HIPAA Final Rule: More on Uses and Disclosures of Protected Health Information of Decedents

Today, we continue going through the HIPAA Privacy Rule, section by section, as modified in the Final Rule:  Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act [HITECH Act] and the Genetic Information Nondiscrimination Act; Other Modifications of the HIPAA Rules, which was published in the Federal Register on January 25, 2013.  The effective date of the Final Rule is March 26, 2013, and covered entities and business associates must comply by September 23, 2013. Our focus yesterday was on the modified rule: 45 CFR 164.502(f): Standard:  Deceased individuals. Today, we finish up with a related modified…

READ MORE

Five HIPAA Compliance Activities Your Organization Must Undertake

HIPAA Administrative Simplification was enacted on August 21, 1996 as Subtitle F of Title II of Public Law 104-191. The so-called HITECH Act “Omnibus” regulation that modifies HIPAA privacy and security provisions will be published in the Federal Register by the end of this summer, according to the head of HHS’ National Coordinator for Health Information Technology, Farzad Mostashari, M.D. Based on the timeline in the Notice of Proposed Rule Making, compliance by all covered entities and their business associates would be required 240 days after publication, most likely sometime in May 2013, assuming the end-of-summer deadline is met.  All covered entities and their business associates will be required to comply with provisions of…

READ MORE

Contingency Plan-What This HIPAA Security Rule Administrative Safeguard Standard Means

This is the seventh Administrative Safeguard Standard of the HIPAA Administrative Simplification Security Rule.  It has five implementation specifications:  Data backup plan; Disaster recovery plan; Emergency mode operation plan; Testing and revision procedures; and Applications and data criticality analysis.  The first three are required; the last two are addressable.  Addressable does not mean optional.  Rather, an addressable implementation specification means that a covered entity must use reasonable and appropriate measures to meet the standard.  Further, as HIPAA.com has noted earlier, business associates also will be required to comply with the Security Rule standards, effective February 17, 2010. If a fire swept through a covered entity’s facility, the covered entity would…

READ MORE