For many years, medical practices that are HIPAA covered entities have worked long and hard to comply with privacy and security provisions of the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
Complying With HIPAA Security
Do you have — and use — clear procedures in your practice to prevent, detect, contain, and correct security violations? The HIPAA Security Rule requires it. The HIPAA Security Rule aims to protect e-PHI confidentiality, integrity, and availability. The Security Rule offers detailed instructions for implementing particular standards, but some of these are “addressable,” which means each medical practice must decide whether it is a reasonable and appropriate safeguard in that practice’s environment. Complying With HIPAA Security will help you identify your practice’s security risks; apply techniques and policies needed to comply with HIPAA Security, HITECH, and Texas privacy laws; and explain enforcement of and penalties for privacy breaches at the federal and state levels. Don't miss the companion publication: HIPAA Security: Compliance and Case Studies
Education: View TMA's educational programs on HIPAA privacy and security compliance.
E-tips: TMA offers physicians (general information) advice on issues related to HIPAA compliance.
DocbookMD Secure Messaging: Use this free HIPAA-compliant application, available to TMA members and staff
HIPAA Security Risk Tool From HHS
Meaningful Use HIPAA Security Risk Analysis (Action, Oct. 15, 2012)
HIPAA Compliance Consulting Services: ensure your practice is compliant with help from TMA’s certified HIPAA compliance officer
Download a sample Business Associates Agreement.
Download a Notice of Privacy Practices.
Download a Sample Authorization Form to use or disclose protected health information.
Thorough Risk Analysis Key to HIPAA Preparedness (Action, Sept. 2, 2014)Deadline for Business Associate Agreements: Sept. 22 (E-Tips, Aug. 26, 2014)New HIPAA Security Risk Tool From HHS (Action, Apr. 15, 2014)Tougher New HIPAA Rules in Effect (Texas Medicine, October 2013) HIPAA Security Requires Practice Risk Analysis (Action, Aug. 16, 2013)New Business Associate Agreement Rules Among HIPAA Changes (E-Tips, Aug. 13, 2013)Breach Notification Rules Get a Makeover (E-Tips, Aug. 13, 2013)New HIPAA Compliance Date Approaches (Action, Aug. 1, 2013)Privacy and security update: risk analysis for health care professionals (TMLT article, Mar.15, 2013) HIPAA and Medical Power of Attorney (E-Tips, Feb. 11, 2013)Eight Steps to a HIPAA Security Risk Analysis (E-Tips, Feb. 11, 2013) Health Plan Requests for PHI (E-Tips, Feb. 11, 2013) How to Render PHI "Deidentified" (E-Tips, Jan. 23, 2013) HIPAA Privacy Training: Why Now Is a Good Time Zip It! Feds, State Strengthen Privacy Protection (Texas Medicine, July 2012) Texas Privacy: New Law Protects Health Information (Texas Medicine, Dec. 2011) TMA’s comments on HHS Accounting of Disclosures proposed rule (Aug. 1, 2011)What You Need to Know about the New HIPAA Breach Notification Rule (PDF) - AMA Education The National Provider Identifier Fact Sheet (PDF) (CMS, January 2006)Education: Is Your Practice Compliant with HIPAA Privacy Laws? (Action, Jan. 3, 2014)Complying With HIPAA and Texas Privacy Laws on-demand webinar HIPAA Training for Medical Office Staff on-demand webinar Complying With HIPAA Security on-demand webinar
See more on HIPAA in the TMA Education Center.
DocbookMD Find out about this HIPAA-compliant communication tool for your smartphone or tablet.
U.S. Department of Health and Human ServicesView frequently-asked questions, rules, enforcement plans, etc.
Privacy and security update: risk analysis for health care professionals (TMLT article, Mar. 15, 2013)
HIPAA News Archive The history, politics and changing concepts behind HIPAA are chronicled in the archived articles.
Complexity of HIPAA Enforcement – Workgroup for Electronic Data Interchange (WEDI)
Omnibus Final Rule – Section by Section Comparative Summary (WEDI)
Business Associate Decision Tree (WEDI)
HIPAA Education Modules:The federal Office of Civil Rights (OCR) released three modules for physicians on compliance with various aspects of the HIPAA Privacy and Security Rules, available at Medscape.org:
1. Patient Privacy: A Guide for Providers
2. HIPAA and You: Building a Culture of Compliance
3. Examining Compliance with the HIPAA Privacy Rule The Medscape modules offer free Continuing Medical Education (CME) credits for physicians.For more information, please visit http://www.hhs.gov/ocr/privacy.