AIS's HIPAA Compliance Center
Web Site Access • Narrative Sections • Monthly Newsletters • Government Documents
Atlantic Information Services, Inc., Washington, D.C. • www.AISHealth.com
Newsletter Report
on Patient Privacy
Privacy
(1) General Privacy Requirements
(2) Preemption of State Law
(3) Getting Organized for Compliance
(4) Gap Analysis and Project Planning
(5) Completing a Risk Assessment
(6) Patients' Rights
(7) Use and Disclosure of PHI
(8) PHI and Research
(9) Safeguarding PHI
(10) Reserved
(11) Employee Education and Training
(12) Marketing and Fundraising
(13) Recordkeeping and Reporting
(14) Privacy Audits
(15) Implications for Employers
 
Security
(16) Overview of the Security Rule
(17) General Framework
(18) Security and Privacy
(19) Security Management
(20) Risk Analysis and Management
(21) Contingency Planning
(22) Contingency Planning, Business Continuity and Disaster Recovery
(23) Workforce, Physicians and Contractors
(24) Training and Education
(25) Reserved
(26) Standards for Physical Safeguards
(27) Standards for Technical Safeguards
(28) Security Auditing and Audit Controls
(29) Data Security Audits
(30) Electronic Signatures
 
Privacy and Security
(40) Selecting and Implementing EHRs/PHRs
(41) Breach Notification Requirements
(42) Business Associates
 
 

Chronology of All Changes in Site

August 3, 2010 — Report on Patient Privacy

The August issue of Report on Patient Privacy has been posted.

July 6, 2010 — Report on Patient Privacy

The July issue of Report on Patient Privacy has been posted.

June 1, 2010 — Report on Patient Privacy

The June issue of Report on Patient Privacy has been posted.

May 27, 2010 — Revised Content

Narrative Sections
New Section (42), Business Associates combines Privacy Section (10) and Security Section (25) and adds the HITECH requirements that apply to business associates.

Government Documents
Links have been updated
New documents have been added
Draft Risk Assessment Guidance, OCR
Safeguarding Health Information, OCR, NIST (conference materials)

May 3, 2010 — Report on Patient Privacy

The May issue of Report on Patient Privacy has been posted.

April 1, 2010 — Report on Patient Privacy

The April issue of Report on Patient Privacy has been posted.

March 3, 2010 — Report on Patient Privacy

The March issue of Report on Patient Privacy has been posted.

February 19, 2010 — Revised Content
  • Privacy (6) Patients’ Rights
    • ¶1300 Added cross-references
    • ¶1321 Updated this section to reflect the restrictions on PHI that the covered entity must agree to as of Feb. 17, 2010
    • ¶1329 Updated the policy and procedure on Requesting Restrictions on Uses and Disclosures to state the restrictions the covered entity must comply with
    • ¶1330 Incorporates the HITECH Act’s extension of an individual’s access to PHI to the electronic health record
    • ¶1335 Adds electronic health records to the discussion of fees
    • ¶1350 Updates section with HITECH requirement for accounting of disclosures from electronic health record
    • ¶1353.2 Incorporates the two processes from the HITECH Act that covered entities may use to comply with the EHR accounting for disclosures requirement
    • ¶1360 Updates the individual rights checklist with HITECH requirements
  • Privacy (7) Uses and Disclosures of PHI
    • ¶1529 Updated policy and procedure on use and disclosure of PHI when no payment is involved
    • ¶1530 This new section summarizes the HITECH Act prohibition on selling PHI or electronic health records.
February 3, 2010 — Report on Patient Privacy

The February issue of Report on Patient Privacy has been posted.

January 5, 2010 — Report on Patient Privacy

The January issue of Report on Patient Privacy has been posted.

December 4, 2009 — Report on Patient Privacy

The December issue of Report on Patient Privacy has been posted.

November 4, 2009 — Report on Patient Privacy

The November issue of Report on Patient Privacy has been posted.

October 30, 2009 — New Content

Added to Government Documents

  • HHS, HIPAA Administrative Simplification: Enforcement; Interim Final Rule, 74 Fed. Reg. 56123 (Oct. 30, 2009), which implements the HITECH Act penalty provisions
October 1, 2009 — Report on Patient Privacy

The October issue of Report on Patient Privacy has been posted.

