It's a brave new world out there for business associates (BA). BAs needed to comply with the HIPAA Security Rule and the use and disclosure provisions of the Privacy Rule in February 2010 as a result of the HITECH Act. However, the OCR held off on any enforcement activities-that is, until recently.
The September 23 compliance deadline for most of the provisions of the HIPAA omnibus rule has come and gone. But for covered entities (CE) and business associates (BA), now is not the time to take your foot off the gas pedal.
Editor's note: With the increased specificity required for ICD-10-CM coding, coders need a solid foundation in anatomy and physiology. To help coders prepare for the upcoming transition, we will provide an occasional article about specific anatomical locations and body parts as part of a larger series for ICD-10-CM preparation.
During the January injections and infusions audio conference, Jugna Shah, MPH, president and founder of Nimitt Consulting in Washington, D.C., and Valerie A. Rinkle, MPA, associate director with Navigant Consulting in Seattle, reviewed these scenarios.
Q. My email remains encrypted until it is opened. I have received two requests-via email and certified letter-from the patient's parent requesting records be sent by email or mail. I know legally a person may request this, but we must provide this service when we can ensure that the person requesting is who he or she says he or she is. Does a certified letter with recognizable signature or email from a known email address of a parent qualify as verification of the parent's identity?
