Related Stories

FTC Mandates Vendors Notify Patients of Breaches in Health Information - 11/07/2024

The Federal Trade Commission has amended its Health Breach Notification Rule to require vendors of personal health records and related entities not covered by HIPAA to notify individuals, the FTC, and, at times, the media, when a breach in protected health information occurs. The change will take effect July 29.


Risk Management - 08/15/2024

Practice e-Tips on Risk Management


Physicians Can Delegate Breach Notifications to Change Healthcare Following Cyberattack - 06/26/2024

The U.S. Department of Health and Human Services’ Office of Civil Rights announced  May 31 that covered entities – such as health plans, health care clearinghouses, and physicians – affected by privacy breaches stemming from the February cyberattack on Change Healthcare and its parent corporation UnitedHealth Group may delegate breach notifications to both companies.


HIPAA and Medical Power of Attorney - 03/20/2024

Does the HIPAA Privacy Rule change the way in which a person can grant another person medical power of attorney?


Stop Paying to Get Paid - 02/28/2024

Did you know you don’t have to accept health plan payment via virtual credit card? You have a right to request direct deposit.


Feds Update HIPAA Security Risk Assessment Tool - 11/01/2023

To aid small- and medium-sized practices in complying with the HIPAA Security Rule, federal officials have updated their risk assessment tool designed to help practices identify areas where electronic  protected health information (ePHI) is at risk.


Who Will Run Your Practice If You Can’t? - 08/23/2023

You might have given thought to what would happen to your solo practice and your family in the event of your death, but what if you have a serious accident or illness and are unable to work for, say, several months?


New Texas Law Shortens Data Breach Notification Period - 08/21/2023

Texas physician practices and other health care facilities soon will be required to give more timely and public notice of any breaches of computerized data, including electronic health records and billing information.


HIPAA Security Rule: Move It to Top of Mind - 08/07/2023

Problems with HIPAA Security Rule safeguards, both administrative and technical, continue to fall among the top five HIPAA security issues the U.S. Department of Health and Human Services identifies each year.


Security Risk Analysis for HIPAA — and Medicare/Medicaid? - 08/07/2023

Do you need to conduct a security risk analysis or review of your practice in the next 72 days?


Your Photocopier May Be a Security Risk - 08/07/2023

Don’t let this happen to you! A health plan paid a huge fine after it returned leased copiers that held protected health information.


Top Three Reasons Embezzlement Occurs - 10/11/2022

Medical practices suffer from one of the highest embezzlement rates of all service industries.Several factors can contribute to embezzlement. The top three are opportunity, pressure, and rationalization.


Did That Employee Quit, or Did You Fire Her? - 10/11/2022

The question of whether an employee quit or was fired is very important if the ex-employee files for unemployment benefits. It determines who has the burden of proof in the case. These tips from the Texas Workforce Commission can help you keep the onus of proof off you.


How to Delete Data — for Real - 10/07/2022

Whenever your practice scraps, trades in, donates, or sells electronic equipment, make sure the storage media is wiped clean of all data. Often your safest bet to remove the storage capabilities and destroy the hard drives or memory cards.


20 Everyday HIPAA Tips - 10/13/2021

 The goal of HIPAA is to make sure the protected health information you are responsible for or come into contact with remains confidential, secure, and available when you need it. Here are basic steps every practice can take to help make this happen.  


20 Everyday HIPAA Tips to Help You Stay Compliant - 10/13/2021

The goal of HIPAA is to make sure the protected health information you are responsible for or come into contact with remains confidential, secure, and available when you need it. Here are basic steps every practice can take to help make this happen.


Paying Employees for Lunch Break - 09/08/2021

Does your practice have clear policies regarding rest and meal breaks for hourly (nonexempt) employees?


Patient Privacy’s New Frontier: AMA Aims to Keep Apps Honest With Personal Health Data - 12/01/2020

In the evolving world of health information technology, some vendors that store and transmit health information – such as the tech minds behind certain mobile apps – are getting their hands on patient data without any HIPAA leash to rein in their use of it. Now, organized medicine is doing its part to preserve patients’ privacy when their health information finds its way outside of HIPAA-covered organizations.


Upgraded Free Tool Helps With HIPAA Compliance - 10/12/2020

If you participate in the Medicare Merit-Based Incentive Payment System (MIPS), you must complete your security risk assessment by Dec. 31. An upgraded tool from the U.S. Department of Health and Human Services might make the assessment easier.


Is Your Patients’ HIPAA-Protected Information Secure? - 05/13/2020

A guide from TMA-endorsed DocbookMD helps smaller practices understand the risks of using mobile devices and how to stay HIPAA-secure.


Taking Privacy to a New Level: Texas Lowers Reporting Threshold for Security Breaches - 01/27/2020

Federal requirements have not changed, but starting Jan. 1, breach notification requirements will become even more stringent for Texas physicians or medical entities. The Texas Legislature dropped the threshold for breach reporting from 500 patients to 250. House Bill 4390 also requires medical entities to report breaches to the Texas attorney general’s office within 60 days of the breach.


Laptop Encryption Helps You Stay HIPAA Compliant - 12/19/2019

If you or your practice store financial or patient information on laptop computers, you could face hefty fines if those devices are lost or stolen. Thankfully, one important step toward protecting patient data, and yourself, is simple thanks to widely available encryption tools.


Don’t Let it Happen to You: Practice Fined Over Social Media - 12/09/2019

As more people go online to research products and services, online reputation management has become increasingly relevant for physicians.Because of the HIPAA Privacy Rule, physicians cannot respond to online reviews in any way that reveals PHI. Even if a patient discloses their own personal information in a review, physicians cannot respond with the same level of disclosure.


What Are HIPAA Transaction and Code Sets Standards? - 10/29/2019

Learn about the HIPAA Transactions and Code Sets Rule that standardizes electronic data interchange (EDI) transactions for submitting, processing, and paying claims. Has your practice met the required standards?


Don’t Try This at Work: Security Risk Analysis Is Not a Do-It-Yourself Project - 08/02/2019

Medicare’s Merit-Based Incentive Payment System (MIPS) requires practices to conduct a security risk analysis at least once a year. HIPAA requires at least one analysis, and annual check-ups are considered a best practice. Many physicians find out through these reports that their practices have a lot of work to do to keep patient records safe.