HIPAA

HIPAA Tip of the Month: Business Associates – Part 1

October 7th, 2013|

How do I determine who is a business associate?

According to the U.S. Department of Health and Human Services (HHS), the Privacy Rule defines a business associate as a person, other than a member of a covered entity’s workforce, who:

(1) Creates, receives, maintains, or transmits protected health information (PHI) for a function or activity regulated […]

HIPAA Tip of the Month: Breach

August 1st, 2013|

What is a Breach and what am I supposed to do if one occurs?

According to the U.S. Department of Health and Human Services (HHS), the Health Information Technology for Economic and Clinical Health (HITECH) Act requires HIPAA covered entities to provide notification to individuals when there has been a breach of their unsecured protected […]

HIPAA Security: I manage electronic patient health information. Now what?

May 16th, 2013|

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) required the Secretary of HHS to develop regulations protecting the privacy and security of certain health information. HHS developed what we commonly call the HIPAA Security Rule and the HIPAA Privacy Rule. Any “covered entity” is required to have a formal Privacy Policy and, […]

OCR Releases Guidance Regarding De-Identification of Protected Health Information

November 30th, 2012|

On November 26, 2012, the Office of Civil Rights (OCR) released guidance on the de-identification of protected health information (PHI) in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule.  This guidance provides an explanation of two methods for achieving de-identification of PHI:  Expert Determination and Safe Harbor.

What is […]

HIPAA Tip of the Month: Authorizations – Part 1

November 15th, 2012|

By Nikola Philpott
When is a covered entity required to obtain a written authorization for the use and discloser of protected health information? 

According to the U.S. Department of Health and Human Services (HHS), under the Privacy Rule, “a covered entity must obtain the individual’s written authorization for any use or disclosure of protected health information […]