Protect Patient Health Information - Updated March 2016
Conducting or reviewing a security risk analysis to meet the standards of Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule is included in the meaningful use requirements of the Medicare and Medicaid EHR Incentive Programs.
Guidance from the Office for Civil Rights
The Office for Civil Rights (OCR) has recently announced the release of a new set of FAQs that seeks to address whether business associates of a HIPAA covered entity may block or terminate access by the covered entity to the protected health information maintained by the business associate for or on behalf of the covered entity.
Overview and details for 2016 provided by the Office for Civil Rights
The HHS Office for Civil Rights has started its next phase of audits of covered entities and their business associates. The 2016 Phase 2 HIPAA Audit Program will review the policies and procedures adopted and employed by covered entities and their business associates to meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules.
An Article from Optum
This article from Optum provides a breakdown on Bring Your Own Device (BYOD) policy considerations based on the mix of devices your organization is trying to support, the size of your healthcare organization and implementation factors that may have an impact on success.
National and State-based examples and use cases
This guide provides examples and overviews of patient portal considerations for minors as it relates to Meaningful Use, HIPAA. state consent laws and associated policies. The articles and presentations included for download and linked to from related websites include use cases and examples from multiple states and national level guidelines.
2019 Updates on Methods for Successful Patient Text Messaging Strategies
This slide deck provides health centers with information and a presentation template overview of the HIPAA and electronic PHI risks related to texting and messaging that are important for health center leadership and IT managers to understand in making organizational decisions for these types of tools.
A use case example from the Arizona Health-e Connection and SAMHSA Consent2Share project
This is a recent presentation by the Substance Abuse and Mental Health Services Administration's Health IT effort that provides an overview of their Consent2Share project. Consent2Share is a tool for consent management and data segmentation that is designed to integrate within existing electronic health record (EHR) and Health Information Exchange (HIE) systems.
This overview is provided to health center leadership and staff to help them better understand new practices and technologies in the field that can assist in compliance with HIPAA 42 CFR Part 2 regulations when trying to participate in health information exchange activities.
A Stepwise Guide to Compliance
Fact Sheet outlining a three-step process to make sure you’re in compliance with HIPAA and if not, the steps that can be taken to make sure you are. This fact sheet also includes questions to ask potential business associates and things to keep in mind in case there is a breach.
A HITEQ Webinar in collaboration with the California Primary Care Association (CPCA)
This 2017 webinar explored the history and recent changes of 42 CFR Part 2, reviewed common definitions, and how the changes may affect integrated medication-assisted treatment (MAT) and Screening, Brief Intervention, and Referral to Treatment (SBIRT) programs, and discussion on LifeLong Medical Care’s experience.
Maintaining a Good Name in the Digital Era, from Wyoming Primary Care Association
A Health Center’s online reputation plays an ever-growing role in client satisfaction, as 6 out of 10 patients use online patient reviews before selecting a physician. This webinar and related handouts recommend three specific steps to managing your reputation online to improve patient engagement.