Chronology of All Changes in Site

August 3, 2010 — Report on Patient Privacy

The August issue of Report on Patient Privacy has been posted.

July 6, 2010 — Report on Patient Privacy

The July issue of Report on Patient Privacy has been posted.

June 1, 2010 — Report on Patient Privacy

The June issue of Report on Patient Privacy has been posted.

May 27, 2010 — Revised Content

Narrative Sections
New Section (42), Business Associates combines Privacy Section (10) and Security Section (25) and adds the HITECH requirements that apply to business associates.

Government Documents
Links have been updated
New documents have been added
Draft Risk Assessment Guidance, OCR
Safeguarding Health Information, OCR, NIST (conference materials)

May 3, 2010 — Report on Patient Privacy

The May issue of Report on Patient Privacy has been posted.

April 1, 2010 — Report on Patient Privacy

The April issue of Report on Patient Privacy has been posted.

March 3, 2010 — Report on Patient Privacy

The March issue of Report on Patient Privacy has been posted.

February 19, 2010 — Revised Content

• Privacy (6) Patients’ Rights
• ¶1300 Added cross-references
• ¶1321 Updated this section to reflect the restrictions on PHI that the covered entity must agree to as of Feb. 17, 2010
• ¶1329 Updated the policy and procedure on Requesting Restrictions on Uses and Disclosures to state the restrictions the covered entity must comply with
• ¶1330 Incorporates the HITECH Act’s extension of an individual’s access to PHI to the electronic health record
• ¶1335 Adds electronic health records to the discussion of fees
• ¶1350 Updates section with HITECH requirement for accounting of disclosures from electronic health record
• ¶1353.2 Incorporates the two processes from the HITECH Act that covered entities may use to comply with the EHR accounting for disclosures requirement
• ¶1360 Updates the individual rights checklist with HITECH requirements

• Privacy (7) Uses and Disclosures of PHI
• ¶1529 Updated policy and procedure on use and disclosure of PHI when no payment is involved
• ¶1530 This new section summarizes the HITECH Act prohibition on selling PHI or electronic health records.

• Privacy (10) Business Associates
• ¶3500 Added citation to the HITECH breach enforcement rule to business associate note

• Privacy (12) Marketing and Fundraising
• Updated the entire section, including policies and procedures with the HITECH provisions, effective Feb. 17, 2010

• Security (25) Business Associates
  • ¶2100 Added citation to the HITECH breach enforcement rule to business associate note

February 3, 2010 — Report on Patient Privacy

The February issue of Report on Patient Privacy has been posted.

January 5, 2010 — Report on Patient Privacy

The January issue of Report on Patient Privacy has been posted.

December 4, 2009 — Report on Patient Privacy

The December issue of Report on Patient Privacy has been posted.

November 4, 2009 — Report on Patient Privacy

The November issue of Report on Patient Privacy has been posted.

October 30, 2009 — New Content

Added to Government Documents

• HHS, HIPAA Administrative Simplification: Enforcement; Interim Final Rule, 74 Fed. Reg. 56123 (Oct. 30, 2009), which implements the HITECH Act penalty provisions

October 1, 2009 — Report on Patient Privacy

The October issue of Report on Patient Privacy has been posted.

September 4, 2009 — Report on Patient Privacy and New Content

The September issue of Report on Patient Privacy, including news of HHS's release of the security breach notice regulations, has been posted.

The new Narrative Section (41) Breach Notification Requirements also has been posted, and links to the preamble and regulatory language were added to Government Documents.

August 4, 2009 — Report on Patient Privacy

The August issue of Report on Patient Privacy has been posted. This issue includes the breaking news alert, "HIPAA Security Rule Enforcement Moved From CMS to OCR." This news also has been noted in Privacy Section (1) ¶180 and Security Section (16) ¶130.

