You are leaving Medscape Education
Cancel Continue
News & Perspective
Drugs & Diseases
CME & Education
Academy
Video
Decision Point

Specialty: Multispecialty
Allergy & Immunology
Anesthesiology
Business of Medicine
Cardiology
Critical Care
Dermatology
Diabetes & Endocrinology
Emergency Medicine
Family Medicine
Gastroenterology
General Surgery
Hematology - Oncology
HIV/AIDS
Hospital Medicine
Infectious Diseases
Internal Medicine
Multispecialty
Nephrology
Neurology
Ob/Gyn & Women's Health
Oncology
Ophthalmology
Orthopedics
Pathology & Lab Medicine
Pediatrics
Plastic Surgery
Psychiatry
Public Health
Pulmonary Medicine
Radiology
Rheumatology
Transplantation
Urology
Interprofessional
Shared Decision Making
Nurses
Pharmacists
Edition: English

Medscape

English
Deutsch
Español
Français
Português
UKNew

Univadis

Sign Up It's Free!
English Edition

Medscape

Univadis

    X
    Univadis from Medscape

    No Results

      Friday, March 24, 2023
      News & Perspective Drugs & Diseases CME & Education Academy Video Decision Point
      Log in to save activities Your saved activities will show here so that you can easily access them whenever you're ready. Log in here CME & Education Log in to keep track of your credits.
       
       

       

       

      CME

      Examining Compliance With the HIPAA Privacy Rule

      • Authors: Rachel Seeger, MA, MPA
      • CME Released: 6/27/2012; Reviewed and Renewed: 6/27/2013
      • THIS ACTIVITY HAS EXPIRED
      • Valid for credit through: 6/27/2014
      Start Activity

      Target Audience and Goal Statement

      This activity is intended for healthcare professionals who interact with protected health information.

      The goal of this activity is to provide a basic overview for clinicians and other healthcare professionals on the importance of compliance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and breach notification requirements. It is not meant to supplement or substitute training required under the Rule.

      Upon completion of this activity, participants will be able to:

      1. Identify responsibilities of covered entities and their business associates under the HIPAA Privacy Rule
      2. Develop strategies for assessing and maintaining a compliance program with the HIPAA Privacy Rule

      Disclosures

      As an organization accredited by the ACCME, Medscape, LLC, requires everyone who is in a position to control the content of an education activity to disclose all relevant financial relationships with any commercial interest. The ACCME defines "relevant financial relationships" as financial relationships in any amount, occurring within the past 12 months, including financial relationships of a spouse or life partner, that could create a conflict of interest.

      Medscape, LLC, encourages Authors to identify investigational products or off-label uses of products regulated by the US Food and Drug Administration, at first mention and where appropriate in the content.

      Author(s)

      • Rachel Seeger, MA, MPA

        Senior Health Information Privacy Outreach Specialist, Office for Civil Rights, U.S. Department of Health and Human Services, Washington, DC

        Disclosures

        Disclosure: Ms. Seeger has disclosed no relevant financial relationships.

        Ms. Seeger does not intend to discuss off-label uses of drugs, mechanical devices, biologics, or diagnostics approved by the FDA for use in the United States.

        Ms. Seeger does not intend to discuss investigational drugs, mechanical devices, biologics, or diagnostics not approved by the FDA for use in the United States.

      Editor(s)

      • Jane Lowers

        Group Scientific Director, Medscape, LLC

        Disclosures

        Disclosure: Jane Lowers has disclosed no relevant financial relationships.

      • Neil Chesanow

        Senior Clinical Editor, Medscape, LLC

        Disclosures

        Disclosure: Neil Chesanow has disclosed no relevant financial relationships.

      CME Reviewer(s)

      • Nafeez Zawahir, MD

        CME Clinical Director, Medscape, LLC

        Disclosures

        Disclosure: Nafeez Zawahir, MD, has disclosed no relevant financial relationships.

      Accreditation Statements

        For Physicians

      • Medscape, LLC is accredited by the Accreditation Council for Continuing Medical Education (ACCME) to provide continuing medical education for physicians.

        Medscape, LLC designates this enduring material for a maximum of 0.5 AMA PRA Category 1 Credit(s)™ . Physicians should claim only the credit commensurate with the extent of their participation in the activity.

        Medscape, LLC staff have disclosed that they have no relevant financial relationships.

        Contact This Provider

      For questions regarding the content of this activity, contact the accredited provider for this CME/CE activity noted above. For technical assistance, contact [email protected]

      Instructions for Participation and Credit

      There are no fees for participating in or receiving credit for this online educational activity. For information on applicability and acceptance of continuing education credit for this activity, please consult your professional licensing board.

