573 results.
1 [2] 3 4 5 6 7 8 9 10 11 12
Journal Q&A (2/04)
Author: AHIMA Professional Practice Team
Source: AHIMA Q and A
Publication Date: February 02, 2004
Q: Can you explain the difference between the terms “addressable” and “required” as they are used in the final security rule?
A: The final security rule and the privacy rule use the terms “standards” and “implementation specifications.” Standards....
Journal Q&A (6/03)
Author: AHIMA Professional Practice Team
Source: AHIMA Q and A
Publication Date: June 02, 2003
Q: Under the privacy rule, how should a physicians office handle a request from parents for a written statement recommending limitation of their childs activities at school?
A: Most covered entities have policies requiring written requests or authorizations for disclosure of....
Web FAQ
Author: AHIMA Professional Practice Team
Source: AHIMA Q and A
Publication Date: October 2002
Because HIPAA gives patients the right to copy their medical records, does my facility have to supply a copy machine for this purpose or allow patients to take their records to a copy center?
According to section 164.520 of the HIPAA final privacy rule, an individual has "the right to inspect....
Journal Q&A (9/03)
Author: AHIMA Professional Practice Team
Source: AHIMA Q and A
Publication Date: September 02, 2003
Q: Under HIPAA, how should covered entities respond to requests from public health officials who state that they need protected health information (PHI) to carry out their duties?
A: The privacy rule recognizes that PHI may be needed to respond to threats to public health, including the....
Journal Q&A (4/03)
Author: AHIMA Professional Practice Team
Source: AHIMA Q and A
Publication Date: April 02, 2003
Q: Is it legal for our facility to provide an individual with an abbreviated version of the notice of privacy practices with the full version available only upon request?
A: If an abbreviated version of the notice is given to an individual, it must contain all the required elements from....
Journal Q&A (1/03)
Author: AHIMA Professional Practice Team
Source: AHIMA Q and A
Publication Date: January 02, 2003
Q: Is faxing patient information legal under HIPAA?
A: If the covered entity is permitted to release the information (for treatment purposes or by authorization, for example), then using a fax machine is allowed. The privacy rule requires the entity to provide appropriate administrative, techn....
Journal Q&A (11/04)
Author: AHIMA Professional Practice Team
Source: AHIMA Q and A
Publication Date: November 02, 2004
Q: As a covered entity, do I need to have satisfactory assurance (as required by HIPAA) that an individual has been notified when I am served with a search warrant for a patient's protected health information (PHI)?
A: No. A search warrant is issued by a judge and is considered the same a....
Journal Q&A (1/03)
Author: AHIMA Professional Practice Team
Source: AHIMA Q and A
Publication Date: January 02, 2003
Q: Does HIPAA allow clinicians in our home health facility to pull their own records?
A: Your facility must make a reasonable effort to limit the access of your clinicians to the PHI they need to perform their duties. You will have to determine what policies are reasonable. As employees, the c....
Journal Q&A (7/02)
Author: AHIMA Professional Practice Team
Source: AHIMA Q and A
Publication Date: July 02, 2002
Q: I work in a clinic setting. An attorney has requested copies of a patients entire record. The record includes reports dictated by one of the clinic physicians at a local hospital during the patients hospitalization. The attorney has the patients permission. Are we allowed....
Journal Q&A (5/03)
Author: AHIMA Professional Practice Team
Source: AHIMA Q and A
Publication Date: May 02, 2003
Q: What is an organized health care arrangement (OHCA) and what are its advantages?
A: The privacy rule defines an OHCA as:
a clinically integrated care setting in which individuals typically receive healthcare from more than one healthcare provider
an org....
Journal Q&A (4/03)
Author: AHIMA Professional Practice Team
Source: AHIMA Q and A
Publication Date: April 02, 2003
Q: Does reporting cancer surveillance to the state have to be tracked under the accounting of disclosure requirement in the HIPAA privacy rule?
