Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: What does HIPAA really mean?

  1. #11
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    I'm not here to make things "easy"...

    I'm a Brit to the core... swore my allegance to "Her Majesty Queen Elizabeth the Second, her Heirs and Successors" and will always maintain that... But having lived in the good ole US of A for 17 years I'm starting to get the hang of it...

    So... Back to HIPAA...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  2. #12
    AO's Resident Redneck The Texan's Avatar
    Join Date
    Aug 2003
    Location
    Texas
    Posts
    1,539
    im sorry I hijacked the thread... now I can rest easy knowing your political alliances lol

    Tiger, one more post and your at 5K. congrats my friend
    Git R Dun - Ty
    A tribe is wanted

  3. #13
    Senior Member
    Join Date
    Mar 2005
    Posts
    400
    TigerShark: You have to state you are HIPAA compliant and that's really it... The problem comes if you lose some PHI,
    Losing some PHI is only one aspect of this deal. There are other valid reasons to be audited other than losing info, of which I will relate further in this post.

    85 percent of my clients are oral surgeons, dentists and doctors, so I have to deal with HIPAA in many places where I work and it's not losing PHI that we are worried about as much as it is valid/invalid client complaints/concerns that reach the ears of the HIPAA authority.

    Seems everyone wants to sue someone, and since my clients look like the pot of gold they aren't, anybody with a trumped up complaint can attempt to bring down an inspection, if they know to whom to complain to loud enough.

    Anyways, here is a excerpt from 45 CFR parts 160 and 164 (enforcement) from the Department of Health and Human Services.

    The authority for administering and enforcing compliance with the Privacy Rule has been delegated to the HHS Office for Civil Rights (OCR). 65 FR 82381 (December 28, 2000). The authority for administering and enforcing compliance with the nonprivacy HIPAA rules has been delegated to the Centers for Medicare & Medicaid Services (CMS). 68 FR 60694 (October 23, 2003).
    At present, our compliance and enforcement activities are primarily complaint-based . Although our enforcement efforts are focused on investigating complaints, they may also include conducting compliance reviews to determine if a covered entity is in compliance. When potential violations come to our attention through a complaint or a compliance review, OCR or CMS’s Office of HIPAA Standards (OHS), as appropriate, attempts to resolve the matter informally. Many such matters are resolved at the initial stage of contact.


    Listed in this CFR are penalties per similar and unsimilar violations with total yearly penalties.
    ZT3000
    Beta tester of "0"s and "1"s"

  4. #14
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    //Thread hijack

    Tex~ you seem to know very little?

    I attach your proper flag, please correct your details accordingly...............

    "Just when you thought that the Northern War of Economic Aggession was over"

  5. #15
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Sorry, don't know how to do multiple attachments............if, indeed, it is possible?

    Send Tiger~ some blue lupin seeds?

    This one is politically correct they hope

  6. #16
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    it's not losing PHI that we are worried about as much as it is valid/invalid client complaints/concerns that reach the ears of the HIPAA authority
    ZT: Absolutely... Primarily the complaint is usually going to come from the client simply because, in the vast majority of cases the HIPAA compliant entity will be the last to know that data has gone "walkies". The fun thing about it though is the way the regulations are written. There is practically nothing said about how you must protect PHI - it's almost all left to the entity to determine what should be done - which could be a recipe for disaster given a Doctor with no computer knowledge and the ability to read the regs...
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #17
    Member ams2d's Avatar
    Join Date
    Aug 2001
    Location
    Indianapolis
    Posts
    58
    The company I work for has products in multiple countries and use Safe Harbor instead of HIPAA. From what I have experienced Safe Harbor is more stringent especially when it comes to personal data.

    My experience has been more directly with the data and when having to sending it to external companies for testing purposes. All of the personal information had to be removed (i.e. initials) or changed (i.e. birth date, study identifier and other certain dates which could link a person to a specific visit).

    When sending the data out I had to send it on a CD-R since they wouldn't allow it to be sent over an email (even over a secured connection). The data had to be in an encrypted zip file and the password was sent separately. Both were sent via Fed-Ex after it was approved by our Safe Harbor representative. This was done even with a confidentiality agreement with the companies in question.

    For internal use it didn't have to be as "scrambled" but there still was some level and again it had to be approved before it could be sent/used to the department.

    Like HIPAA the tech side isn't clearly defined and left to mainly open to interpretation by the company representatives.

    "Security. The Directive requires that "appropriate technical and organizational measures to protect data" against destruction, loss, alteration, or unauthorized disclosure or access be taken(Article 17)."

    Safe Harbor
    Wise men talk because they have something to say;
    fools, because they have to say something.
    Plato

  8. #18
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    **MOVED**

    I placed this thread in regulatory compliance.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  9. #19
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Smile

    Quote Originally Posted by securemedical View Post
    HIPAA email trial accounts are available at http://securemedical.net and http://mdemail.net
    I have approved this post, as it has relevance to the Topic and will enable people interested access to "trial accounts".

  10. #20
    Junior Member imp814u2's Avatar
    Join Date
    Jun 2013
    Location
    Chi town
    Posts
    4
    I worked with HIPAA in the healthcare industry, and everyone is really concerned because if any patient data becomes public, then the hospital, doctors and other can be fined or sued. Most people I worked with take HIPAA very seriously.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •