Jason Ryan

Jason Ryan

Thursday, 28 June 2018 12:02

If you see something, say something

Staff working on the ground sees everything; they are the ones likely to come across a problem that demands your attention. You need to have a reporting system established that the staff knows exists to ensure the issue will be communicated.

First, you must manage reporting systems for your agency. Create a process through which staff can submit reports either anonymously or by name. Have a system in place to ensure that once a potential breach has been communicated you have the tools ready to complete an investigation efficiently.

Remember! Review whistleblower reports regularly! Monitor to make sure investigations take place in a timely manner and are resolved.

Having a reporting system in place is only half the battle. You have to also make sure your staff:

Understands yourorganization's reporting system, and Does not fear retaliation for reporting.

Make the duty to report a part of your agency's culture. Promote awareness and understanding of the availability of whistleblower reporting and other resources your agency offers. Also promote your agency's non-retaliation policies. Make these policies known to staff in new-hire orientation and annual training, on your website, in staff memos and through other ways you communicate with staff.

Keep in mind! Communication is a two-way street. Creating a reporting system is meaningless if staff does not know to use it!

For more information, check out the section on Preventing Breaches on page 26 of the MyHIPAA Guide Compliance Manual. MyHIPAA Guide subscribers may access available templates for security incident reports and incident investigations under Appendix E of the Security Policies and Procedures template on Step 3 of the MyHIPAA Guide website.

Read about the first criminal charges under HIPAA law, in a commentary by MyHIPAA Guide Publisher Diane Evans, in the June 2016 issue of Compliance Today:

June2016 OpEd

Wednesday, 13 April 2016 08:17

Examples of Social Media Cases under HIPAA

Nurse gives up license after sharing image of patient's private parts in violation of HIPAA:

View Article

In March 2016, the federal government announced HIPAA audits had begin.  Even for a smaller practice, HIPAA fines and settlement amounts can be steep. Here is an example of a HIPAA settlement last September involving a group of radiology oncologists:

View Article


In a 2014 survey, the National Council of State Boards of Nursing (NCSBN) revealed that 48 percent of the responding Boards of Nursing (33) faced social medial challenges in violation of HIPAA.  Several reported images of patients begin shared on social media.  Click on the PDF befow to read more.

Learn more about social media as a HIPAA compliance concern

Join the MyHIPAA Guide forum discussion here.

Send us your questions via the forum, and we'll do the reporting to get answers.

Thursday, 03 March 2016 07:24


In this FAQ, CMS says it will not require providers or hospitals to submit documentation for any hardship category, and it will not review supporting documentation on a case-by-case basis.

CMS FAQs page

AHIMA survey results on errors in matching patients to their electronic health records:

Read the key findings

The Director of Infomatics at the University of South California points to patient risks as a result of duplicate records in Electronic Health Records systems:

Read more

Join the MyHIPAA Guide forum discussion here.

Send us your questions relating to HIPAA compliance requirements via the forum, and we'll do the reporting to get answers.

Here are Stage 2 requirements for Meaninful Use requirements under HIPAA, prior to the changes announced in October 2015.  Page 1 includes a definition of Clinical Decision Support.

Stage 2 requirements for Meaningful Use under HIPAA.

Join the MyHIPAA Guide forum discussion. Submit your questions on HIPAA compliance requirements.

Send us your questions via the forum, and we'll do the reporting to get answers.

Page 1 of 5

10 Step HIPAA Plan

  • Step 1: Make Sure you Must Comply with HIPAA +

    What's Inside:
    Lists of who is generally covered and who is not, plus contact for inquiries.
  • Step 2: Designate Team Leaders +

    What's Inside:
    • 7-page HIPAA basics
    • 62-page guide to security and privacy of ePHI
    • Compliance Charter Template
  • Step 3: Develop Security Policies & Procedures +

    What's Inside:
    Templates for Security Policies and Procedures
  • Step 4: Conduct a security risk analysis +

    What's Inside:
    • Guides
    • Short videos
    • Interactive quizzes on risk assessment and contingency preparation
    • 10 common myths

    Interactive tutorial – 156 questions with fill-able PDFs for Windows or iPad. All material from federal sources.
  • Step 5: Develop an action plan +

    What's Inside:
    • 11-page overview on ePHI for small practices
    • 4-page Q&A addresses email with patients
    • Checklists

    Toolkit on 45 implementation specifications
  • Step 6: Reduce Risks of a Breach +

    What's Inside:
    • Overview of expectations
    • Annual Work Plan Template
  • Step 7: Train the Team +

    What's Inside:
    • Form for reporting breach notification
    • Links to details on the notification process and what constitutes a breach.
    • Suite of Training Materials
  • Step 8: Customize Privacy Notices +

    What's Inside:
    FOR ALL:
    • Privacy notice templates to help achieve meaningful consent, in English & Spanish.

    • Professionals' guide covering 2013 updates on communications.

    • Electronic toolkit with patient education and meaningful consent sample materials.
  • Step 9: Execute Business Associate Agreements +

    What's Inside:
    • Sample Business Associate Agreement (BAA) provisions
    • Suite of BA Management Tools
  • Step 10: Verify Compliance with HIPAA +

    What's Inside:
    • Tip sheets
    • Short videos
    • Overviews

    • 94-page guide on the EHR incentive program
    • Beginners' toolkit on reporting to the government

    All from federal sources.
  • 1


Member Access