To embed, copy and paste the code into your website or blog:
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) recently released an audit report on HIPAA compliance by 166 covered entities and 41 business associates during 2016-2017. The audits included detailed on-site reviews of entities’ documentation and implementation of HIPAA rules. The release of the report may foreshadow increased enforcement activities in 2021.
The audits revealed widespread and inexplicable failures to comply with basic HIPAA privacy and security rules, with most covered entities demonstrating full compliance in just two out of seven audited areas. Shockingly, the audit found that 98% of providers failed to provide appropriate content in their required Notices of Privacy Practices, despite the availability of templates on HHS’s website; 67% did not provide all of the required content and document adequate compliance with data breach notification requirements; and 89% di
Get Permission
The agency that enforces HIPAA has issued guidance to clarify how covered entities and business associates are permitted to make patient record disclosures for public health purposes to health information exchange organizations during the COVID-19 pandemic.
The Department of Health and Human Services’ Office for Civil Rights said its new guidance gives examples of how organizations may disclose protected health information without patient authorization to an HIE for reporting to a public health authority.
But as a matter of routine, covered entities’ notice of privacy practices must reveal that PHI may be shared for public health purposes if the need arises.
Friday, December 18, 2020
The Office for Civil Rights has proposed numerous changes to the HIPAA Privacy Rule
Among proposed changes are expanding an individual’s access to protected health information, eliminating the Notice of Privacy Practices acknowledgment, and giving more flexibility for several types of disclosures
The public has 60 days to submit comments; once a final rule is issued, policies and procedures must be modified and training must be issued to remain in compliance
Most of the proposed changes fall into three areas: 1) expanding an individual’s access to protected health information (PHI), 2) modifying Notice of Privacy Practices requirements, and 3) allowing more flexibility for disclosures about patients experiencing substance use and mental health disorders.