AHIMA Practice Brief - Guidelines for a Compliant BAA 2016
The Privacy Rule now allows a BA to disclose PHI to their subcontractors when they enter into a BA agreement
with them. The BAs are responsible and liable to the CE for the activities of their subcontractors...
Can an Authorization be used together with other written instructions from the intended recipient of the information?
Answer: A transmittal or cover letter can be used to narrow or provide specifics about a request for protected...
What do the HIPAA Privacy and Security Rules require of covered entities when they dispose of
protected health information?
Answer: The HIPAA Privacy Rule requires that covered entities apply appropriate administrative, technical, and...
DOJ - 10 Critical Lessons for Compliance Officers from the New DOJ Evaluation Guidelines
The “Principles of Federal Prosecution of Business Organizations” in the Justice Manual describe specific factors that prosecutors should consider in conducting an investigation of a corporation, determining whether to bring charges, and negotiating plea or other agreements.
1. A provider might have a patient's medical record that contains older portions of a medical record that were
created by another previous provider. Will the HIPAA Privacy Rule permit a provider who is a covered entity to
disclose a complete medical record even though portions of the record were created by other providers?
Answer: Yes, the Privacy Rule permits a provider who...
Permitted Uses and Disclosures: Exchange for Health Care Operations
The Health Insurance Portability and Accountability Act (HIPAA) governs how Covered Entities (CEs)
protect and secure Protected Health Information (PHI). HIPAA also provides regulations that describe
the circumstances in which CEs are permitted, but not required, to use and disclose PHI for certain
activities without first obtaining an individual’s authorization: including for treatment and for health...
Click Here to Read >
Permitted Uses and Disclosures: Exchange for Treatment
This fact sheet provides examples of exchange between or among health care providers (hereafter
“providers”) for treatment. There is a companion fact sheet that provides other examples of exchange
for the health care operations of the discloser or of the recipient of the PHI that is exchanged.
Permitted Uses and Disclosures: Exchange for Public Health Activities
Scenario 1: Exchange for Reporting of Disease Healthy Hospital is located in the City of Sunshine, which has had a recent increase in the number of confirmed cases of the Zika virus. The U.S. Centers for Disease Control and Prevention (CDC), acting in its capacity as a public health authority and authorized by law to collect disease...
Uses and Disclosures of Protected Health Information for Research
The Cures Act requires the Secretary of the Department of Health and Human Services (HHS) to issue “Guidance Related to Streamlining Authorizations” under HIPAA for uses and disclosures of protected health information (PHI) for research.1,2 Specifically, the guidance must clarify:
Psychotherapy notes are defined as notes recorded by a mental health professional documenting or analyzing the contents of a conversation during a private counseling session or a group, joint, or family counseling session...
Cyber Attack Checklist - Office for Civil Rights (OCR)
Has your entity just experienced a ransomware attack or other cyber-related security incident, and you
are wondering what to do now? This guide explains, in brief, the steps for a HIPAA covered entity or
its business associate (the entity) to take in response to a cyber-related security incident.
The nation’s health care system is part of the national infrastructure that has increasingly come under attack from cyber threats. One of the keys to combatting these cyber threats is for the government, the private sector, and international network defense communities to collaborate and share information.