Health Care Privacy Compliance Handbook

  1. Copyright Page

    Health Care Privacy Compliance Handbook, 2nd edition  | December 2014 

    Health Care Privacy Compliance Handbook is published by the Health Care Compliance Association, Minneapolis, MN...

  2. Contributors

    Health Care Privacy Compliance Handbook, 2nd edition  | December 2014 

    HCCA would like to thank all who helped produce this book...

  3. 1 HIPAA Privacy and Security

    Health Care Privacy Compliance Handbook, 2nd edition  | Author: David B. Nelson  | December 2014 

    This chapter outlines what is probably the single most important set of regulations to impact the health care privacy professional. Every discipline, whether accounting, journalism or candle making, has one tool that forms the basis for all activities. The Health...

  4. 2 Breach Notification

    Health Care Privacy Compliance Handbook, 2nd edition  | Author: John Falcetano  | December 2014 

    The Health Information Technology for Economic and Clinical Health (HITECH) Act was enacted on February 17, 2009 as Title XIII of Division A and Title IV of Division B of the American Recovery and Reinvestment Act of 2009 (ARRA) (Pub. L. 111–5). On January 25, 2013, modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules under the HITECH Act and the Genetic Information Nondiscrimination Act were issued—commonly known as the Omnibus Rule...

  5. 3 Vendor Relations and Privacy

    Health Care Privacy Compliance Handbook, 2nd edition  | Author: David B. Nelson, CHRC, CHPC CISSP, CIPP/G  | December 2014 

    Vendors play a critical function in aiding health care entities to deliver services. The vast array of what vendors might supply ranges from vital services such as physicians, temp nurses, billing or research services right down to educational pamphlets, paperclips and jugs of water for coolers. The range of services, between relatively simple to extremely complex, is reflected in the portrayal of the business relationship...

  6. 4 Human Research Privacy

    Health Care Privacy Compliance Handbook, 2nd edition  | Authors: Rick King, Joan M. Podleski  | December 2014 

    This chapter provides an overview of the ethical guidelines and United States regulations governing the privacy and confidentiality of individually identifiable information in human subject research. The chapter is organized into three parts:...

  7. 5 Payor Privacy Issues

    Health Care Privacy Compliance Handbook, 2nd edition  | Author: Jennifer M. O'Brien  | December 2014 

    There are great challenges in managing privacy compliance risks for all health care businesses. In fact, data privacy and security are significant issues in virtually every deal or decision made by large and small health care companies across the nation. While the requirements of the privacy laws are typically the same regardless of whether the company operates as a hospital, clinic, health plan, or sells durable medical equipment, the challenges and risk differ...

  8. 6 Federal Education Rights and Protection Act

    Health Care Privacy Compliance Handbook, 2nd edition  | Author: David B. Nelson  | December 2014 

    The Federal Educational Rights and Privacy Act, FERPA, is obscure for most health care professionals, yet more and more services link to educational institutions. Often schools, and districts, contract for services related to health and mental health counseling. This contractual link may require that the privacy professional clearly define what information is covered by each regulation so both institutions may be compliant...

  9. 7 The Federal Privacy Act of 1974

    Health Care Privacy Compliance Handbook, 2nd edition  | Author: John Falcetano  | December 2014 

    The Privacy Act of 1974 was created in response to the government creating and using computer databases. There was concern that the use of the databases might infringe on an individual’s privacy rights. The Act requires the government to show any records kept on individuals to those individuals. In addition, the Act also places restrictions on how the government can share the information with other individuals and agencies...

  10. 8 42 Code of Federal Regulations, Part 2: Federally Assisted Alcohol Drug Records

    Health Care Privacy Compliance Handbook, 2nd edition  | Author: David B. Nelson  | December 2014 

    42 C.F.R. Part 2 (“Part 2”) was enacted in the 1970s to govern the confidentiality of alcohol and drug treatment and prevention information. The purpose of the regulations was to protect the privacy of information so that people would seek treatment and not be stigmatized by these services...

  11. 9 Auditing and Monitoring for Privacy in Health Care

    Health Care Privacy Compliance Handbook, 2nd edition  | Author: Sheryl Vacca  | December 2014 

    In designing the privacy risk-based auditing and monitoring activities, it is important to work closely with the organization’s senior leadership and the board, or committee of the board, to gain a clear understanding of auditing and monitoring expectations and how these activities can be leveraged together to help minimize and mitigate privacy risks for the organization. The organization’s compliance officer should be included as well to assure that applicable resources are leveraged and auditing and monitoring activities for privacy are not duplicated in the privacy and organization’s overall compliance plan. There may be other functions that might not be represented...