Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: June 2001

If your physicians’ attitude toward patients requesting to amend their medical record is "I’d tell them to take a hike and then call my attorney," your environment is not unique. These words, in fact, are the verbatim response of a physician upon hearing the HIPAA privacy r....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: March 2006

A new study identifies the HIM best practices that influence revenue cycle management.
Revenue cycle management (RCM) has been defined as "all administrative and clinical functions that contribute to the capture, management, and collection of patient service revenue."1 RCM in hospitals is....

Author: Amatayakul, Margret

Source: AHIMA practice brief | Journal of AHIMA

Publication Date: October 2003

This practice brief has been updated. See the latest version here. This version is made available for historical purposes only.

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: November 2001

With tighter rules and greater penalties, many hospitals are reassessing their disclosure practices, release of information functions, and copy service contracts. What are the issues to be concerned about?

What Rules Apply?


The entire set of privacy standards relate....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: June 2006

EHR systems for clinics differ from those used in hospitals. But does that mean they can’t get along?
Although every electronic health record (EHR) is intended to capture data from multiple sources and to be used at the point of care for clinical decision making, there are signific....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: July 2003

October 16, 2003, is just a few months away. Has your organization addressed all the code set issues that are part of the HIPAA financial and administrative transactions and code sets requirements?


Because providers are accustomed to using many of the medical code sets required....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: September 2002

The HIPAA transactions, security, and privacy regulations identify five agreements and relationships that can be established between healthcare entities to achieve economies of scale and lessen HIPAA's administrative burden. They are: affiliated covered entity (ACE)

business associa....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: April 2001

The qualifying "perhaps" recognizes that today, more than ever before, information flows through our organizations at lightning speed. More people within an organization can easily print healthcare documents, automatically send a fax, and e-mail attachments. The risk of even well-int....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: July 2004

Many covered entities are just now starting to approach the compliance aspects of the HIPAA security rule. Why discuss “compliance aspects” and not standards or controls, as we did when preparing for the privacy rule? Privacy and security are long-standing concepts to healthcare,....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: February 2003

Whether your privacy rule compliance efforts began two years ago or yesterday, you’re probably concerned about the April 14, 2003, implementation date. In this article, we’ll explore some of the ways you can make the most of the time remaining.

Don’t Skip the Assessm....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: January 2002

If you are thinking about HIPAA’s privacy compliance date of April 14, 2003, think again! Privacy compliance is about ongoing learning: education, training, and awareness (ETA).

While it is true that the final privacy rule only calls for work force training on hire and when th....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: November 2004

The HIPAA security rule includes a requirement for audit controls and to monitor and manage ongoing security for a variety of processes. But the requirement for internal audit was changed to “information security activity review,” and there is no other specific reference to auditin....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: October 2004

The 2004 Phoenix Health System/HIMSS HIPAA compliance survey indicates that providers find audit controls the most difficult of the HIPAA security standards to implement.
While it is recognized that every organization must conduct a risk analysis to determine the systems or activities th....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: October 2003

Shadow charts, independent databases, or “orphan systems,” as they are sometimes called, are among the most controversial and difficult to manage forms of protected health information (PHI) that exist. Yet some providers are having success using HIPAA’s privacy and security stan....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: January 2005

As healthcare organizations put the finishing touches on their HIPAA security compliance plans, many are finding that updating access controls is not easy. Clinicians often scoff at the word “control” in general and at “access control” in particular. Not all products ar....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: September 2001

HIPAA's administrative simplification regulations appear to be anything but simple. Part of the Health Insurance Portability and Accountability Act of 1996, these provisions are intended to achieve efficiency and effectiveness and promote use of information systems. There are definite....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: March 2005

HIPAA requires covered entities “implement policies and procedures to address security incidents.” There is one implementation specification: to “identify and respond to suspected or known security incidents; mitigate, to the extent practical, harmful effects of security inci....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: September 2003

Direct caregivers have long been concerned about balancing patient protections with “customer” relations: Who do you talk to and how much do you tell? This was an issue long before HIPAA, and has only become more complex with HIPAA. And while HIPAA provides guidance, there are still....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: May 2003

