Health Information Technologies and Processes

Changes to HIPAA...Follow Up

  • 1.  Changes to HIPAA...Follow Up

    Posted 08-13-2020 09:24
    Last night I got my hands on an audio of the webinar I referred to yesterday.  After about 5 minutes...I had to get pencil and paper to keep track of the comments which were clearly (I mean black and white...not gray) inconsistent with the regulations.

    I did hear over 10 references to the "HIPAA updates" that require covered entities and business associates to do A, B, C, .....

    The good news...the information was incorrect.  Given the context of the webinar and what was covered...there are no actual changes to the HIPAA regulations that this webinar was referring to.  The downside is that there were probably some new folks to HIPAA that took this information at face value and are likely now under the false impression that some of their processes are "broken" to use a word from the webinar.

    I was also very curious to hear a statement that is circulating more and more in webinars related to the obligations of business associates and their requirement to comply with the HIPAA regulations.  I'm going to keep an eye on this one as I'm hearing it more and more and it is clearly wrong.

    OK...enough of that.  Thanks to the person from AHIMA that contacted me and led me to a copy of the audio.

    Frank Ruelas
    Compliance Professional
    Posted: 6:23 AM AZ time

  • 2.  RE: Changes to HIPAA...Follow Up

    Posted 08-13-2020 09:28

    Would it be worth sharing with others where this audio came from? My only concern is people listening to it and acting on it, when it is inaccurate information.  Just want to look out for my colleagues ��


    Becky Kilen, MS, RHIA, CHPS

    GHS Privacy Officer | Manager of Privacy



    1900 South Avenue | Mail Stop:  AVS-001

    La Crosse, WI  54601

    Phone:  (608) 775-3549 | Fax:  (608) 775-4706


    Privacy Office: (608) 775-7439 |





    This email message, including all attachments, is for the sole use of the intended recipient (s) and may contain confidential and privileged information. If you are not the intended recipient, you may NOT use, disclose, copy or disseminate this information. Please contact the sender by reply email immediately and destroy all copies of the original message including all attachments.


  • 3.  RE: Changes to HIPAA...Follow Up

    Posted 08-13-2020 09:41
    Edited by Frank Ruelas 08-13-2020 10:19
    I totally the same time, even though people understand my motives, I do not want to single out a particular vendor or service provider by name.

    However, as some sort of compromise, I will share a few items from my notes.  Also, much of what I'm listing is easily verifiable.  However, it is not uncommon for people to go to these information type webinars in the hope of not having to do their own research of the regulations.  This is certainly one example why some unnecessary confusion about HIPAA continues to exist.

    Business Associates are required by the HIPAA regulations to comply with all of the HIPAA rules.

    If there is any chance that a vendor in your facility may see PHI, you must have a business associate agreement in place.

    Under no circumstances can a Covered Entity disclose PHI to a Business Associate without a Business Associate Agreement in place

    The 60 day window for breach notifications begins after the Covered Entity renders a decision on whether an impermissible disclosure is a breach.

    The OCR is conducting its ongoing random audits in 2020 and failing one of these audits may result in Civil Monetary Penalties.

    Frank Ruelas
    Compliance Professional
    Posted: 6:41 AM AZ time