With high-profile shootings in the news lately, the Department of Health and Human Services is considering modifying HIPAA rules so it would be possible to take mental health evaluations and treatments into consideration as part of the background checks required of people seeking to purchase firearms. In other news, Congress is considering what should happen when personal health information is seized in an IRS raid.
Read all five stories in this week's HIPAAA Compliance News Roundup to find out the latest need-to-know HIPAA information.
HHS Seeks to Reduce Gun Violence Via Modifications to the HIPAA Privacy Rule from Lexology: “After receiving more than 2,000 comments to its April 2013 Advance Notice of Proposed Rulemaking, the Department of Health & Human Services has proposed to amend the HIPAA Privacy Rule to expressly permit certain covered entities to report to the National Instant Criminal Background Check System the identities of individuals who are prohibited by federal law, for mental health reasons, from possessing firearms.”
Details Emerge on IRS Raid that Drew HIPAA Lawsuit, Congressional Scrutiny from Modern Health Care: “A mysterious lawsuit filed against the Internal Revenue Service last year in a San Diego court is exploring the limits of government agents' ability to view Americans' personal health information in a financial-crimes case. Last year, an unidentified California managed-care company—since revealed as the Three Rivers Provider Network in Chula Vista, Calif.—sued the IRS, claiming that its agents illegally confiscated the health records of 10 million Americans and thousands of foreign citizens in March 2011. The lawsuit raised the ire of Congressional Republicans, who opened an investigation into how the IRS handles protected health information seized in criminal cases. Meanwhile, a federal judge has ruled that prosecutors can look for evidence in the 100 gigabytes of seized data, which includes the personal health information copied from Three Rivers' computers.”
The Silver Lining Of The NSA Scandal from ReadWrite: “Beyond hackers, a growing concern for companies is the risk of data exposure resulting from subpoena. Too often in cloud environments, the data owner will store the key in the cloud, alongside the encrypted data for easy access. This practice creates a sizable security risk because if a cloud or SaaS vendor is subpoenaed, they’ll be compelled to hand over your data. It also falls short of the security requirements needed to comply with HIPAA, PCI and most other data security regulations. Make sure the SaaS providers you work with offer data at-rest encryption and allow you to manage and even revoke the keys as necessary. It’s the best way to ensure data in the cloud remains actionable, while giving you ultimate control over who and what can access it.”
With Evolving Tech Mandates, Healthcare Providers Need Flexible, Secure Data Collection from Health Tech Zone: “Today, keeping patients’ Protected Health Information (PHI) secure is top-of-mind for every hospital and healthcare provider. Not only must PHI be safe from curious cyber crooks and natural disasters such as Hurricane Sandy, but also hospitals must keep it protected as they navigate government mandates like the HIPPA, HITECH and Affordable Care Acts, including their rules and regulations. Health systems strive to achieve the compliant, secure and efficient exchange of PHI to reduce their liability for violations of federal privacy rules, such as HIPAA regulations. Not only does the proper management of PHI disclosure minimize liability and financial risk to the healthcare organization, but also it leaves patients more satisfied because they recognize that the health system protects their most sensitive information.”
WEDI to Sebelius: You Need More ICD-10 Testing from Health Data Management: “The Workgroup for Electronic Data Interchange has sent a letter to Health and Human Services Secretary Kathleen Sebelius giving a variety of compelling reasons for the department to expand its ICD-10 testing before the Oct. 1, 2014, compliance date. ‘In the January 16, 2009 Federal Register (74 FR 3328), HHS published a final rule adopting the ICD-10-CM and ICD-10-PCS medical code sets as the HIPAA standards to replace the previously adopted ICD-9-CM medical code set for diagnosis and inpatient procedure coding. The compliance date established by the final rule was October 1, 2013. In the September 5, 2012 Federal Register the compliance date for this requirement was extended to October 1, 2014.’”
Logan Solutions uses a combination of clinical practice expertise and technological skill to help physician practices throughout the U.S. implement, customize and improve their EMR and Dragon Medical software systems. Contact us to find out how our clinical-practice expertise can help your practice with its clinical documentation software needs.