What do members of your work force say when:

a patient asks what the notice of privacy practices is

an individual states that her mother already signed the notice of privacy practices

a physician office claims that authorization from the patient isn’t need....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: April 2000

What do the proposed privacy regulations mean to HIM professionals—and what can you do now to begin to prepare? The author takes an in-depth look at the proposed rules.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is bringing significant changes to the ma....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: May 2004

Many information security officials are barraged with requests for the latest security tools. Such shopping lists often do not reflect a structured plan or a true risk analysis to justify their cost or human resource requirements. This column describes some of the latest tools, how you can ev....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: November 2003

Many healthcare organizations met the compliance date of April 14, 2003, for HIPAA privacy by addressing the most visible features—implementing a notice of privacy practices, assigning an information privacy official (IPO), and conducting training sessions.


But a review of....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: June 2004

Encryption is an addressable implementation specification under HIPAA’s access control and transmission security standards. Many providers are grappling with just how to address these specifications:
Is there a difference between the two specifications, and if so, what is the diff....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: January 2004

Many of us struggled to understand the HIPAA privacy rule and initially had few resources to turn to for help. As your organization begins planning for security rule compliance, however, many of you may be finding that you’re overwhelmed with the volume of potential resources available.....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: January 2003

HIPAA presents special challenges to providers who perform research. According to the Institute of Medicine, approximately 80,000 biomedical research studies using about 23 million volunteers are conducted per year. Most have some federal funding either through National Institutes of Health or....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: November 2008

Healthcare providers are looking for ways to reduce the risk of data breaches; however, tighter access controls that would help thwart inappropriate internal access to protected health information have been challenging to implement. Health Level Seven’s RBAC Healthcare Permission Cat....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: April 2003

Most HIPAA project managers are putting finishing touches on policies and procedures, getting them approved, and preparing training materials to meet the April 14, 2003, compliance deadline for privacy rule implementation. But it’s not enough to just write policies and procedures: policie....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: October 2002

Every healthcare provider has experienced managing patient complaints, whether they are about cold food, unresponsive staff, or missed medication. However, when it comes to privacy and confidentiality, complaints need to be handled a bit differently. In this article, we'll explore how to handl....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: September 2004

An unfortunate result of the HIPAA privacy rule is the emerging use of HIPAA as a gatekeeper, restricting the appropriate fl ow of protected health information (PHI). HIPAA is being cited as a reason not to disclose information without patient permission when needed for treatment, payment, or....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: May 2001

Policy and procedure documentation is essential to comply with HIPAA’s final rule on privacy. Many of the documentation requirements are not new to healthcare, but new details are associated with the documentation, and there are some new procedures to follow to ensur....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: February 2002

An increasing number of healthcare workforce members are telecommuting. As transcriptionists, coders, customer service representatives, and others are working from home, many providers are weighing the benefits against potential privacy and security risks.

Who Is Working from Home....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: April 2005

Many covered entities have enhanced their security measures over the last several years in preparation for the HIPAA security rule compliance deadline. In the March issue, Tom Walsh provided a readiness checklist to ensure your organization had the necessary processes in place (See “The....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: April 2004

How many of you have warned your e-mail users about “phishers”—e-mail that appears to come from a trusted source asking the recipient to click on a link to update personal details? But the site is really a fake, and the e-mail is a scam to steal personal information.

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: February 2005

Now that we’re well entrenched in compliance with the privacy rule and headed toward the electronic health record (EHR), the personal health record (PHR), and regional health information organizations (RHIOs), amendments may seem like a mundane topic. But, as this article explains, it is....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: April 2004

Every project needs a team. In this book excerpt, a veteran HIM consultant describes the organization of the EHR implementation team.
Among the early steps in the EHR planning process is the need to construct an organizational structure for the project. Most healthcare organizations are....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: March 2004

The lack of specificity in HIPAA’s transmission security standard for “guarding against unauthorized access to electronic protected health information (EPHI) that is being transmitted over an electronic communications nework” may leave you a bit cold, especially the portion....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: February 2004

Many information privacy officials (IPOs) and information security officials (ISOs) may be facing what seems like an uphill battle to gain support for security measures believed to be necessary to comply with the HIPAA security rule. There are a number of converging factors that can influence....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: October 1998

Value, experiments, promises, disappointments, hype, compromises, and change all characterize the status of the computer-based patient record (CPR). An industry expert offers some perspective on where the CPR has been and where it's going.