A: Reporting cancer surveillance to a state agency does require tracking under HIPAA. State laws should be checked to determine if the other typ....
Journal Q&A (6/03)
Author: AHIMA Professional Practice Team
Source: AHIMA Q and A
Publication Date: June 02, 2003
Q: What are a covered entitys legal responsibilities when a former employee breaches confidentiality of information gained during his or her employment period?
A: Individual state laws would affect the outcome of litigation if charges were pressed through civil action. If the organ....
Journal Q&A (5/01)
Author: AHIMA Staff
Source: AHIMA Q and A
Publication Date: May 02, 2001
Q: Does the new HIPAA privacy rule require hospitals to obtain patient consent prior to sending copies of dictated reports and test results to the patient's physician?
A: Unless the HIPAA privacy rule published on December 28, 2000 (45 CFR Parts 160 through 164) is modified by the Bush ad....
Journal Q&A (3/02)
Author: AHIMA Staff
Source: AHIMA Q and A
Publication Date: March 02, 2002
Q: We have a transcriptionist who picks up tapes, transcribes them off-site, and returns them each day. Is this practice legal under HIPAA?
A: The HIPAA privacy rule does not prohibit the use of tapes for dictation, nor the use of an outside transcription vendor. The privacy rule do....
Journal Q&A (9/01)
Author: AHIMA Staff
Source: AHIMA Q and A
Publication Date: September 02, 2001
Q: Because HIPAA gives patients the right to copy their medical records, does my facility have to supply a copy machine for this purpose or allow patients to take their records to a copy center?
A: According to section 164.520 of the HIPAA final privacy rule, an individual has "the ri....
Journal Q&A (9/01)
Author: AHIMA Staff
Source: AHIMA Q and A
Publication Date: September 02, 2001
Q: My facility's records contain a variety of psychiatric documentation including therapists' notes from their treatment sessions with patients. How can I determine what requires special protection under HIPAA? Do I need to separate some of the documentation from the medical record? Currently all p....
Journal Q&A (11/01)
Author: AHIMA Staff
Source: AHIMA Q and A
Publication Date: November 02, 2001
Q: Where can I find the updated data elements and data definitions for the Uniform Hospital Discharge Data Set (UHDDS)?
A: At this time, the 1986 UHDDS data elements and definitions are not available electronically though the information is considered to be in the public domain. The fi....
Requests, Uses, and Disclosures for Evaluating Work Force Needs
Author: AHIMA Staff
Source: AHIMA sample form
Publication Date: October 23, 2002
Purposes of Access to Assist in Determining Needed Work Force Training
Author: AHIMA Staff
Source: AHIMA sample form
Publication Date: October 23, 2002
Journal Q&A (4/02)
Author: AHIMA Staff
Source: AHIMA Q and A
Publication Date: April 02, 2002
Q: I have been asked to identify all of my organizations business associates so we can update their contracts prior to the April 2003 HIPAA privacy rule compliance date. Unfortunately, existing contracts are not maintained in one place. How should I tackle this project?
A: At....
Journal Q&A (3/02)
Author: AHIMA Staff
Source: AHIMA Q and A
Publication Date: March 02, 2002
Q: Does the individual to whom a patient has granted durable power of attorney for financial matters have the right to access and authorize use or disclosure of the patients protected health information (PHI) under HIPAA?
A: An individual granted durable power of attorney for....
Journal Q&A (6/02)
Author: AHIMA Staff
Source: AHIMA Q and A
Publication Date: June 02, 2002
Q: Our facility is developing our notice of privacy practices under HIPAA. We need to decide how we will communicate with individuals when we make changes to our notice. What are the acceptable methods for communicating with our patient population? Do we have to send a paper copy to everyone whose....
Journal Q&A (5/02)
Author: AHIMA Staff
Source: AHIMA Q and A
Publication Date: May 02, 2002
Q: In light of HIPAA restrictions on protected health information, Im concerned about our HIM departments practice of accepting HIM students for professional practice experience. What should be considered in deciding whether to continue this practice?