September 4, 2009 — Report on Patient Privacy and New Content

The September issue of Report on Patient Privacy, including news of HHS's release of the security breach notice regulations, has been posted.

The new Narrative Section (41) Breach Notification Requirements also has been posted, and links to the preamble and regulatory language were added to Government Documents.

August 4, 2009 — Report on Patient Privacy

The August issue of Report on Patient Privacy has been posted. This issue includes the breaking news alert, "HIPAA Security Rule Enforcement Moved From CMS to OCR." This news also has been noted in Privacy Section (1) ¶180 and Security Section (16) ¶130.

August 3, 2009 — Revised Content

This update incorporates changes made by the HITECH Act into the following sections:

  • Privacy Section (1) General Privacy Requirements
    • ¶100 Effective Dates for Privacy Provisions of HITECH Act
    • ¶115 Business Associates
    • ¶134 Marketing
    • ¶135 Fundraising
    • ¶140 Minimum Necessary Standard
    • ¶163 Right to an Accounting of Disclosures
    • ¶180 Complaints, Noncompliance, and Enforcement
  • Government Documents
    • Links to the HITECH Provisions of Pub. L. No. 111-5 and to the Conference Report
    • Updated links to the Code of Federal Regulations
    • Updated links for Compliance and Enforcement Web pages
July 2, 2009 — Report on Patient Privacy

The July issue of Report on Patient Privacy has been posted.

June 2, 2009 — Report on Patient Privacy

The June issue of Report on Patient Privacy has been posted.

May 4, 2009 — Report on Patient Privacy

The May issue of Report on Patient Privacy has been posted.

April 2, 2009 — Report on Patient Privacy

The April issue of Report on Patient Privacy has been posted.

March 9, 2009 — Report on Patient Privacy

The special March issue of Report on Patient Privacy — with in-depth coverage of HIPAA privacy and security provisions in the new stimulus law —has been posted.

Feb. 3, 2009 — Report on Patient Privacy and Government Documents

The February issue of Report on Patient Privacy has been posted.

The Privacy and Security Measures in 2009 Economic Stimulus Legislation, H.R. 1 were added to Government Documents.

Jan. 8, 2009 — Report on Patient Privacy

The January issue of Report on Patient Privacy has been posted.

Dec. 16, 2008 — New and Revised Content

New Section

Revisions to Sections

  • Use of a resolution agreement to settle cases of privacy and security violations (Privacy Section 1, ¶180, and Security Section 16, ¶130)
  • Added OCR Q&A on suspension of HIPAA privacy rules during a national or public health emergency (Privacy Section 7, ¶1596.10)
  • Updated list of NIST resources (Security Section 17, ¶360)
  • Updated discussion of security incident procedures and security incident handling checklist with information from the revised NIST Security Incident Guide (Security Section 19, ¶1060)

New Link to Government Documents

  • HHS/ED Joint Guidance on the Application of FERPA and HIPAA to Student Health Records, posted Nov. 25, 2008
Dec. 4, 2008 — Report on Patient Privacy

The December issue of Report on Patient Privacy has been posted.

Nov. 5, 2008 — Report on Patient Privacy

The November issue of Report on Patient Privacy has been posted.

Nov. 3, 2008 — Goverment Documents

Link to the Oct. 30 Office of Inspector General audit report (A-04-07-05064) on CMS's enforcement of the HIPAA security rule was added to Government Documents.

Oct. 2, 2008 — Report on Patient Privacy

The October issue of Report on Patient Privacy has been posted.

Sept. 22, 2008 — Goverment Documents

Links posted to Office for Civil Rights, Guidance on Communications with Family, Friends, or Others Involved in a Patient's Care - September 16, 2008

Sept. 8, 2008 — Report on Patient Privacy

The September issue of Report on Patient Privacy has been posted.

Aug. 5, 2008 — Report on Patient Privacy

The August issue of Report on Patient Privacy has been posted.

July 2, 2008 — Report on Patient Privacy

The July issue of Report on Patient Privacy has been posted.

June 30, 2008 — Site launched

Welcome to www.AISHIPAA.com, your one-stop source for news and strategies on patient privacy and data security.

   
     

Copyright © 2010 by Atlantic Information Services, Inc. (AIS). All rights reserved.
AIS -
1100 17th Street, NW, Suite 300, Washington, D.C. 20036
Phone 202-775-9008 or 800-521-4323; E-mail
customerserv@aispub.com