      This activity is designed to be completed within the time designated on the title page; physicians should claim only those credits that reflect the time actually spent in the activity. To successfully earn credit, participants must complete the activity online during the valid credit period that is noted on the title page. To receive AMA PRA Category 1 Credit™, you must receive a minimum score of 70% on the post-test.

      Follow these steps to earn CME/CE credit*:

      1. Read the target audience, learning objectives, and author disclosures.
      2. Study the educational content online or printed out.
      3. Online, choose the best answer to each test question. To receive a certificate, you must receive a passing score as designated at the top of the test. We encourage you to complete the Activity Evaluation to provide feedback for future programming.

      You may now view or print the certificate from your CME/CE Tracker. You may print the certificate but you cannot alter it. Credits will be tallied in your CME/CE Tracker and archived for 6 years; at any point within this time period you can print out the tally as well as the certificates from the CME/CE Tracker.

      *The credit that you receive is based on your user profile.

      CME

      Examining Compliance With the HIPAA Privacy Rule

      processing....

      Getting Started on Developing a Culture of Compliance: Self-Audits

              I think a HIPAA privacy refresher course -- even though the rule has been in effect for 8 years -- is probably pretty wise, and it’s a good catapult to getting ready for the new and enhanced privacy regulations through HITECH. -- Tennant

      One method for ensuring your covered entity is in compliance is to regularly review your HIPAA compliance program. Conducting a self-audit of policies and procedures can help covered entities identify what may have changed in their organization since they were implemented and what steps may need to be taken to adapt to those changes. For example, perhaps your practice or staff has new employees who need training on HIPAA obligations.

               I kept everything relating to training on HIPAA privacy. If anyone ever came in and asked: 'What did you train on?,' I could supply the fact sheets and the date when they went out: 'These are the employees who had targeted privacy training; based on their jobs, these are the policies that applied to them; this is what the training was, and when it was delivered to them. ' If policies are updated, or if there was a significant change, staff would be retrained and we would document that.

      You don’t want to inundate people with emails, but we do a quarterly newsletter -- sometimes a tip of the month. As policies are updated or changed, we also target a specific group that may be affected, like business associates, so we don’t affect our entire workforce.       --Diana Warner, Director of Professional Practice at the American Health Information Management Association (AHIMA) and a former privacy officer for a large physician practice

      Look around your office. What has changed since you last developed your HIPAA training program and modified your policies and procedures? Have you purchased new equipment or software, such as an electronic health record? How do you go about applying physical and technical safeguarding to protected health information? Have you thought about all of the places where protected health information resides in your office, such as in your digital copiers and fax machines?

      In assessing your organization's current compliance status and steps that need to be taken, a simple self-audit may include examining:

      • Policies and Procedures: Identify current policies and operating procedures addressing Privacy Rule requirements, including medical record creation, maintenance, storage, moving, retrieval, release, and destruction, encryption, or both. Use version control and date any necessary revisions to your policies and procedures.
      • Training: Review your training program and documentation of when your employees took training on the Privacy Rule requirements and your policies and procedures. Review for any updates that should have taken place.
      • Tracking the Flow of Protected Health Information: Interview leadership and staff regarding your organization's practices related to the handling of protected health information, both internally and externally (uses and disclosures), such as medical management, billing, and patient accounts.
      • Patients’ Rights: Review your organization’s policies and procedures, as well as tracking mechanisms for the release of information for purposes not related to health care and patients’ receipt of your notice of privacy practices. Review a representative sampling of your organization’s policies and procedures, as well as tracking mechanisms.
      • Business Associate Agreements: Determine the number and types of BAAs with vendors and provider or managed care contracts or both, and any other contracts your organization has with persons or entities handling protected health information. Review a sample of signed BAAs on file to see whether they are up to date.
      • Other Potential Business Associates: Review and discuss the status of other entities that your organization may be involved with, but with which you do not currently have a BAA, to determine the necessity of entering into contracts with such entities.
      • Research (if relevant): For each of your research programs/departments, review IRB policies, procedures, and practices related to use and disclosure of health information, and review current forms used in such research.
      « Back
      Page 2 of 3
      Next
      CME Information
      • Print
      Find Us On
      About
      About Medscape Privacy Policy Editorial Policy Cookies Terms of Use Advertising Policy Help Center
      Membership
      Become a Member About You Professional Information Newsletters & Alerts Market Research
      App
      Medscape
      WebMD Network
      Medscape Live Events WebMD MedicineNet eMedicineHealth RxList WebMD Corporate Medscape UK
      Editions
      English Deutsch Español Français Português UK
      All material on this website is protected by copyright, Copyright © 1994-2023 by WebMD LLC. This website also contains material copyrighted by 3rd parties.