In 1873, Florence Nightingale lamented her....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: April 2002

Of all the components of HIPAA, physical security may be the most challenging and costly to address. After all, how do you move walls or create doors in open space? This article will show how physical security can be flexible, scalable, and reasonable for healthcare facilities.

What....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: May 2002

HIPAA’s administrative simplification requirements aim to improve the efficiency and effectiveness of the healthcare system. As an industry, we expect to improve productivity and reduce costs. Yet many providers anticipate spending a significant amount of money to comply with the requirem....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: March 2003

Many providers are putting the finishing touches on their HIPAA privacy compliance activities—but may have overlooked their self-insured health plan or assumed that their third-party administrator (TPA) was taking care of HIPAA compliance. Now is the time to take a closer look at your sel....

Author: Amatayakul, Margret

Source: Journal of AHIMA

Publication Date: June 2003

There were no big surprises in the final security rule. As promised, it has been reconciled with the privacy rule and most redundancies were removed. The security rule addresses only electronic protected health information (ePHI), though we must not forget the privacy rule’s “mini-se....

Author: Amatayakul, Margret; Bisterfeldt, Joan

Source: Journal of AHIMA

Publication Date: July 2001

If you have been focusing primarily on HIPAA’s privacy and security regulations, not transactions requirements, this "HIPAA on the Job" is a must-read. Ensuring that you have all the required data content in your electronic systems is key to your organization’s compliance with the t....

Author: Amatayakul, Margret; Bisterfeldt, Joan

Source: Journal of AHIMA

Publication Date: July 2001

Author: Amatayakul, Margret; Blair, Jeffrey S.

Source: Journal of AHIMA

Publication Date: November 2000

Until now, the section of HIPAA calling for recommendations on uniform data standards for patient medical record information has not received much attention. However, these recommendations have important implications for HIM professionals. Here’s an overview of the history and significance of....

Author: Amatayakul, Margret; Brandt, Mary D.; Callahan-Dennis, Jill; Didear, Kay; Frawley, Kathleen A.; Grant, Karen G.; Murphy, Gretchen; Okamoto, Carole; Fuller, Sandra R.; Smith, Cheryl M.; Dougherty, Michelle

Source: AHIMA practice brief | Journal of AHIMA

Publication Date: October 2001

This practice brief has been retired. It is made available for historical purposes only.

Author: Amatayakul, Margret; Brandt, Mary D.; Dennis, Jill Callahan

Source: AHIMA practice brief | Journal of AHIMA

Publication Date: October 2002

This practice brief has been retired. It is made available for historical purposes only.

Author: Amatayakul, Margret; Brandt, Mary D.; Dougherty, Michelle

Source: Journal of AHIMA

Publication Date: October 2003

A nurse sits down at the computer to document in the patient’s electronic health record (EHR). To complete her SOAP note, she copies the text of another nurse’s entry to capture the patient’s subjective complaints and symptoms. She then goes to the lab system and intake-output r....

Author: Amatayakul, Margret; Johns, Merida L.

Source: Journal of AHIMA

Publication Date: November 2002

Depending on how you count them, there are anywhere from 20 to 60 new policies, procedures, forms, and other related documents required by HIPAA. Its training requirements specify that all members of the work force must be trained on policies and procedures with respect to protected health inf....

Author: Amatayakul, Margret; Lazarus, Steven S.

Source: Journal of AHIMA

Publication Date: March 2002

Are your vendors, payers, and business managers grateful for the one-year delay for transactions compliance? They should be—the industry will need every last minute to come into compliance by October 16, 2003.

What Extension?


Signed into law on December 27, 2001....

Author: Amatayakul, Margret; Walsh, Tom

Source: Journal of AHIMA

Publication Date: October 2001

Are the majority of passwords in your organization something like “Spot1,” “Spot2,” “Spot3” (for Joe, whose password expires every 90 days and whose dog’s name is Spot)? If so, your organization could be at risk. Here’s what you need to....

