Free CME: Patients' right of access under HIPAA The U.S. Department of Health and Human Services Office for Civil Rights (OCR) has launched a new training module for providers on patients' right of access under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. With limited exceptions, the HIPAA Privacy Rule provides individuals with the right to see and receive copies upon request of the information in their medical and other health records maintained by their health care providers and health plans. The new module provides an in-depth review of the components of the HIPAA right of access and ways in which it enables individuals to be more involved in their own care. It also provides helpful suggestions about how health care providers can integrate aspects of the HIPAA right of access into their medical practices. The module is available via Medscape or at OCR's Training and Resources webpage. Physicians can receive 0.5 units of continuing medical education (CME) credit. For more information on the permitted uses and disclosures of protected health information under HIPAA as well as California law, see California Medical Association (CMA) On-Call document #4205, “Patient Access to Medical Records.” This and other documents in CMA's health law library are free to members at www.cmanet.org/cma-on-call. Nonmembers can purchase documents for $2 per page. For more CMA HIPAA resources, visit www.cmanet.org/hipaa. August 8, 2017 General Continuing Medical Education, CME, HIPAA, HIPAA Privacy Rule, Medical Records 0 0 Comment Read More »
Tip: Smartphones in the office To protect patient privacy, develop a written policy on camera and smartphone use in the office. Although there is no law prohibiting a patient from taking photos or using mobile technology in a physician office, many practices implement office policies so that it is clear to staff and to patients what is allowed in the office and under what circumstances. For more information, see “Ask the Expert: Smartphones in the Office” available free to members in CMA's online resource library. Trouble getting paid? We can help! CMA’s Center for Economic Services (CES) is staffed by a team of practice management experts with a combined experience of over 125 years in medical practice operations. Our goal is to empower physician practices by providing resources and guidance to improve the success of your practice. Access to our reimbursement experts is a FREE, members-only benefit. Call (800) 786-4262 or email economicservices@cmanet.org. November 7, 2016 General HIPAA Privacy Rule, Privacy, Tip of the Month 0 0 Comment Read More »
HHS begins second phase of HIPAA audits The second phase of audits for compliance with Health Insurance Portability and Accountability Act (HIPAA) regulations is underway. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) selected a total of 167 health plans, health care providers and health care clearinghouses to be audited. Selected physician practices would have received an email from OCR on July 11. The email may be incorrectly classified as spam, so check your spam and junk folders to make sure you didn't miss it. The 2016 phase 2 HIPAA audit program is a key part of OCR’s health information privacy, security and breach notification compliance activities. The audit program allows OCR to assess covered entity compliance with the HIPAA regulations. The phase 2 audit places more attention on areas of greater risk to the security of protected health information and on pervasive non-compliance, based on OCR’s phase 1 audit findings and observations, rather than a comprehensive review of all of the HIPAA standards. OCR said that physicians selected for audits should view them as a tool to identify best practices and discover risks and vulnerabilities, not as an enforcement activity. The ultimate goal of the audits, the agency said, is to help OCR provide better guidance to the health care community. If your practice has been selected for an audit, you will need to submit the requested documentation and any written comments demonstrating your compliance with the following HIPAA requirements to OCR by July 22. The final audit report will be completed within 30 days of your response and OCR will share a copy of the final report with you. For more information about the audit, click here. August 5, 2016 General HIPAA, HIPAA Privacy Rule, Audits 0 0 Comment Read More »
HHS modifies HIPAA Privacy Rule as part of executive actions to curb gun violence Last week, the Obama Administration unveiled a number of executive actions to address gun violence in the United States, including an amendment to the Health Insurance Portability and Accountability Act (HIPAA) that would make it easier for mental health providers to disclose the identities of individuals who are disqualified from shipping, transporting, possessing or receiving a firearm. Both the Brady Handgun Violence Prevention Act of 1993 and the Gun Control Act of 1968 prohibit gun ownership and gun sales to individuals that have been involuntarily committed to a mental institution for mental illness or drug use; found incompetent to stand trial or not guilty by reason of insanity; or otherwise determined by a court to be a danger to themselves or others or unable to manage their own affairs due to mental illness, incompetency, condition or disease. Up until now, however, the HIPAA Privacy Rule generally prohibited mental health providers and HIPAA covered entities from disclosing patient information to the National Instant Criminal Background Check System (NICS) – a system maintained by the Federal Bureau of Investigation (FBI) to conduct background checks on people who may be legally disqualified from owning firearms based on statutorily defined federal “mental health prohibitor” categories. Under this final rule, certain covered entities with lawful authority to make adjudications or commitment decisions that make individuals subject to the federal mental health prohibitor are permitted to disclose the information to NICS. The information that can be disclosed is limited to demographic and certain minimum necessary information needed for NICS to determine whether a potential firearm recipient is statutorily prohibited from possessing or receiving a firearm. According to the U.S. Department of Health and Human Services, the modification better enables the reporting of these individuals to the background check system, while continuing to strongly protect individuals’ privacy interests. It gives states improved flexibility to ensure accurate but limited information is reported to NICS. The new rule is narrowly tailored to preserve the patient-provider relationship and ensure that individuals are not discouraged from seeking voluntary treatment. This rule applies only to a small subset of HIPAA-covered entities that either make the mental health determinations that disqualify individuals from having a firearm or are designated by their states to report this information to NICS – and it allows such entities to report only limited identifying, non-clinical information to the NICS. The rule does not apply to most treating providers and does not allow reporting of diagnostic, clinical or other mental health treatment information. Click here to read the final rule. Contact: CMA's legal information line, (800) 786-4262 or legalinfo@cmanet.org. January 15, 2016 General Guns, HIPAA, HIPAA Privacy Rule, Mental Health, Public Health, CPLH 0 0 Comment Read More »
HHS announces new rule that gives patients direct access to lab test results Patients will soon be able to obtain their medical test results directly from the laboratory, rather than having to request a copy from their physician's office, according to a new rule announced Monday by the U.S. Department of Health and Human Services (HHS). The rule is part of a broader effort to give Americans more control over their health care. It supersedes state law and will have particular significance in 13 states that currently prohibit labs from releasing test results directly to patients. Current California law allows the release of lab results to patients if providers give approval. Although under the Health Insurance Portability and Accountability Act (HIPAA), physicians and other covered entities were already required to provide patients with copies of their protected health information (PHI) upon request, many laboratories were exempt from this requirement. “The right to access personal health information is a cornerstone of the [HIPAA] Privacy Rule,” said HHS Secretary Kathleen Sebelius. “Information like lab results can empower patients to track their health progress, make decisions with their health care professionals and adhere to important treatment plans.” While patients can continue to get access to their lab tests from their physicians, under the new rule, labs will be required to provide patients copies, including electronic copies, of their lab test results within 30 days of a request. The new rule becomes takes effect 60 days after publication in the Federal Register, which is expected to happen Thursday. HIPAA-covered labs will have 180 days from the effective date of the rule to comply. The final rule amends the Clinical Laboratory Improvement Amendments (CLIA) of 1988. Before the revisions, CLIA stipulated that labs could release test results to only three types of individuals: the person authorized under state law to order or receive results, typically a physician; the person responsible for using the test results for treatment; and a referring lab that requested the test. The final rule is available for review at www.federalregister.gov. February 7, 2014 General Diagnostic Testing, HIPAA, HIPAA Privacy Rule, Clinical Laboratories 0 0 Comment Read More »
