Aug 15th, 2016
A business associate (BA) of healthcare provider Bon Secours left personal information of more than 650,000 patients exposed on the internet for four days, revealing names, insurance ID numbers, banking info, Social Security numbers, and clinical data. The breach was discovered by Bon Secours. WTKR reported the healthcare chain discovered that R-C Healthcare Management had ...
Nov 12th, 2014
Under the HIPAA Privacy Rule, covered entities and business associates (BA) may disclose patients’ protected health information (PHI) without a signed authorization for treatment, payment, or healthcare operations (TPO) reasons. Examples include: Doctors and/or hospitals (that are covered entities) may share information with one another for treatment reasons. Patients’ information may also be relea...
In Audit
Oct 31st, 2014
The Department of Health & Human Services (HHS) announced today that enforcement of the Health Plan Identifier (HPID) in HIPAA transactions will be delayed indefinitely. The move follows a Sept. 23rd recommendation by the Nationa Committee on Vital and Health Statistics (NCVHS) that all covered entities not use the HPID In HIPAA transactions.  The delay ...
Feb 22nd, 2013
Dramatic modifications to the Health Insurance Portability and Accountability Act’s (HIPAA) Privacy, Security, Enforcement, and Breach Notification Rules that will impact your practice are finalized and begin to take effect next month. The omnibus final rule, developed to help implement HITECH regulations in the American Recovery and Reinvestment Act and shore up electronic privacy rules ...
In Audit
Mar 29th, 2012
The Office for Civil Rights (OCR) at the U.S. Department of  Health & Human Services (HHS) submitted, March 24,  “Modifications to the HIPAA Privacy, Security Enforcement and Breach Notification Rules” as a final rule to the White House Office of Management and Budget (OMB). The new rules will enforce more stringent privacy regulations outlined in the American ...