A: HIPAAs pr....
Journal Q&A (11/01)
Author: AHIMA Staff
Source: AHIMA Q and A
Publication Date: November 02, 2001
Q: Where can I find an easy-to-use glossary for terms in the HIPAA regulations?
A: The Workgroup for Electronic Data Interchange (WEDI) has compiled an alphabetic glossary of HIPAA terms and definitions. It is approximately 24 pages long and can be downloaded from the WEDI Web sit....
Guidelines for a Compliant Business Associate Agreement (2016)
Author: AHIMA Work Group
Source: AHIMA practice brief
Publication Date: October 2016
This update supersedes the November 2013 practice brief, Guidelines for a Compliant Business Associate Agreement.
The Privacy Rule portion of the Health Insurance Portability and Accountability Act (HIPAA) defines a "business associate (BA) as a person or entity that performs....
Managing a Patient’s Right to Request Restrictions of Disclosures to Health Plans
Author: AHIMA Work Group
Source: AHIMA practice brief | Journal of AHIMA
Publication Date: April 2014
Covered entities should already have in place the mechanisms for limiting PHI under minimum necessary policies and procedures. This Practice Brief provides guidance to assist organizations in complying with the 2013 HITECH-HIPAA Omnibus Rule’s new disclosure restriction requirements.
Managing Individual Rights Requirements under HIPAA Privacy (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: June 2001
If your physicians’ attitude toward patients requesting to amend their medical record is "I’d tell them to take a hike and then call my attorney," your environment is not unique. These words, in fact, are the verbatim response of a physician upon hearing the HIPAA privacy r....
Security Risk Analysis and Management: an Overview
Author: Amatayakul, Margret
Source: AHIMA practice brief | Journal of AHIMA
Publication Date: October 2003
This practice brief has been updated. See the latest version here. This version is made available for historical purposes only.
Release of Information under HIPAA (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: November 2001
With tighter rules and greater penalties, many hospitals are reassessing their disclosure practices, release of information functions, and copy service contracts. What are the issues to be concerned about?
What Rules Apply?
The entire set of privacy standards relate....
Ready for the Transactions Rule? Get Started with Code Sets (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: July 2003
October 16, 2003, is just a few months away. Has your organization addressed all the code set issues that are part of the HIPAA financial and administrative transactions and code sets requirements?
Because providers are accustomed to using many of the medical code sets required....
United under HIPAA: a Comparison of Arrangements and Agreements (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: September 2002
The HIPAA transactions, security, and privacy regulations identify five agreements and relationships that can be established between healthcare entities to achieve economies of scale and lessen HIPAA's administrative burden. They are: affiliated covered entity (ACE)
business associa....
Documenting Your Compliance with HIPAA's Privacy Rule (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: April 2001
The qualifying "perhaps" recognizes that today, more than ever before, information flows through our organizations at lightning speed. More people within an organization can easily print healthcare documents, automatically send a fax, and e-mail attachments. The risk of even well-int....
Kick Starting the Security Risk Analysis
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: July 2004
Many covered entities are just now starting to approach the compliance aspects of the HIPAA security rule. Why discuss “compliance aspects” and not standards or controls, as we did when preparing for the privacy rule? Privacy and security are long-standing concepts to healthcare,....
On the Fast Track to Privacy Rule Compliance (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: February 2003
Whether your privacy rule compliance efforts began two years ago or yesterday, youre probably concerned about the April 14, 2003, implementation date. In this article, well explore some of the ways you can make the most of the time remaining.
Dont Skip the Assessm....
What is Security Auditing?
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: November 2004
The HIPAA security rule includes a requirement for audit controls and to monitor and manage ongoing security for a variety of processes. But the requirement for internal audit was changed to “information security activity review,” and there is no other specific reference to auditin....
