HIPAA on the PRMS Blog

Background: Under HIPAA’s Breach Notification Rule, individuals must be notified if their protected health information (PHI), which includes demographic and medical information, has been improperly accessed or disclosed. However, if the information is encrypted consistent the National Institute of Standards and Technology (NIST) guidance, using the Advanced Encryption Standa ...

Posted:

1.  Encrypt! Admittedly, this lesson should have been learned quite some time ago. In 2014, one-third of Office of Civil Rights’ (OCR) resolution agreements were related to the improper disclosure of protected health information (PHI) due to the theft of an electronic portable device.  In 2015, half of OCR’s case resolution agreements involved the theft of portable devices.  W ...

Posted:
Categories: HIPAA, Risk Management

On January 4th, President Obama released a series of executive actions to reduce gun violence, including a final rule from the Department of Health and Human Services.  This final rule amends HIPAA’s Privacy Rule to “remove unnecessary legal barriers preventing States from reporting relevant information about people prohibited from possessing a gun for specific mental health ...

Posted:
Categories: PRMS Blog, HIPAA

Since my original post on physicians’ online marketing, I’ve received requests for more information on the topic. So here are my expanded thoughts – Websites Websites can be a great way to market your practice online.In terms of professional liability, the greater the interaction on a physician’s website, the greater the risk.A simple, non-interactive practice information w ...

Posted:

Two news items caught my attention today – both involved radiologists and HIPAA violations: 1. MORE DUMPED RECORDS: According to the report, a customer noticed 65 boxes of medical records, including social security numbers, in a dumpster at a storage unit facility. The records belonged to a radiology group that had disbanded, and ultimately failed to pay for continued storag ...

Posted:

May is Mental Health Awareness Month. While it is great to recognize and educate everyone on the issue of mental health, I want to take a moment to recognize and thank the psychiatrists and other mental health professionals for all they do under what can be very tough circumstances. My comments are focused on psychiatrists because my team of risk managers has the most interac ...

Here are my top four things to consider before using Skype – or any other technology – for telemedicine: 1) Does the technology comply with HIPAA’s requirements? Under the Privacy Rule, the technology vendor is a Business Associate if it stores (for any amount of time, no matter how short) or has access to protected health information (patient demographic and medical informati ...

Posted:

Since our Program has insured tens of thousands of psychiatrists over almost 30 years, it won’t surprise anyone that we have been studying and educating psychiatrists on HIPAA since 2000. We’ve presented entire CME seminars devoted to HIPAA, as well as covered HIPAA as one of many topics in our other seminars. But fourteen years after the healthcare world first heard of HIPAA, ...

Posted:
Categories: PRMS Blog, HIPAA

The title of this post is shown in quotation marks because it’s exactly how the Subcommittee on Oversight and Investigations of the U.S. House Committee on Labor and Commerce styled a hearing held on April 26, 2013. The witness statements and other material submitted to the Subcommittee can be found here. The chair of the subcommittee, Hon. Tim Murphy of the 18th District of ...

Posted:

We’re a few days into 2013 and you’ve probably been able to keep your New Year’s resolutions so far. But if you haven’t, or if you haven’t made any and you need some suggestions, you’ve come to the right place. Here are PRMS’ recommendations for 2013 resolutions… 1. I will have an understanding of what is required by the HIPAA regulations, such as the Privacy Rule and the Secu ...

Posted: