Why Us?

We know the law and we know the web.

We help companies safely and securely do business on the web.

HITECH / HIPAA Newsletter March 2014 Archive

 

HIPAA Compliance is a Team Sport:  Is your team Omnibus Rule ready?

 March 2014 Issue No.  51
In this Issue
Products now available in the HSG Store
HIPAA Accounting 4 Disclosures: Reading the Tea Leaves
HITECH Switch OnProducts now available in the HSG Store. 


HIPAA Breach Notification Framework 

Our HIPAA Breach Notification Framework walks you through the process of analyzing security incidents to determine what actions you must take to ensure your response complies with the HITECH Breach Notification requirements. The Framework discusses HITECH breach compliance in simple terms and uses twelve flowchart diagrams to help you navigate the process. It also includes tools and templates that help "jump start" your breach notification compliance initiative.

  

 Buy Now...  

  

 

Business Associate Agreement: a HITECH Ready Model Contract

Our model Business Associate Agreement includes provisions that meet the requirements of HIPAA/HITECH and is fully annotated with links to the relevant statutory/regulatory authority that underpins each Contract clause. The Contract package also includes a complete "User's Guide," with a clause-by-clause explanation of the issues addressed in the Contract. 

Buy Now...

The Security Rule Under HITECH:
a Business Associate Perspective
First Edition

The most important step for building a "good SR compliance story" is for the business associate to get started. The approach in The Security Rule Under HITECH is to build the story iteratively over time. Most business associates (large or small) will likely need help in creating the story. The framework discussed throughout this document provides a good road map to follow.

Buy Now...

HIPAA Core Training Combo

This package includes the Breach Notification Simplified Training Module, the HIPAA Privacy Rule under HITECH Training Module, the HIPAA Security Rule Under HITECH  Training Module and the HITECH and HIPAA Compliant  Training Module all in one Combo Package.  Buy all 4 for a little more than than the price of 3

 Buy Now...
Quick Links
Join Our Mailing List
Interested in staying current on HITECH / HIPAA compliance issues? Click the "join our list" link above and receive your own copy of the newsletter each month.

Other Resources
HIPAA Survival Guide Subscription Plan
HIPAA Survival Guide Subscription Plan

Cloud, Social Media, and Mobile Checklist Product Overview
Cloud, Social Media, and Mobile Checklist Product Overview
Business Associate Agreement Product Overview
Business Associate Agreement Product Overview
HIPAA / HITECH Core Training Product Overview
HIPAA / HITECH Core Training Product Overview
Privacy Rule Checklist Product Overview
Privacy Rule Checklist Product Overview
Breach Notification Framework Product Overview
Breach Notification Framework Product Overview

HSG Logo 
 
Dear Carlos,

Welcome to our March 2014 HIPAA Compliance Newsletter.  

   

Our article this month is entitled: HIPAA Accounting 4 Disclosures: Reading the Tea Leaves

 

This article discusses a HITECH Act compliance ticking time bomb known as "Accounting of Disclosures" of PHI and that we prefer to call "Accounting for Disclosures"  of PHI or "A4D" for short. Specifically, this article focuses on the "As Is" state of A4D as embodied in Privacy Rule section 164.528 and the implications of HITECH Act section 13405(c) on HHS' proposed A4D rule. HHS' proposed rule has been hotly debated and is long past due in its final form.

 

Announcing AMA Fridays!

 

Ask Me (Carlos Leyva) Anything ("AMA") Fridays is a one half hour "Radio Show" held EACH Friday at 3:00 EST where attendees are free to ask Carlos anything HIPAA/HITECH related. 
 
In addition, a mini-topic will be presented to help jumpstart the conversation. However all HIPAA / HITECH questions will be fielded.
 
The Registration URL for AMA Fridays can ALWAYS be found here (Newsletters & Announcements page on the HSG Store). 
 
To Register for this Friday's AMA webinar click  here.
 
Scroll down to see our Webinar Announcement after the video.

  

HIPAA Survival Guide Subscription Plan
HIPAA Survival Guide Subscription Plan

 


HIPAA Accounting 4 Disclosures: Reading the Tea Leaves

 

Webinar Description

 

This webinar will review the "As Is" state of "Accounting for Disclosures" and how the HITECH Act modified it. It will also review the implications of HHS' Proposed Accounting Rule, which has been widely debated.

 

Date/Time

 

Thursday, March 13, 2014 2:00 PM - 3:30 PM EDT

 

Get this event on your calendar! 

