Category: HIPAA Information


Reminder: Join us for our 2017 Healthcare Transformation Survival Seminars

1st August

Join us as we travel across the Commonwealth to provide an in-depth look at the Medicare Access and CHIP Reauthorization Act (MACRA) legislation and the Quality Payment Program!

There are significant changes to physician payments that are now tied to quality and value. This event will prepare healthcare providers for the changes under MACRA and Value-Based Payment. We will explore: QPP Eligibility, QPP Reporting Metrics, Improvement Activities, ACI and Meaningful Use, HIPAA Requirements, and Quality Improvement.

Lunch will be provided!
This activity has been approved for AMA PRA Category 1 Credit™

Register Now
Dates/Locations

August 18, 2017 – London, KY
London Community Center
Room AB
529 S Main St
London, KY 40741
9:30AM – 3PM EST

September 14, 2017 – Georgetown, KY
Georgetown College
Banquet Hall
100 Crawford Drive
Georgetown, KY 40324
9:30AM – 3PM EST

September 28, 2017 – Paducah, KY
Baptist Health Paducah
Heart Center Auditorium
2501 Kentucky Avenue
Paducah, KY 42003
9:30AM – 3PM CST

October 5, 2017 – Ashland, KY
Ashland … Read More »


Agenda Announced for 2017 Healthcare Transformation Survival Seminars

11th July

This year’s 2017 Healthcare Transformation Survival Seminars will provide a heavy focus on Medicare Access and CHIP Reauthorization Act (MACRA) legislation and the Quality Payment Program.

The topics will include:

MACRA Quality Payment Program 2.0 Sessions: Preparing for QPP

Getting Ready for QPP – Who is Eligible?
How & What Should I Report for QPP?
Which Measures Should I Report for QPP?
Which Improvement Activities Are Right for Me?
How do I Meet the ACI Requirements?

Health IT Sessions:

How do I Handle Medicaid Meaningful Use?
What About Hospital Meaningful Use?
What Role Does HIE Play in MU & ACI?

How Do I Protect my IT Systems from Bad Guys?
How Do I Improve my Performance & QPP Score?

Lunch will be provided!
This activity has been approved for AMA PRA Category 1 Credit™

Register Now
Dates/Locations

August 18, 2017 – London, KY
London Community Center
Room AB
529 S Main St
London, KY 40741
9:30AM – 3PM EST

September 14, 2017 – Georgetown, … Read More »


Warning: Current International Ransomware Campaign

29th June

The U.S. government is aware of an international ransomware campaign that may be affecting Healthcare and Public Health Sector assets in addition to other Sectors. Please review the information below and share with colleagues.
You may send additional questions to cip@hhs.gov

HHS/ASPR Critical Infrastructure Protection Program:

If you are the victim of a ransomware attack
If your organization is the victim of a ransomware attack, HHS recommends the following steps:
1. Please contact your FBI Field Office Cyber Task Force or US Secret Service Electronic Crimes Task Force  immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
2. Please report cyber incidents to the US-CERT and FBI’s Internet Crime Complaint Center.
3. **NEW** If your facility experiences a suspected cyberattack affecting medical devices, … Read More »


Ransomware: Are You Protected?

15th May

On May 12, 2017 The Department for Homeland Security released the following report:

US-CERT has received multiple reports of WannaCry ransomware infections in several countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee access will be restored.

Can HIPAA compliance help covered entities and business associates prevent infections of malware, including ransomware?

Yes. The HIPAA Security Rule requires implementation of security measures that can help prevent the introduction of malware, including ransomware. Some of the required security measures include:

• implementing a security management process, which includes conducting a risk analysis to identify threats and vulnerabilities to electronic protected health information (ePHI) and implementing security measures to mitigate or remediate … Read More »


No Business Associates Agreement? $31K Mistake

Posted by kentuckyrec in HIPAA Information. No Comments

25th April

From the HHS Office of Civil Rights on April 20, 2017: No Business Associate Agreement? $31K Mistake

The Center for Children’s Digestive Health (CCDH) has paid the U.S. Department of Health and Human Services (HHS) $31,000 to settle potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule and agreed to implement a corrective action plan. CCDH is a small, for-profit health care provider with a pediatric subspecialty practice that operates its practice in seven clinic locations in Illinois.

In August 2015, the HHS Office for Civil Rights (OCR) initiated a compliance review of the Center for Children’s Digestive Health (CCDH) following an initiation of an investigation of a business associate, FileFax, Inc., which stored records containing protected health information (PHI) for CCDH. While CCDH began disclosing PHI to Filefax in 2003, neither party could produce a … Read More »