HIPAA Compliance for Medical Practices
69.7K views | +10 today
Follow
HIPAA Compliance for Medical Practices
HIPAA Compliance and HIPAA Risk management Articles, Tips and Updates for Medical Practices and Physicians
Your new post is loading...
Your new post is loading...
Scoop.it!

HIPAA Privacy Rule Can Be Tool for Health Information Exchange

HIPAA Privacy Rule Can Be Tool for Health Information Exchange | HIPAA Compliance for Medical Practices | Scoop.it

Rather than being a barrier to information sharing and interoperability, the HIPAA Privacy Rule can be seen as a tool to facilitate health information exchange and flow across the health ecosystem, argued OCR and ONC in an Aug. 30 blog post. 

 

The HIPAA Privacy Rule provides individuals with a right to access information in their medical and other health records maintained by a HIPAA covered entity, such as an individual’s healthcare provider or health plan, noted ONC Chief Privacy Officer Kathryn Marchesini and OCR Acting Deputy Director for Health Information Privacy Timothy Noonan.

 

The authors wrote that the 21st Century Cures Act, enacted in 2016, among other things called for greater individual access to information and interoperability of healthcare records. The act directed HHS to address information blocking and promote the trusted exchange of health information.

 

 

“Information blocking occurs when a person or entity – typically a health care provider, IT developer, or EHR vendor – knowingly and unreasonably interferes with the exchange and use of electronic health information,” ONC explained.

 

ONC and OCR recently began a campaign encouraging individuals to access and use copies of their healthcare records.

The two HHS offices are offering training for healthcare providers about the HIPAA right of access and have developed guidance to help consumers take more control of decisions regarding their health.

 

These guidelines include access guidance for professionals, HIPAA right of access training for healthcare providers, and the Get It. Check It. Use It. website for individuals.

The authors also noted that the HIPAA Privacy Rule supports the sharing of health information among healthcare providers, health plans, and those operating on their behalf, for treatment, payment, and healthcare operations. It also provides ways for transmitting health information to relatives involved in an individual’s care as well as for research, public health, and other important activities.

 

“To further promote the portability of health information, we encourage the development, refinement, and use of health information technology (health IT) to provide healthcare providers, health plans, and individuals and their personal representatives the ability to more rapidly access, exchange, and use health information electronically,” they commeted.

 

The Centers for Medicare & Medicaid Services (CMS) and the National Institutes for Health (NIH), along with the White House Office of American Innovation, are working to support the exchange of health information and encourage the sharing of health information electronically.

 

For example, CMS is calling on healthcare providers and health plans to share health information directly with patients, upon their request.

 

Also, NIH has established a research program to help improve healthcare for all individuals that will require the portability of health information.

 

The White House’s MyHealthEData initiative, which originated from President Donald Trump’s 2017 executive order to promote healthcare choice and competition, aims to break down the barriers preventing patients from having access to their health records.

 

The executive order directed government agencies to “improve access to and the quality of information that Americans need to make informed healthcare decisions.” The order is part of a broader effort to increase market competition in the healthcare market.

 

ONC developed a guide intended to educate individuals and caregivers about the value of online medical records as well as how to access and use their information. ONC also produced videos and fact sheets to inform individuals about their right to access their health information under HIPAA.

 

“It’s important that patients and their caregivers have access to their own health information so they can make decisions about their care and treatments,” said National Coordinator for Health Information Technology Don Rucker. “This guide will help answer some of the questions that patients may have when asking for their health information.”

 

The agency said that an individual’s ability to access and use health information electronically is a cornerstone of its efforts to increase patient engagement, improve health outcomes, and advance person-centered health.

 

ONC noted that the guide supports both the 21st Century Cures Act goal of improving patient access to their electronic health information and the MyHealthEData initiative.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

HIPAA Audit Survival Tips and Strategies

HIPAA Audit Survival Tips and Strategies | HIPAA Compliance for Medical Practices | Scoop.it

What to Do if You’re Contacted by OCR

When the Department of Health and Human Services (HHS) or the Office for Civil Rights (OCR) reaches out to health care organizations in response to a potential HIPAA investigation, auditors follow a very specific path toward contact, investigation, and resolution. Once a complaint is received and OCR has determined that it is legitimate, it will issue letters of notification to both the complainant and the recipient. These letters will outline a timeline for the investigation and will explicitly identify the investigating party as the OCR.

Once the investigation begins, OCR will collect and review documentation submitted by both parties. They may use any number of investigative methods including interviews and onsite visits to determine if there is sufficient evidence to support the allegations. Once again, OCR will send a letter explaining their findings. Resolutions will then vary depending on the outcome of their investigation.

HIPAA Audit Survival

HIPAA audit survival starts with keeping informed about OCR procedures. Knowledge is power. In this case, being aware and prepared is the best way to prepare your practice for a potential investigation. OCR will only contact you directly via a certified letter or email. Disreputable parties regularly attempt to lure unsuspecting practitioners into buying “certification” services that are fraudulent.

FACT: There is no certifying body for HIPAA compliance by any federal or private entity–any organization that claims otherwise is using misleading or potentially fraudulent language.

  1. Your best defence then is to keep in mind the above described process, and stop communicating with any party that suggests a deviation from the standard procedure outlined.
  2. Next, if you’re unsure if you’ve been contacted by a federal agency or not, ask the sender to confirm the identity of their organization, then verify them with a google search about their services
  3. If your organization receives an email or call from an entity claiming that you need to have a “Mandatory HIPAA Risk Assessment Review with A Certified HIPAA Compliance Adviser” be on full alert. This deviation from the official procedure described above will let you know that the caller is not providing a legitimate notice from a federal or state regulatory agency. Do not feel obligated to provide or share any of your information if you receive such notice.

To protect yourself, be leery of misleading language and marketing efforts targeted at health care professionals by such third party organisation. Some such advertising will occasionally try to leverage the threat of a federal offence to garner a sale of technology that isn’t legal. This type of fraud has become so widespread that OCR has responded to this unlawful conduct with a statement telling health care officials not to follow any of the links in the email. For more information on how to mitigate HIPAA breaches and fines, check out these upcoming HIPAA educational webinars brought to you by Telemental Health’s HIPAA compliance affiliate, the Compliance Group.

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com/tdr

more...
No comment yet.