Need help with HIPAA?

Try these links first:

Consumers

• How do I file a HIPAA complaint or report a violation?
  • Health Information Privacy Complaint Form (PDF)
• What are my HIPAA Rights?
• Where can I go to Learn more about the HIPAA Law?
• What is the Agency that responds to HIPAA Privacy Complaints? Office of Civil Rights
  

Medical Professionals

• The Privacy Rule
• HIPAA Statute
• The Security Rule
• Transactions and Code Set Standards
• Identifier Standards
  • Employer Identifier Standard
  • National Provider Identifier Standard (NPI)

Can't find what you need? Join HIPAALive, Phoenix's online list server of HIPAA professionals.

Current HIPAA News

HealthTexas Provider Network, Part of Baylor Health Care System, Notifies Patients of Laptop Theft

HealthTexas Provider Network (HTPN), a wholly owned subsidiary of Baylor Health Care System, announced today that it is notifying certain patients about the recent theft of a laptop computer that contained a limited amount of their personal information.  A letter being sent to affected patients contains information about steps they can take to help protect their personal information.

Grady patients' medical records stolen Not many details known yet; FBI investigating

By CRAIG SCHNEIDER
The Atlanta Journal-Constitution
Published on: 07/25/08
The FBI is investigating the theft of medical records of patients at Grady Memorial Hospital, officials said Friday. Grady spokeswoman Denise Simpson provided few details on the thefts that were discovered late Thursday. She said it remains unknown how many patient records were stolen, which patients were affected or how the records were stolen.  The records pertained to recorded physician comments that Grady sent to a vendor to transcribe into medical notes. The records were stolen from a subcontractor employed by the vendor. The missing records were kept on computer files.

Saint Mary's warns patient database compromised

7:30 a.m. July 24, 2008
RENO, Nev. – Saint Mary's Regional Medical Center has sent letters to about 128,000 patients informing them their personal information may have been compromised. Officials say someone without authorization may have accessed a database that contained names, addresses and some Social Security numbers

OU-COM affiliate mistakenly releases personal information

7/25/2008
The Centers for Osteopathic Research and Education - which is affiliated with Ohio University - announced Thursday that it removed a Web document last week that inadvertently contained personal information of people who provided the centers with academic programming. CORE is an osteopathic medical education consortium comprising member teaching hospitals, clinical training sites and osteopathic medical schools. The Ohio University College of Osteopathic Medicine is the central academic member of CORE. According to a news release, CORE has identified the 492 presenters whose information was accidentally released and sent them information. They have been offered credit monitoring service for one year.

Security breach puts Greensboro Gynecology patients’ personal information at risk

By Ryan Seals, Staff Writer
Tuesday, July 15 ; updated 7:09 pm
GREENSBORO - Patients at a Greensboro doctor's office have been notified that their personal information - including Social Security numbers and addresses - was stolen in May.
In a letter mailed to patients, Greensboro Gynecology Associates said a backup tape of their computer database was stolen. The letter was dated June 16, but some letters weren't postmarked until July 9. The medical practice said a backup tape of patient information was stolen on May 29 from an employee who was taking the tape to an off-site storage facility for safekeeping. 

Vets Home server held personal data

By NORMAN DRAPER, Star Tribune
Last update: July 19, 2008 - 11:04 PM
A backup computer server stolen from the Minneapolis Veterans Home contained telephone numbers, addresses, next-of-kin information, dates of birth, Social Security numbers and some medical information, including diagnoses for the home's 336 residents, according to an official with the Minnesota Department of Veterans Affairs.
The burglars broke into the facility early last Sunday.

HHS Adds New Enforcement Data to its Web Site on HIPAA Privacy Compliance and Enforcement

May 9, 2008 - In response to continuing interest in HHS enforcement of the HIPAA Privacy Rule, the Office for Civil Rights today made available to the public additional information about these activities. OCR has added a new data section on its Compliance and Enforcement Web Site.  The public can now access enhanced information about several aspects of OCR’s health information enforcement program:

• Charts showing state-specific case investigation results;
• Calendar-year enforcement-results graphs and charts;
• Calendar-year graph showing complaint receipts;
• Yearly variation in the issues in cases resolved through corrective action.

These charts and graphs augment the Web Site’s comprehensive information about the Privacy Rule, which creates important federal rights and requirements to protect the privacy of personal health information. You may access the new OCR data section at: http://www.hhs.gov/ocr/privacy/enforcement/data.html.  The enhanced Compliance and Enforcement Web Site continues to provide information for consumers, health care providers, health plans, and others in the health care industry, and may be found at: http://www.hhs.gov/ocr/privacy/enforcement.

Prince of Wales Hospital announced an incident of loss of USB flash drive containing hospital files

A USB flash drive containing hospital files of Prince of Wales Hospital was lost in early May. The stored files contained personal data of patients, including name, ID number and laboratory test items. Hospital officials believe approximately 10,000 records might be involved. Police are currently investigating the matter. The Hospital Authority ( HA ) has been notified as well, through the Advanced Incidents Reporting System.

Hacker server contains thousands of sensitive business, healthcare files

Researchers at security vendor Finjan uncovered a server containing the sensitive email and Web-based data of thousands of people, including healthcare information, credit card numbers and business personnel documents and other sensitive data.
The server contained over 1.4GB of both email and web-based data. In all, the data consisted of more than 5,388 unique log files traced back to 5,878 distinct IP addresses

CMS to check hospitals for HIPAA security compliance;
Government Health IT (January 17, 2008)

The Centers for Medicare and Medicaid Services will begin on-site reviews of hospitals’ compliance with security rules mandated by the Health Insurance Portability and Accountability Act of 1996.

CMS officials said at a workshop on HIPAA security yesterday that they expect to review 10 to 20 hospitals in the next nine months

California breach disclosure law covers medical records:
SCMagazine, (January 7, 2008)

California has extended its widely copied data breach notification law to encompass incidents including electronic medical and health insurance information.