HIPAA Transactions and Code Sets Toolkit for Physicians and Other Providers of Professional Healthcare Services
Author: Amatayakul, Margret
Source: External web site
Publication Date: 2003
Trouble with Audit Controls
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: October 2004
The 2004 Phoenix Health System/HIMSS HIPAA compliance survey indicates that providers find audit controls the most difficult of the HIPAA security standards to implement.
While it is recognized that every organization must conduct a risk analysis to determine the systems or activities th....
HIPAA Reins in Shadow Charts, Independent Databases (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: October 2003
Shadow charts, independent databases, or orphan systems, as they are sometimes called, are among the most controversial and difficult to manage forms of protected health information (PHI) that exist. Yet some providers are having success using HIPAAs privacy and security stan....
Access Controls: Striking the Right Balance
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: January 2005
As healthcare organizations put the finishing touches on their HIPAA security compliance plans, many are finding that updating access controls is not easy. Clinicians often scoff at the word “control” in general and at “access control” in particular. Not all products ar....
Five Steps to Reading the HIPAA Rules (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: September 2001
HIPAA's administrative simplification regulations appear to be anything but simple. Part of the Health Insurance Portability and Accountability Act of 1996, these provisions are intended to achieve efficiency and effectiveness and promote use of information systems. There are definite....
Reporting Security Incidents
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: March 2005
HIPAA requires covered entities “implement policies and procedures to address security incidents.” There is one implementation specification: to “identify and respond to suspected or known security incidents; mitigate, to the extent practical, harmful effects of security inci....
Due Diligence in Moderation: Disclosing PHI (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: September 2003
Direct caregivers have long been concerned about balancing patient protections with customer relations: Who do you talk to and how much do you tell? This was an issue long before HIPAA, and has only become more complex with HIPAA. And while HIPAA provides guidance, there are still....
Tough Questions? Scripts Provide Easy Answers (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: May 2003
What do members of your work force say when:
a patient asks what the notice of privacy practices is
an individual states that her mother already signed the notice of privacy practices
a physician office claims that authorization from the patient isnt need....
Getting Ready for HIPAA Privacy Rules
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: April 2000
What do the proposed privacy regulations mean to HIM professionalsand what can you do now to begin to prepare? The author takes an in-depth look at the proposed rules.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is bringing significant changes to the ma....
HIPAA Security Shopping List (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: May 2004
Many information security officials are barraged with requests for the latest security tools. Such shopping lists often do not reflect a structured plan or a true risk analysis to justify their cost or human resource requirements. This column describes some of the latest tools, how you can ev....
Rethinking Initial HIPAA Efforts (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: November 2003
Many healthcare organizations met the compliance date of April 14, 2003, for HIPAA privacy by addressing the most visible featuresimplementing a notice of privacy practices, assigning an information privacy official (IPO), and conducting training sessions.
But a review of....
Primer on Encryption
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: June 2004
Encryption is an addressable implementation specification under HIPAA’s access control and transmission security standards. Many providers are grappling with just how to address these specifications:
Is there a difference between the two specifications, and if so, what is the diff....
Finding Quality HIPAA Security Resources (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: January 2004
Many of us struggled to understand the HIPAA privacy rule and initially had few resources to turn to for help. As your organization begins planning for security rule compliance, however, many of you may be finding that you’re overwhelmed with the volume of potential resources available.....
Another Layer of Regulations: Research Under HIPAA (HIPAA on the Job series)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: January 2003
HIPAA presents special challenges to providers who perform research. According to the Institute of Medicine, approximately 80,000 biomedical research studies using about 23 million volunteers are conducted per year. Most have some federal funding either through National Institutes of Health or....
Practical Advice for Effective Policies, Procedures (HIPAA on the Job)
Author: Amatayakul, Margret
Source: Journal of AHIMA
Publication Date: April 2003
Most HIPAA project managers are putting finishing touches on policies and procedures, getting them approved, and preparing training materials to meet the April 14, 2003, compliance deadline for privacy rule implementation. But its not enough to just write policies and procedures: policie....
1 [2] 3 4 5 6 7 8 9 10 11 12