TMA offers physicians advice on issues related to HIPAA compliance.
20 Everyday HIPAA Tips (Apr. 13, 2015)
The goal of HIPAA is to make sure the protected health information you are responsible for or come into contact with remains confidential, secure, and available when you need it. Here are basic steps every practice can take to help make this happen.
Put These Plans in Writing (Feb. 6, 2015)
For some government programs, it is not acceptable to have only a compliance strategy; each practice must have a written plan as well. A good written plan can reduce the number of innocent mistakes and will go a long way toward audit avoidance.
Be Tech Savvy on the Road (Dec. 10, 2014)
Be smart when using technology on the road! Use these tips to stay HIPAA compliant.
Security Alert: Are Your Browsers Vulnerable to POODLE? (Nov. 11, 2014)
Many of us take for granted that if we’re diligent about keeping our systems current with the latest security updates, we’re protected from threats. Unfortunately, this isn’t the case.
Deadline for Business Associate Agreements: Sept. 22 (Aug. 26, 2014)
If you are a HIPAA covered entity, all of your business associate (BA) agreements must comply with the HIPAA Omnibus Rule by Sept. 22, 2014.
HIPAA and Posting of Notice of Privacy Practices (Nov. 22, 2013)
Our notice of privacy practices (NPP) is several pages long. Does HIPAA require us to post each page on the wall in our waiting room?
New HIPAA Forms You Must Use (Sept. 12, 2013)
The 2013 HIPAA omnibus rules require that you update your business associate (BA) agreements and notice of privacy practices (NPP).
Your Photocopier May Be a Security Risk (Sept. 12, 2013)
If you have a digital copier in your office, remember that it’s a computer with a hard drive and storage media. As with any computer, simply deleting files doesn’t make them go away. Instead, deleting frees up storage space by allowing the computer to overwrite those files with new data. Until they are overwritten, the files are retrievable.
Love Your Smartphone? Be Secure (Aug. 27, 2013)
Physicians who text each other or their staff clinical information risk exposing themselves to the privacy and security violations of HIPAA unless they use a secure messaging app that encrypts messages as they pass through all four points of contact.
New Business Associate Agreement Rules Among HIPAA Changes (Aug. 13, 2013)
If you are a covered entity under HIPAA, the 2013 HIPAA omnibus rules say you must update any BA agreement you entered into (or amended) after Jan. 25, 2013, by Sept. 23, 2013, to address newly mandated provisions in the rules.
HIPAA Security Rule: Time to Move It to Top of Mind (May 6, 2013)
Recently completed privacy and data-security pilot audits conducted for the U.S. Department of Health and Human Services Office for Civil Rights (OCR) revealed that practices are struggling to comply with electronic data security.
Destroy Medical Records (Feb. 28, 2013)
When medical records are eligible for destruction, they can be shredded or burned,. Follow these guidelines for secure records destruction.
HIPAA and Medical Power of Attorney (Feb. 11, 2013)
Q. Does the HIPAA Privacy Rule change the way in which a person can grant another person medical power of attorney?
Eight Steps to a HIPAA Security Risk Analysis (Feb. 11, 2013)
Both HIPAA auditors and anecdotal reports from around Texas indicate many practices are failing to complete basic HIPAA-required tasks, such as conducting a risk analysis and giving out a Notice of Private Practices.
Health Plan Requests for PHI (Feb. 11, 2013)
Q. When a commercial health plan requests protected health information (PHI) about one of our patients, are we safe in assuming this disclosure of PHI falls under HIPAA’s “TPO” exception, which says we are allowed to disclose PHI for reasons of “treatment, payment, or health care operations”?
HIPAA Privacy Rule and Workers’ Comp (Jan. 24, 2013)
Under the HIPAA Privacy Rule, can my office send supporting documentation (medical records) with our bills to a workers’ compensation insurance carrier without special authorization from the injured employee who is our patient?
How to Render PHI “Deidentified” (Jan. 22, 2013)
Q. I need to provide an insurance company a deidentified sampling of medical records from my practice for initial credentialing. What, precisely, defines a “deidentified” record?
HIPAA Security: What Risks Are Realistic for Your Practice? (Sept. 13, 2012)
Is your practice on the coast in hurricane territory? Is your practice management system on a computer network? These are some of the factors practices should consider when assessing the security of their patients’ electronic protected health information (e-PHI).
HIPAA Privacy Protections and Child Abuse Reporting: Not a Conflict (Mar. 14, 2007)
Texas law requires physicians to report suspected child abuse to the appropriate authority. Does the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule preempt this state law?
Who Enforces HIPAA Standards? (Mar. 2, 2007)
Who enforces HIPAA standards? The Health and Human Services (HHS) Office for Civil Rights enforces HIPAA privacy standards. Now, HHS has designated the Centers for Medicare and Medicaid Services to enforce HIPAA administrative simplification provisions.
Back to HIPAA Resources
View more practice e-Tips on HIPAA:
Are You a “Covered Entity” Under HIPAA?
Consent vs. Authorization Under HIPAA
Handling Patient Charts Under HIPAA
Verify Auditor Credentials
What’s Up on Your Walls?
HIPAA Privacy Protections and Child Abuse Reporting: Not a Conflict
HIPAA Privacy Rule and Workers’ Comp
HIPAA Privacy Training: Why Now Is a Good Time
HIV in the Medical Record
How to Handle a PHI Leak
HIPAA: The Transactions and Code Sets Rule