Health Information Compliance Alert

Ask Yourself These Privacy Rule Questions

Published on Tue Dec 11, 2018

PDF Audio

Ensure your protocols hold up under scrutiny.

Whether your practice experiences a HIPAA violation or is part of an HHS Office for Civil Rights (OCR) audit, it’s important to annually review your administrative safeguards pertaining to patients’ privacy.

Context: For Allergy Associates’ of Hartford, PC (Allergy Associates) Corrective Action Plan, the practice is required “to develop, maintain, and revise, as necessary, its written policies and procedures to comply with the federal standards that govern the privacy of individually identifiable health information” that relate to sections 45 CFR part 160 and subparts A and E of part 164 of the HIPAA Privacy Rule, outlined the OCR in the Resolution Agreement. The small specialty practice did not follow through on its part to sanction the covered entity (CE), who exposed the individual’s protected health information (PHI) to the media, suggests the documents.

This case emphasizes the importance of HIPAA planning for small practices, which can be audited just as easily as large hospital systems. According to OCR guidance, “every covered entity [CE] and business associate [BA] is eligible for an audit.”

If you’re worried about your administrative policies heading into 2019, check your HIPAA plan against these questions to see if you are properly addressing all your privacy risks:

Is there a privacy officer or compliance team designated in your office?
Do you have the contact information for your compliance officials readily available?
Are you educating staff on HIPAA regulations and requirements as risks evolve?
What are your policies and procedures for patients to file a HIPAA complaint?
Do you have a plan for a quick response to a violation?
Are your HIPAA agreements with BAs airtight?
Do you have workforce sanctions in place for CEs and BAs who violate HIPAA?
Do you have clear procedures on what constitutes a reportable violation?

Resource: For in-depth OCR guidance on the HIPAA Privacy Rule, visit www.hhs.gov/hipaa/for-professionals/privacy/index.html.

Health Information Compliance Alert

Case Study:
Does Big Fine for Single HIPAA Violation Spell Trouble for Providers?
Hint: Protecting even one patient’s privacy still matters to OCR. In most cases, it’s only [...]

Ask Yourself These Privacy Rule Questions
Ensure your protocols hold up under scrutiny. Whether your practice experiences a HIPAA violation or [...]

Promoting Interoperability:
CMS Overhauls Promoting Interoperability for 2019
Plus: 2015 Edition EHR now required for MIPS providers. If you thought the regulation merry-go-round [...]

Check Out 3 Award-Winning 2015 Edition CEHRT Products
HHS releases its CHPL Data Challenge winners. With the 2015 Edition Certified EHR Technology (CEHRT) [...]

Cybersecurity:
Combat Data Breaches in 2019 with These Expert Tips
Hint: There’s more to a risk analysis than an EHR check-up. If you haven’t analyzed [...]

Toolkit:
Thwart Inside Threats With These Pointers
Tip: Implement multi-factor authentication on all your devices. The news is always ripe with tales [...]

View All