Conducting or reviewing a security risk analysis to meet the standards of Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule is included in the meaningful use requirements of the Medicare and Medicaid EHR Incentive Programs.

The Office for Civil Rights (OCR) has recently announced the release of a new set of FAQs that seeks to address whether business associates of a HIPAA covered entity may block or terminate access by the covered entity to the protected health information maintained by the business associate for or on behalf of the covered entity.

The HHS Office for Civil Rights has started its next phase of audits of covered entities and their business associates. The 2016 Phase 2 HIPAA Audit Program will review the policies and procedures adopted and employed by covered entities and their business associates to meet selected standards and implementation specifications of the Privacy, Security, and Breach Notification Rules. 

This article from Optum provides a breakdown on Bring Your Own Device (BYOD) policy considerations based on the mix of devices your organization is trying to support, the size of your healthcare organization and implementation factors that may have an impact on success.

This guide provides examples and overviews of patient portal considerations for minors as it relates to Meaningful Use, HIPAA. state consent laws and associated policies. The articles and presentations included for download and linked to from related websites include use cases and examples from multiple states and national level guidelines.

This slide deck provides health centers with information and a presentation template overview of the HIPAA and electronic PHI risks related to texting and messaging that are important for health center leadership and IT managers to understand in making organizational decisions for these types of tools.

This is a recent presentation by the Substance Abuse and Mental Health Services Administration's Health IT effort that provides an overview of their Consent2Share project. Consent2Share is a tool for consent management and data segmentation that is designed to integrate within existing electronic health record (EHR) and Health Information Exchange (HIE) systems.

This overview is provided to health center leadership and staff to help them better understand new practices and technologies in the field that can assist in compliance with HIPAA 42 CFR Part 2 regulations when trying to participate in health information exchange activities.

Fact Sheet outlining a three-step process to make sure you’re in compliance with HIPAA and if not, the steps that can be taken to make sure you are. This fact sheet also includes questions to ask potential business associates and things to keep in mind in case there is a breach.

This 2017 webinar explored the history and recent changes of 42 CFR Part 2, reviewed common definitions, and how the changes may affect integrated medication-assisted treatment (MAT) and Screening, Brief Intervention, and Referral to Treatment (SBIRT) programs, and discussion on LifeLong Medical Care’s experience.

A Health Center’s online reputation plays an ever-growing role in client satisfaction, as 6 out of 10 patients use online patient reviews before selecting a physician. This webinar and related handouts recommend three specific steps to managing your reputation online to improve patient engagement.