Disclosures for Specific Payment or Health Care Operations Purposes (§ 2.33)

Part 2 Records –  Specific Payment or Health Care Operations Purposes (§ 2.33) Special restrictions apply to health information that is restricted under SAMHSA rules.  These rules protect patient information involving substance and alcohol treatment in Federal programs.  SAMHSA requirements...

Failing to Perform an Electronic Access Risk Analysis Before and Unauthorized Access Occurs

OCR Settlement Lessons – No Risk Assessment Exposes Provider to Liability Failure to conduct a risk assessment before a hacking incident occurred resulted in a $400,000 settlement between OCR and a Federally Qualified Health Clinic.  The FQHC filed a breach report upon learning that its employee...

What Does the HIPPA Phase2 Audit Program Mean for Physicians?

HIPAA Audits of Physician Practices – Phase II Audits The HHS Office for Civil Rights (“OCR”) has Officially announced The commencement of its 2016 Phase 2 HIPAA Audit . In Phase 2, OCR Will be reviewing the policies and procedures of covered entities and their business associates. This phase of ...