article series on avoiding liability for breaches by business associates. This article will discuss adjustments needed in the business associate relationship, as well as ongoing strategies for adapting to the recent changes.
....

Author: Butler, Mary

Source: Journal of AHIMA - website

Publication Date: March 01, 2014

Health information management (HIM) professionals are too often witness to an array of fraudulent activities, whether its fraud via “upcoding,” improper disclosure of protected health information (PHI), or other breach activities.


Since reporting noncomplia....

Author: Butler, Mary

Source: Journal of AHIMA - website

Publication Date: April 2014

The HITECH-HIPAA Final Rule has changed the way healthcare organizations do business, and those with seats in the C-suite can’t afford to stay out of the weeds with the new regulations.


Daniel Solove, founder of the HIPAA training firm TeachPrivacy, and law professor at....

Author: AHIMA Advocacy and Policy Team

Source: Journal of AHIMA

Publication Date: April 2014

The healthcare patient engagement revolution rolls on in the US, with the latest victory for patient advocates coming via a change in patient access rights to lab test information. New legislation recently enacted makes it easier than ever before for all US patients to gain access to thei....

Author: AHIMA Work Group

Source: AHIMA practice brief | Journal of AHIMA

Publication Date: April 2014

Covered entities should already have in place the mechanisms for limiting PHI under minimum necessary policies and procedures. This Practice Brief provides guidance to assist organizations in complying with the 2013 HITECH-HIPAA Omnibus Rule’s new disclosure restriction requirements.

Author: Downing, Katherine

Source: Journal of AHIMA

Publication Date: April 2014

On January 25, 2013, the US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) published the long-awaited HITECH-HIPAA Omnibus Final Rule in the Federal Register. As anticipated, the Omnibus Rule includes some of the most significant changes to patient priva....

Author: Butler, Mary

Source: Journal of AHIMA

Publication Date: April 2014

Have a spare 32.8 million hours? The US Department of Health and Human Services (HHS) sure hopes so.


As noted in the Federal Register, that figure is the total number of hours the HHS Office for Civil Rights (OCR) estimated it would take all HIPAA-covered entities combined....

Author: Hicks, Andrew

Source: Journal of AHIMA

Publication Date: April 2014

Some healthcare business associates are still asking if HITECH-HIPAA impacts them. The answer is just as important to their affiliated healthcare providers.


Thousands of companies are now legally obligated to comply with the HITECH-HIPAA regulations because of their busines....

Author:

Source: Journal of AHIMA

Publication Date: May 2014

Many health information management (HIM) experts have wondered whether there is protected health information (PHI) on the black market. In short, the answer is “yes.” According to a 2012 Ponemon Institute study, 90 percent of healthcare organizations surveyed have had at least....

Author: Cacciatore, Victoria; Downing, Katherine

Source: Journal of AHIMA

Publication Date: July 2014

Criminal attacks on healthcare systems have risen 100 percent since 2010, according to a recent Ponemon study.1 This makes it obvious that the privacy and security of patient health information is vulnerable and highly susceptible to data breach. The HIPAA Breach Notification Rule became e....

Author: Hedges, Ron; Brady, Kevin

Source: Journal of AHIMA

Publication Date: September 2014

Every Health information management (HIM) professional, lawyer, and healthcare consumer should be familiar with the Health Insurance Portability and Accountability Act (HIPAA). For healthcare consumers, HIPAA offers protections and rights of access to personal health information. For HIM....

Author: McLendon, Kelly

Source: Journal of AHIMA

Publication Date: October 2014

The US Department of Health and Human Services (HHS) continues to look for avenues to allow greater patient access to their own health information so that they may be more active in their healthcare management. HHS recently created final rules that remove the Clinical Laboratory Improveme....

Author: Asmonga, Donald D.

Source: Journal of AHIMA

Publication Date: January 2015

The wait for the second round of mandated privacy and security audits from the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) continues. OCR is currently working through final details for the revised audit plan as they await finalization of new technolog....

Author: Butler, Mary

Source: Journal of AHIMA

Publication Date: April 2015

In movies and on television lately, Hollywood has made encryption and decryption look exciting, glamorous, and world-saving. The film The Imitation Game and the BBC show The Bletchley Circle chronicle how British code breakers decrypted military strategy codes from the Nazi encryption tool....

Author: Dimick, Chris

Source: Journal of AHIMA

Publication Date: April 2015

The spiders of time have been hard at work on the US healthcare privacy and security rules, to the point that their place in health IT interoperability has become fogged and is inhibiting their proper role in the meaningful exchange of health information, according to Lucia Savage, JD, th....

Author: DeMasters, Dana

Source: Journal of AHIMA

Publication Date: May 2015

A police officer arrives in the emergency department of a hospital at 2 a.m. seeking information about a patient who was recently admitted following a motor vehicle accident. The officer suspects the patient was intoxicated while driving and assertively asks the nurse to tell him the resul....

Author: AHIMA Privacy and Security Practice Council

Source: AHIMA sample job description

Publication Date: May 2015

Position Title: (Chief) Privacy Officer1


Immediate Supervisor: Chief Executive Officer, (Chief) Compliance Officer, Senior Executive (Chief operating officer, CIO), (Senior) In-house Counsel, or Practice Manager


Position Overview: Under HIPAA (the Health Insur....

Author: Lewis, Sharon; McLendon, Kelly

Source: Journal of AHIMA

Publication Date: October 2015

HIPAA uses the term “satisfactory assurances” four times in the text of its Privacy and Security Rules. Each time the statement is used it describes a covered entity’s (CE) responsibility to obtain satisfactory assurances from a business associate who creates, receives, maintains, or tran....

