HIPAA.com

Exploring HIPAA and HITECH Act Definitions: Part 2

From now through November, HIPAA.com is providing a run through of HIPAA transaction & code set, privacy, and security definitions, along with relevant HITECH Act definitions pertaining to breach notification and securing of protected health information. These definitions are key to understanding the referenced HIPAA and HITECH Act enabling regulations that are effective now and that will require compliance by covered entities and business associates now or in the months ahead, as indicated in HIPAA.com’s timeline. Each posting will contain three definitions, with a date reference to the Federal Register and citation to the Code of Federal Regulations (CFR). We begin the first series of postings with definitions from “Health…

Ed Jones5010Administrative Requirements, Breach Notification, business associates, CFR, Code of Federal Regulations, compliance, covered entities, data content, data element, data set, definition, effective, enabling regulations, Federal Register, Health Insurance Reform, HIPAA, HITECH Act, Privacy, securing of protected health information, Security, timeline, transaction & code setLeave a comment

Exploring HIPAA and HITECH Act Definitions: Part 1

Ed Jones5010Administrative Requirements, Breach Notification, business associates, CFR, Code of Federal Regulations, code set, code set maintenance organization, compliance, covered entities, data condition, definition, effective, enabling regulations, Federal Register, Health Insurance Reform, HIPAA, HITECH Act, January 16, Privacy, securing protected health information, Security, timeline, transaction & code setLeave a comment

Vendors and Physicians Partners in Meaningful Use?

The secure exchange of health information is dependent on both the practice and EHR vendors facilitating the secure electronic transactions and extracting data for reporting quality measures. Even early adopters of EHR systems must ask vendors if they will be ready for meaningful use reporting. The vendor’s response will impact cost, implementation timeline, workflow processes, reporting, and patient safety. A sampling of questions to ask include: Of my current health information exchange partners (labs, hospitals, pharmacies, imaging centers) where have you already built bi-direction interfaces with your EHR system? Does your system send e-prescribing alerts based on the content in the patient’s medication history? Does your system identify whether the…

Carolyn HartleyHealth IT and HITECHe-prescribing, EHR, EMR, implementation, Meaningful Use, vendors, workflowLeave a comment

Word of the Day: Pay-for-Performance

Pay-for-Performance: The use of incentives to encourage and reinforce the delivery of evidence-based practices in the health care system transformation that promote better outcomes as efficiently as possible.

Carolyn HartleyHealth IT and HITECHevidence based medicine, evidence-based, health care providers, incentives, word of the dayLeave a comment

Word of the Day: Interoperability

Interoperability: The ability to exchange and use information (usually in a large heterogeneous network made up of several local area networks). Interoperable systems reflect the ability of software and hardware on multiple machines from multiple vendors to communicate.

Carolyn HartleyHealth IT and HITECHcommunications, hardware, interoperability, network, software, word of the dayLeave a comment

Word of the Day: Electronic Media

Electronic Media: Electronic storage media including memory devices in computers (hard drives) and any removable/transportable digital memory medium, such as magnetic tape or disk, optical disk, or digital memory card; or transmission media used to exchange information already in electronic storage media. Transmission media include the Internet (wide open), extranet (using Internet technology to link a business with information accessible only to collaborating parties), leased lines, dial-up lines, private networks, and the physical movement of removable/transportable electronic storage media. Written communications sent via facsimile (not from one computer to another) and verbal information exchanges are not considered electronic media.

Carolyn HartleyHealth IT and HITECHcomputer storage, electronic media, storage, word of the dayLeave a comment

Word of the Day: Data Authentication

Data Authentication: The corroboration that data have not been altered or destroyed in an unauthorized manner.

Carolyn HartleyHealth IT and HITECHauthentication, data, Security, word of the dayLeave a comment

Is Certification a Surrogate for HIPAA Privacy and Security Training?

Several visitors to HIPAA.com have asked if ‘certification’ can substitute for compliance with the HIPAA Privacy and Security training standards and new Privacy requirements under the HITECH Act. Generally, certification is a snapshot in a moment of time. The Merrim-Webster’s Collegiate Dictionary (11th ed.) defines certification as the act or state of “attest[ing] as being true or as represented or as meeting a standard.” Certification generally is done by an external source. Training is an ongoing internal process for safeguarding protected health information from unauthorized use or disclosure as business policies and procedures evolve and regulatory standards are initiated or modified. Further, training requires that workforce members, including management, demonstrate…

Ed JonesPrivacy, Security45 CFR, 45 CFR Part 164, certification, compliance, TrainingLeave a comment

Three Key Properties of HIPAA Privacy and Security of Protected Health Information

HIPAA.com has received from its readers requests for information on topics related to HIPAA Administrative Simplification Privacy and Security Rules and to updates to those rules reflected in the HITECH Act provisions of the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009. Recently, HIPAA.com answered the question of particular interest to several readers: what exactly is protected health information (PHI)? In this posting, we answer the question: what are the fundamental properties that underlie privacy and security of protected health information? Three Key Properties The three key properties that underpin privacy and security under the Health Insurance Portability and Accountability Act (HIPAA) are availability,…

Ed JonesHealth IT and HITECH, HIPAA Law, Privacy, SecurityAdministrative Simplification, American Recovery and Reinvestment Act, August 24, authorized person, availability, Breach Notification, Code of Federal Regulations, confidentiality, February 17, Federal Register, guidance, HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT, HHS, HIPAA, HIPAA Privacy, HIPAA security, HITECH Act, indecipherable, integrity, Interim Final Rule, key properties, OCR, Office of Civil Rights, PHI, President Obama, protected health information, Security Standards, U.S. Department of Health and Human Services, unauthorized individuals, unauthorized persons, unauthorized processes, unreadable, unsecured protected health information, unusableLeave a comment

HIPAA ‘Protected Health Information’: What Does PHI Include?

HIPAA.com has received from its readers requests for information on topics related to HIPAA Administrative Simplification Privacy and Security Rules and to updates to those rules reflected in the HITECH Act provisions of the American Recovery and Reinvestment Act of 2009, signed by President Obama on February 17, 2009. Of particular interest to readers is: what exactly is protected health information (PHI)? Protected Health Information To get to protected health information, you have to examine two definitions that were in Section 1171 of Part C of Subtitle F of Public Law 104-191 (August 21, 1996): Health Insurance Portability and Accountability Act of 1996: Administrative Simplification. These statutory definitions are of…

Ed JonesAmerican Recovery and Reinvestment Act, HIPAA Law, Privacy, Securityaccount numbers, Administrative Simplification, American Recovery and Reinvestment Act of 2009, August 24, biometric identifiers, breach, Breach Notification, certificate/license numbers, CFR, Code of Federal Regulations, covered entity, dates, de-identification, derivation, device identifiers, Disclosure, electronic mail addresses, electronic media, employer, employment records, Family Educational Rights and Privacy Act, fax numbers, February 17, Federal Register, finger print, geographic subdivisions, health care clearinghouse, Health Care Provider, health information, Health Insurance Portability and Accountability Act of 1996, health plan, health plan beneficiary numbers, HIPAA, HITECH Act, Identifiers, implementation specification, inadvertent, Individually Identifiable Health Information, Interim Final Rule, IP address, license plate numbers, medical record numbers, names, PHI, photographic images, President Obama, Privacy Rule, protected health information, Public Law 104-191, re-identification, Security, Security Rule, serial numbers, social security numbers, standard, telephone numbers, unauthorized, unsecured protected health information, URLs, vehicle identifiers, voice print41 Comments