Registration
 
Click here to register.
HSG Announcements
Webtones PointerIn addition to our commercial-off-the-shelf training products, we now offer training customized for your organization through our partnership with the Digital Business Law Group. We recognize that some organizations, including business associates, have a need for HIPAA / HITECH training tailored to their specific needs (click here or on the image below to get more information).
 
HIPAA Training  

 

Join the Conversation
The HIPAA Survival Group on LinkedIn continues to be the go to place for meaningful discussion of HITECH / HIPAA issues. You will find many industry thought leaders and insiders sharing their views on the evolving compliance landscape. 

Stay Connected
Want to stay updated throughout the month? Follow Carlos on Twitter by clicking on the badge below.  If you would like to read more regarding the authors' views on HIT and compliance click here and here and subscribe to their blogs.  
Twitter

Become a Fan
Follow us on FaceBook by becoming a fan of the HIPAA Survival Guide. Also, be sure to check out our HITECH Videos.



Main_Article 

HIPAA Accounting 4 Disclosures: Reading the Tea Leaves  

 
Webtones Pointer This article discusses a HITECH Act compliance ticking time bomb known as "Accounting of Disclosures" of PHI and that we prefer to call "Accounting for Disclosures"  of PHI or "A4D" for short. Specifically, this article focuses on the "As Is" state of A4D as embodied in Privacy Rule section 164.528 and the implications of HITECH Act section 13405(c) on HHS' proposed A4D rule. HHS' proposed rule has been hotly debated and is long past due in its final form.
 

HITECH / HIPAA NewsletterThe "As Is" Rule?

 

The current rule reads in part as follows:

 

§164.528 Accounting of disclosures of PHI. 
 
(a) Standard: Right to an accounting of disclosures of protected health information


(1) An individual has a right to receive an accounting of disclosures of PHI made by a CE in the six years prior to the date on which the accounting is requested, except for disclosures (paraphrasing): for TPO; regarding PHI about the individual; incident to; etc.

 

In short, the current rule provides a right to an accounting except for a long list of exceptions. But what exactly is an accounting? Well as the word "accounting" suggests it means providing the patient information about all instances where his/her PHI has been disclosed to third party regardless of what information system's audit log contains it. Moreover, the accounting requires that certain specific information regarding the disclosure be provided for each separate instance. The definition of "disclosure" is as follows:

 

Disclosure: "means the release, transfer, provision of access to, or divulging in any manner of information outside the entity holding the information." 

 

Notice that the definition itself does not address the issue of what entities outside the organization are included or excluded in the A4D. That is addressed in 164.528(a)(1) as discussed above. 

 

Key Contract SectionsHITECH ACT 13405(c)? 

 

HITECH Act section 13405(c) changed 164.528(a)(1) in some important ways. This section states in relevant part as follows:

 

(c) Accounting of Certain Protected Health Information Disclosures Required if Covered Entity Uses Electronic Health Record.-

 

''(1) In General.-In applying section 164.528 of title 45, Code of Federal Regulations, in the case that a covered entity uses or maintains an electronic health record with respect to protected health information-

 

''(A) the exception under paragraph (a)(1)(i) of such section shall not apply to disclosures through an electronic health record made by such entity of such information; and

 

''(B) an individual shall have a right to receive an accounting of disclosures described in such paragraph of such information made by such covered entity during only the three years prior to the date on which the accounting is requested.

 

In essence what the HITECH Act does is remove the TPO (i.e. treatment, payment, and operations) exception from the A4D and reduces the time frame of disclosures available from six years down to three, but only where the CE is using an EHR.  

 

Because TPO disclosures make up the lion's share of disclosures, this change dramatically increases the potential number of disclosures to be accounted for, together with the corresponding administrative burden. 

 

Read More...

About Us
HITECH Puzzles3Lions Publishing, Inc. is now the owner/operator of the HIPAA Survival Guide website and the official sponsor of this newsletter. Our mission is to bring you HITECH / HIPAA statutes and regulations in an easy to read and digestible format, products that help reduce the burden of compliance, and "news you can use" via our newsletter.

We take a partnering and collaborative approach to the marketplace. If you would like to see specific topics covered in this newsletter, or additional products, then please let us know.


Carlos Leyva, CEO
3Lions Publishing, Inc.
(800) 516-7903

 
 

Contact us today

CLICK HERE!