Author: AHIMA Advocacy and Policy Team

Source: Journal of AHIMA

Publication Date: October 2015

The ability to securely and accurately match patients with their electronic health records (EHRs) across all health information exchanges (HIEs) remains a serious patient privacy, safety, and quality issue facing the HIM community. As many as eight to 14 percent of all health records incl....

Author: Lucci, Susan; Walsh, Tom

Source: Journal of AHIMA

Publication Date: November 2015

One of the most alarming statistics in the news, which is growing with intent and severity, is the prevalence of cyber-attacks, particularly in healthcare. It is an alarming trend that has gained a good deal of attention. For example, in July 2015, UCLA reported that up to 4.5 million pati....

Author: Brinda, Danika

Source: Journal of AHIMA

Publication Date: January 2016

Stories about workforce members inappropriately accessing health information continue to plague the Department of Health and Human Services’ Data Breach Portal—which lists US provider data breaches that affect more than 500 individuals. Recently two data breaches reported on th....

Author: Butler, Mary

Source: Journal of AHIMA

Publication Date: March 2016

Over the past several years it’s been hard to avoid public conversations about the “childhood obesity epidemic.” One of the biggest targets for regulators like the USDA and for politicians such as former New York City Mayor Michael Bloomberg has been Americans’ addi....

Author: Saharia, Devendra

Source: Journal of AHIMA

Publication Date: April 2016

Disruptive technology can turn any industry on its head—virtually overnight. Just five years ago, summoning a taxi was an inefficient, time-consuming effort that often involved dialing up a dispatcher, who contacted a driver, who would then make their way to your location, perhaps in an h....

Author: Greene, Adam H

Source: Journal of AHIMA

Publication Date: April 2016

In 2009, CONGRESS passed the Health Information Technology for Economic and Clinical Health (HITECH) Act, which granted individuals a right to have a copy of their records sent to a third party, according to 42 U.S.C. § 17935(e) of the regulation.


Unfortunately, many attorn....

Author: Davis, Nancy; Glondys, Barbara

Source: Journal of AHIMA

Publication Date: May 2016

Federal law prohibits the sale of firearms to certain individuals with a history of mental illness. Recent mass shootings have focused attention on the fact that the individuals perpetrating these crimes often had a documented history of mental illness which went undetected despite state a....

Author: Butler, Mary

Source: Journal of AHIMA - website

Publication Date: July 01, 2016

One of the most important objectives of the HIPAA Privacy Rule—and the HITECH Act in particular—was to ensure that consumers have easy and affordable access to their own protected health information. The regulations also clarified how and when medical information about a patien....

Author: Butler, Mary

Source: Journal of AHIMA - website

Publication Date: August 01, 2016

The US Department of Health and Human Services (HHS) has taken many steps to try and clear up consumer confusion regarding the more consumer-centric aspects of HIPAA’s Privacy Rule and Security Rule. The most recent efforts include the Office of the National Coordinator’s Patien....

Author: Bowen, Rita K.; Hofman, Judi; Lucci, Susan; McLendon, Kelly

Source: Journal of AHIMA

Publication Date: September 2016

The Office for Civil Rights (OCR) has made it abundantly clear through numerous communications that providing individuals easy access to their own health information is one of OCR’s most important mandates. Giving patients and their personal representatives access to their own information....

Author: Twiggs, Mariela; Goldstein, Sara

Source: Journal of AHIMA

Publication Date: October 2016

Healthcare provider organizations rely on a variety of entities to help them carry out healthcare activities and functions. If these entities create, maintain, or transmit protected health information (PHI) on behalf of a provider organization, they are considered a business associate (BA....

Author: AHIMA Work Group

Source: AHIMA practice brief

Publication Date: October 2016

This update supersedes the November 2013 practice brief, Guidelines for a Compliant Business Associate Agreement.



The Privacy Rule portion of the Health Insurance Portability and Accountability Act (HIPAA) defines a "business associate (BA) as a person or entity that performs....

Author: Barrett, Charlotte S; Beidler, Aurae; Davis, Nancy; Glondys, Barbara

Source: Journal of AHIMA

Publication Date: November 2016

Developing policies and standard procedures when working with patient aliases is one way to both respect patient privacy but also ensure the accuracy and integrity of patient data.


As defined in AHIMA’s Pocket Glossary, an “alias” is “a name added to,....

Author: Burton, Ben; Downing, Katherine

Source: AHIMA practice brief | Journal of AHIMA

Publication Date: April 2017

Editor’s Note: This Practice Brief update supplants part of the 2013 Practice Brief “Patient Access and Amendment to Health Records.”


Before April 2003, a patient’s legal right to amend his or her health records was limited to those patients treated at hea....

Author: Wiedemann, Lou Ann

Source: Journal of AHIMA

Publication Date: April 2017

Editor’s Note: The following is an excerpt from the new “External HIPAA Audit Readiness Toolkit” developed by AHIMA. The full toolkit is free for AHIMA members.


THE HITECH OMNIBUS Rule mandated that the US Department of Health and Human Services (HHS) condu....

Author: Butler, Mary

Source: Journal of AHIMA

Publication Date: April 2017

A Beverly Hills plastic surgeon, let’s call him Dr. Hollywood, has a thriving business—an impeccable office, gracious and welcoming staff, and top of the line equipment and devices. His clientele is primarily celebrities and other wealthy socialites who can afford to pay out of....