OCR Frequently Asked Questions Page

The Office for Civil Rights has published on its website an "FAQ" page where it responds to submitted HIPAA Privacy and Security questions. These responses provide excellent insight into how OCR would evaluate specific scenarios.

The Health Insurance Portability and Accountability Act of 1996 ("HIPAA") has changed the way healthcare organizations and providers consider patient privacy. Almost every patient is aware that HIPAA means that their medical records are protected from inappropriate uses and disclosures. How can you best protect your organization from a privacy or security breach?

JD HealthCare Partners, LLC has collaborated with DoctorsSafeguard.com, a FREE resource for physicians and other health care practitioners, to provide materials and resources for complying with HIPAA.

DoctorsSafeguard.com was developed to provide training and education to the medical community to help protect their practices from drug-seeking patients.

Due to the sensitive content of the training provided on DoctorsSafeguard.com, all subscription applications will be verified prior to activation.

Helpful Links:

The following are helpful links to information to assist with your HIPAA Privacy and Security efforts:

OCR HIPAA Privacy and Security Audit Protocol

The Office for Civil Rights has published its audit protocol that was used to evaluate HIPAA Privacy and Security programs during its pilot audit program of 2011 and 2012. This audit protocol is extremely helpful for evaluating an organization's HIPAA readiness.

HIPAA Privacy and Security

Experience Counts

Privacy and Security Policy Development

The HIPAA Privacy and Security regulations require covered entities to develop policies and procedures specific to the organization's risk and to guide employees in mitigating the risk. JD HealthCare Partners, LLC has worked with healthcare organizations to develop comprehensive policies and procedures that are customized to the business operations of each covered entity.

Risk Assessments

Risk assessments are required under the HIPAA Security regulations, but what is required? Each covered entity should identify its areas of risk in the context of HIPAA Security, specifically, how does the identified risk impact: (1) The confidentiality of the ePHI, (2) The integrity of the ePHI, and (3) The availability of the ePHI.

See our RESOURCES page under "HIPAA Privacy and Security" for free downloadable risk assessment template and example that you can use to document your risk assessment process.

Business Associates

Determining who is a business associate and ensuring that a signed business associate agreement is in place is a requirement under HIPAA. However, under the Omnibus Rule, covered entities are obligated to obtain satisfactory assurance that business associates have agreements in place with subcontractors who use, disclose, or maintain protected health information (PHI) to protect of the covered entity. What counts as satisfactory assurance? How does a covered entity document this?

JD HealthCare Partners, LLC has experience as a business associate, and as compliance officers working with business associates. to provide sound guidance to ensure compliance. We have developed a business associate template for covered entities to use to document satisfactory assurances from business associates. The document is available of free on our RESOURCES page under "HIPAA Privacy and Security".

Privacy and Security Training

As frequent national presenters on HIPAA Privacy and Security, JD HealthCare Partners, LLC has developed several HIPAA training programs for all types of audiences. This expertise has been successfully leveraged by healthcare organizations across the United States.

Breach Reporting

It is a bad feeling knowing that your PHI has been used or disclosed inappropriately. The clock is ticking, but how do you know what to report, when, and to whom? JD HealthCare Partners, LLC has worked with healthcare organizations and the Office for Civil Rights as consultants and compliance officers in addressing breach reporting situations. Now, that expertise is available for your organization.

Meaningful Use Audits

Implementing an electronic medical record is a significant investment and one that includes reimbursement from the Federal government if certain objectives are achieved. Knowing how to properly document that those objectives are met can be the difference between success and failure when it comes to meaningful use incentive payments. JD HealthCare Partners, LLC is your resource for evaluating and documenting proper meaningful use.

JD HealthCare Partners, LLC has worked with several healthcare organizations and providers to enhance their privacy and security compliance. In addition, our professionals lecture nationally on HIPAA Privacy and Security topics and are experts at helping organizations comply with the requirements of HIPAA, the HITECH amendments, and the HIPAA Omnibus Rule. Specific areas of expertise include:

Redline Version of the HIPAA/HITECH Final Rule

Theodore Kobus III from Baker Hostetler has posted a Redline Version of the HIPAA / HITECH Final Rule. This is a fantastic resource for comparing versions of the rule and to ensure compliance with the most recent requirements.