Author: Amatayakul, Margret; Waymack, Pam

Source: Journal of AHIMA

Publication Date: June 2002

The HIPAA privacy rule provides individuals the right to request access to and amendment of their protected health information maintained in a designated record set (DRS). To ensure that the DRS is completely identified but excludes information that does not pertain, covered entities should ad....

Author: Amatayakul, Margret; Work, Mitch

Source: Journal of AHIMA

Publication Date: May 2007

Survey results illustrate HIM participation in compliance efforts and offer a look at common program components
HIM professionals have long been at the forefront of ensuring the privacy and confidentiality of health information. With the introduction of the HIPAA privacy and security rul....

Author: American Medical Informatics Association (AMIA); AHIMA

Source: AHIMA position statement | Journal of AHIMA

Publication Date: July 2006

July 2006
The American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA) have a long history of working to protect the confidentiality of individuals’ health information and to promote fair information practices. Public confidence t....

Author: Anderson, Ellen Miller

Source: Journal of AHIMA

Publication Date: November 2001

The need for updated technology rarely coincides with enough funds to purchase it. However, disparate technologies can be combined to meet information system needs without a major capital outlay. At Home Care Services, part of Group Health Cooperative (GHC) in Seattle, we created the On Call P....

Author: Anderson, Rhonda L.

Source: Journal of AHIMA

Publication Date: June 2000

Compliance has always been with us, from the days of routine chart audits and care evaluation processes. But today HIM professionals in long term care find themselves facing the challenges of compliance as never before.

In recent years, the Office of Inspector General (OIG) has inc....

Author: Anderson, Rhonda L.

Source: Journal of AHIMA

Publication Date: July 2010

Long-term care skilled nursing facilities must transition to the new Minimum Data Set (MDS) 3.0 by October 1, 2010. MDS 3.0 changes the assessment focus, using the resident’s voice to more thoroughly assess residents and link to the care plan that meets the resident’s needs. This change requir....

Author: Anwar, Mohd; Doss, Christopher

Source: Journal of AHIMA

Publication Date: September 2015

Emerging mobile health (mHealth) technologies provide new methods for collecting physiological, behavioral, or environmental data and the outcomes of interventions. These wireless devices and sensors, such as smartphones and personal health devices, can support continuous health monitoring....

Author: Apgar, Chris

Source: Journal of AHIMA

Publication Date: April 2018

Untitled Document



Timber! Lax Audit Log Monitoring Can Bring Down a Healthcare Organization

What’s Expected by OCR, and Your Attorneys, with PHI Access Logs


By Chris Apgar, CISSP


Electronic health records (EHRs) and oth....

Author: Apgar, Chris

Source: Journal of AHIMA - website

Publication Date: November 21, 2008

* * *


Healthcare organizations must be in compliance with the FTC’s red flag rules by May 1, 2009. The rules, which require financial institutions and creditors to establish identity theft protection programs, were included in the Fair and Accurate Credit Transactions Act pas....

Author: Apgar, Chris

Source: Journal of AHIMA - website

Publication Date: April 2009

Continuing our Health Information Privacy and Security Week series, today Chris Apgar, CISSP, president of Apgar & Associates LLC, takes a look at medical identity theft within the context of the Red Flags Rule.

Much is reported in the news about identity theft including new cat....

Author: Appavu, Soloman I.

Source: Journal of AHIMA

Publication Date: February 2006

Standards harmonization in healthcare is a major challenge compared to other industries. Why?

Banking and travel industries have achieved harmonization of standards for their respective IT systems. Banking transactions can be done securely from anywhere in the world through ATM machi....

Author: Appavu, Soloman I.

Source: Journal of AHIMA

Publication Date: October 1999

HIPAA has brought patient identifiers into the spotlight. But what's the best option? The author of a national study offers an overview.
Envision all of the players in the healthcare system—patients, providers, health plans, and payers. Now, envision all of the day-to-day processes t....

Author: Apple, Gordon J.; Brandt, Mary D.

Source: Journal of AHIMA

Publication Date: June 2001

Now that the privacy regulations are here to stay, it’s time to conduct a HIPAA privacy risk assessment. Here’s a step-by-step approach to planning and conducting an assessment for institutions of all sizes.
Given the complexity of the HIPAA privacy regulations and the signifi....