August 3, 2009 — Revised Content

This update incorporates changes made by the HITECH Act into the following sections:

• Privacy Section (1) General Privacy Requirements
  • ¶100 Effective Dates for Privacy Provisions of HITECH Act
  • ¶115 Business Associates
  • ¶134 Marketing
  • ¶135 Fundraising
  • ¶140 Minimum Necessary Standard
  • ¶163 Right to an Accounting of Disclosures
  • ¶180 Complaints, Noncompliance, and Enforcement

• Privacy Section (10) Business Associates
• ¶3500 Introduction

• Privacy Section (12) Marketing and Fundraising
  • ¶4521 The Exception to the Exclusions
  • ¶4531.1 The Federal Trade Commission
  • ¶4551 The Opt-Out Requirement

• Security Section (16) Overview of the Security Rule
  • ¶110 Who Is Covered
  • ¶132 Compliance and Enforcement
  • ¶134 Civil Monetary Penalties
  • ¶140 Responding to a Security Breach

• Security Section (25) Business Associates
  • ¶2100  Introduction

• Government Documents
  • Links to the HITECH Provisions of Pub. L. No. 111-5 and to the Conference Report
  • Updated links to the Code of Federal Regulations
  • Updated links for Compliance and Enforcement Web pages

July 2, 2009 — Report on Patient Privacy

The July issue of Report on Patient Privacy has been posted.

June 2, 2009 — Report on Patient Privacy

The June issue of Report on Patient Privacy has been posted.

May 4, 2009 — Report on Patient Privacy

The May issue of Report on Patient Privacy has been posted.

April 2, 2009 — Report on Patient Privacy

The April issue of Report on Patient Privacy has been posted.

March 9, 2009 — Report on Patient Privacy

The special March issue of Report on Patient Privacy — with in-depth coverage of HIPAA privacy and security provisions in the new stimulus law —has been posted.

Feb. 3, 2009 — Report on Patient Privacy and Government Documents

The February issue of Report on Patient Privacy has been posted.

The Privacy and Security Measures in 2009 Economic Stimulus Legislation, H.R. 1 were added to Government Documents.

Jan. 8, 2009 — Report on Patient Privacy

The January issue of Report on Patient Privacy has been posted.

Dec. 16, 2008 — New and Revised Content

New Section

• Privacy and Security (40): Selecting and Implementing EHRs/PHRs
  by Chris Apgar, Apgar and Associates

Revisions to Sections

• Use of a resolution agreement to settle cases of privacy and security violations (Privacy Section 1, ¶180, and Security Section 16, ¶130)
• Added OCR Q&A on suspension of HIPAA privacy rules during a national or public health emergency (Privacy Section 7, ¶1596.10)
• Updated list of NIST resources (Security Section 17, ¶360)
• Updated discussion of security incident procedures and security incident handling checklist with information from the revised NIST Security Incident Guide (Security Section 19, ¶1060)

New Link to Government Documents

• HHS/ED Joint Guidance on the Application of FERPA and HIPAA to Student Health Records, posted Nov. 25, 2008

Dec. 4, 2008 — Report on Patient Privacy

The December issue of Report on Patient Privacy has been posted.

Nov. 5, 2008 — Report on Patient Privacy

The November issue of Report on Patient Privacy has been posted.

Nov. 3, 2008 — Goverment Documents

Link to the Oct. 30 Office of Inspector General audit report (A-04-07-05064) on CMS's enforcement of the HIPAA security rule was added to Government Documents.

Oct. 2, 2008 — Report on Patient Privacy

The October issue of Report on Patient Privacy has been posted.

Sept. 22, 2008 — Goverment Documents

Links posted to Office for Civil Rights, Guidance on Communications with Family, Friends, or Others Involved in a Patient's Care - September 16, 2008

Sept. 8, 2008 — Report on Patient Privacy

The September issue of Report on Patient Privacy has been posted.

Aug. 5, 2008 — Report on Patient Privacy

The August issue of Report on Patient Privacy has been posted.

July 2, 2008 — Report on Patient Privacy

The July issue of Report on Patient Privacy has been posted.

June 30, 2008 — Site launched

Welcome to www.AISHIPAA.com, your one-stop source for news and strategies on patient privacy and data security.