Posts Categorized: HIPAA Privacy & Security

HIPAA Electronic Certification Rules Withdrawn

in HIPAA Privacy & Security

Proposed rules issued January 2, 2014 would have required certain health plans (including self-insured health plans) to certify compliance with three of the HIPAA rules relating to electronic transactions. These certification requirements were viewed as fairly onerous, particularly for self-insured plans that rely on their third party administrators for such transactions. More specifically, these rules would have required controlling health plans to demonstrate compliance with the electronic standard transactions related to eligibility for the health plan, health care claims status and health care electronic fund transfers (such as payment) and remittance advice (such as EOBs). Penalties would have been assessed… Continue Reading

Now is a Good Time to Review Your HIPAA Policies

in HIPAA Privacy & Security

The HHS Office for Civil Rights (OCR) has announced it is increasing its investigations of breaches of unsecured protected health information (PHI) affecting fewer than 500 individuals. As a reminder, the HIPAA Breach Notification Rule requires breaches of unsecured PHI to be reported; breaches involving fewer than 500 participants must be reported to the Secretary of HHS annually.  Information regarding the reporting requirement is available here. In determining which smaller breaches to investigate, the regional offices will consider the size of breach and sensitivity of PHI involved, theft or improper disposal of unencrypted PHI, breaches involving hacking, and situations where… Continue Reading