Author: Archer, Anita; Campbell, Angela; D'Amato, Cheryl; McLeod, Melissa; Rugg, Donna

Source: AHIMA practice brief | Journal of AHIMA

Publication Date: January 2016

Editor's Note: This Practice Brief supersedes the May 2013 and March 2010 Practice Briefs titled "Putting the ICD-10-CM/PCS GEMs into Practice."


Mappings between ICD-9-CM and ICD-10-CM/PCS will play a critical role in the successful utilization of ICD-10-CM/PCS. The Centers for Me....

Author: Arends-Marquez, Alexa; Knight, Nicole; Thomas-Flowers, Dwan

Source: Journal of AHIMA - Coding Notes | Journal of AHIMA

Publication Date: November 2014

The implications of ICD-10-CM/PCS (ICD-10) for coding operations are a common topic of industry discussion, but the impact of ICD-10 reaches far beyond coding alone. ICD-10 is embedded in the entire revenue cycle for providers. The conversion will impact almost every aspect of operations,....

Author: Armstrong, Richard; Quinsey, Carol Ann

Source: Journal of AHIMA

Publication Date: October 2004

Have you ever walked into a job knowing it was in your hands to turn back a tide of red ink and put the business back on its feet? If you have been in this situation, you know it can be overwhelming. However, with the artful application of basic change-management processes and skills, you can....

Author: Arner, Kathy

Source: Journal of AHIMA - Coding Notes | Journal of AHIMA

Publication Date: February 2007

Coding for facility and professional services on the same encounter can be confusing. This article outlines the differences in guidelines between the two coding types.

The Setting Factor


Over and over, coding professionals have been tol....

Author: Arrowood, Danita; Johnson, Laurie M.; Wieczorek, Michelle M.

Source: Journal of AHIMA - Coding Notes | Journal of AHIMA

Publication Date: July 2015

Clinical documentation improvement (CDI) programs have proven their worth with over a decade of success and continued role expansion in the inpatient setting. As the healthcare industry prepares for new initiatives such as value-based purchasing, electronic health records (EHRs), and ICD-1....

Author: Arvin, Marti

Source: Journal of AHIMA

Publication Date: April 2017

One might ask why a privacy officer even needs to worry about defending against a cyberattack—isn’t that the role of the chief information security officer and the chief information officer? The answer is no. Cyberattacks are not always about technology. The privacy officer is not generall....

Author: Aschettino, Lucia; Birnbaum, Cassi L; Crocker, Janice; Grebner, Leah A.; McNicholas, Faith C.

Source: Journal of AHIMA

Publication Date: May 2013

Health information management (HIM) best practices state that it is important for HIM professionals to focus not just on the information but also on internal and external customers. Customers have varied, and ever-changing, needs that must be met by HIM professionals. Both internal and ext....

Author: Asmonga, Donald D.

Source: Journal of AHIMA

Publication Date: March 2001

Our closely divided government reflects a closely divided nation. Governing and legislating in this atmosphere will be an interesting and unpredictable undertaking. As a result of the lengthy election process, Congress's organization and the presidential transition have taken an inord....

Author: Asmonga, Donald D.

Source: Journal of AHIMA

Publication Date: September 2000

The Health Care Financing Administration (HCFA) published the final rule for the prospective payment system (PPS) for home health agencies in July. This rule, which takes effect October 1, 2000, replaces the retrospective reasonable-cost-based system used to pay for home health service....

Author: Asmonga, Donald D.

Source: Journal of AHIMA

Publication Date: February 2005

Although healthcare headed the 108th Congress’s agenda in the first session, its second session included little in the way of HIM issues, focusing instead on election-year topics. However, the healthcare-lite agenda didn’t stop AHIMA from advancing its work in 2004.
A New Voi....

Author: Asmonga, Donald D.

Source: Journal of AHIMA

Publication Date: April 2000

Estimates attribute between 44,000 to 98,000 deaths each year to medical errors in hospitals, while more than 7,000 deaths are the result of medication errors occurring in all healthcare settings. According to the Institute of Medicine (IOM) report "To Err is Human: Building a Saf....