HIPAA Privacy & 


AHIMA Practice Brief - Guidelines for a Compliant BAA 2016

The Privacy Rule now allows a BA to disclose PHI to their subcontractors when they enter into a BA agreement
with them. The BAs are responsible and liable to the CE for the activities of their subcontractors...

Click Here to Read > 

FAQ by OCR - Authorizations

Can an Authorization be used together with other written instructions from the intended recipient of the information?
Answer: A transmittal or cover letter can be used to narrow or provide specifics about a request for protected...

Click Here to Read > 

Disposal of PHI FAQ Artlcle

What do the HIPAA Privacy and Security Rules require of covered entities when they dispose of
protected health information?
Answer: The HIPAA Privacy Rule requires that covered entities apply appropriate administrative, technical, and...

Click Here to Read > 

DOJ - 10 Critical Lessons for Compliance Officers from the New DOJ Evaluation Guidelines

The “Principles of Federal Prosecution of Business Organizations” in the Justice Manual describe specific factors that prosecutors should consider in conducting an investigation of a corporation, determining whether to bring charges, and negotiating plea or other agreements.

Click Here to Read >  

FAQ by OCR - Minimum Necessary

1. A provider might have a patient's medical record that contains older portions of a medical record that were
created by another previous provider. Will the HIPAA Privacy Rule permit a provider who is a covered entity to
disclose a complete medical record even though portions of the record were created by other providers?
Answer: Yes, the Privacy Rule permits a provider who...

Click Here to Read >  

Permitted Uses and Disclosures: Exchange for Health Care Operations

The Health Insurance Portability and Accountability Act (HIPAA) governs how Covered Entities (CEs)
protect and secure Protected Health Information (PHI). HIPAA also provides regulations that describe
the circumstances in which CEs are permitted, but not required, to use and disclose PHI for certain
activities without first obtaining an individual’s authorization: including for treatment and for health...

Click Here to Read >  

Permitted Uses and Disclosures: Exchange for Treatment

This fact sheet provides examples of exchange between or among health care providers (hereafter
“providers”) for treatment. There is a companion fact sheet that provides other examples of exchange
for the health care operations of the discloser or of the recipient of the PHI that is exchanged.

Click Here to Read >  

Permitted Uses and Disclosures: Exchange for Public Health Activities

Scenario 1: Exchange for Reporting of Disease Healthy Hospital is located in the City of Sunshine, which has had a recent increase in the number of confirmed cases of the Zika virus. The U.S. Centers for Disease Control and Prevention (CDC), acting in its capacity as a public health authority and authorized by law to collect disease...

Click Here to Read >  

Uses and Disclosures of Protected Health Information for Research

The Cures Act requires the Secretary of the Department of Health and Human Services (HHS) to issue “Guidance Related to Streamlining Authorizations” under HIPAA for uses and disclosures of protected health information (PHI) for research.1,2 Specifically, the guidance must clarify:

Click Here to Read >  

Mental Health Records Defined

Psychotherapy notes are defined as notes recorded by a mental health professional documenting or analyzing the contents of a conversation during a private counseling session or a group, joint, or family counseling session...

Click Here to Read >  

Disclosure Procedures

and Incidences 

Cyber Attack Checklist - Office for Civil Rights (OCR)

Has your entity just experienced a ransomware attack or other cyber-related security incident, and you
are wondering what to do now? This guide explains, in brief, the steps for a HIPAA covered entity or
its business associate (the entity) to take in response to a cyber-related security incident.

Click Here to Read > 

Reporting Cyber Threats - OCR Article

The nation’s health care system is part of the national infrastructure that has increasingly come under attack from cyber threats. One of the keys to combatting these cyber threats is for the government, the private sector, and international network defense communities to collaborate and share information.

Click Here to Read >