Home Page - About Us
Elected Officers & Appointees
Meet the Board
Committees
Message from the President
Regional Associations
News/Topics & Newsletter
Meetings & Events
CE Opportunities
Educational Opportunities
Coding - All Things Coding
Scholarship & Credential Exams
Careers - Job Bank
KHIE
ROI- RACs- Legal Guide-MyPHR
Membership & CoP-AHIMA Link
Volunteer Information
Links - Medical & Professional
Businesses & Services
FAQs - Contact Us
Site Map
Current News/Topics & FOCUS Newsletter


Meaningful Use                      ARRA

Health Information Privacy

Click on this link for more information on:  Submitting Notice of a Breach

Important:  All Breaches involving less than 500 people
must be reported by March 1, 2012.

The breach notification interim final rule requires covered entities to provide the Secretary with notice of breaches of unsecured protected health information (45 CFR 164.408).  The number of individuals affected by the breach determines when the notification must be submitted to the Secretary.  Please review the instructions in link above for submitting breach notifications.
 

In the News

Statewide News Release   

Kentucky Receives $600,000 Grant to Connect Behavioral Health, Primary Care Providers
 

FRANKFORT, Ky. (Jan. 31, 2012)  -  The Governor’s Office of Electronic Health Information (GOEHI) was recently awarded a $600,000 federal grant to improve health services for individuals with mental health or substance abuse conditions, the Cabinet for Health and Family Services (CHFS) announced today. Specifically, the grant will be used for the development of infrastructure to support the electronic exchange of health information among patients’ health care providers and the state’s community mental health centers.

Kentucky is one of five states to be awarded the funding, which comes from the Center for Integrated Health Solutions, a joint project of the Substance Abuse and Mental Health Services Administration and the Health Resources Services Administration.

“This is another confirmation of Kentucky's prominence in the area of health information exchange,” said CHFS Secretary Janie Miller. “We have made great strides in the nationwide effort to develop an electronic health network, a complex undertaking that involves the transport and sharing of information from many different types of systems. This funding will greatly enhance our efforts as we branch out into behavioral health.”

The Center for Integrated Health Solutions promotes the development of integrated primary and behavioral health services to better address the needs of individuals with mental health and substance abuse conditions. The recent grant awards will be used for the development of infrastructure supporting the exchange of health information among behavioral health and physical health providers.

“If we are truly going to address the needs of those with substance abuse and mental health conditions, we need access to our patients’ complete records, including their primary health history,” said Stephen Hall, commissioner of the Department of Behavioral Health, Developmental and Intellectual Disabilities. “This funding will help us more easily access that information so that we can better integrate services.”

Illinois, Maine, Oklahoma and Rhode Island also received the grant award.  “This funding will greatly benefit Kentucky’s community mental health centers, which will now be able to use the Kentucky Health Information Exchange to access records from patient’s primary care providers,” said Polly Mullins-Bentley, acting executive director of GOEHI . “This will lead to better record-keeping and tracking of patient history and, ultimately, the overall health of patients will be improved.”

Media Contact:
Beth Fisher or Gwenda Bond                         
(502) 564-6786, ext. 3101 and 3100

FOCUS Newsletter

October Hot Topic
Data for this article obtained through
 Annual Report to Congress on Breaches of Unsecured Protected Health Information;
AHIMA Practice Brief: Sanctions Guidelines for Privacy and Security Violations;
Betsy Hall presentation to RVHIMA;
Annual Report to Congress on HIPAA Privacy Rule and Security Rule Compliance.
Jennie Bryan, MBA, RHIA, CCS;
Corporate Director of Compliance and HIPAA Privacy 

Hot Topic:  HITECH-HIPAA

HIPAA (Health Insurance Portability and Accountability Act-1996) continues to be a challenge to the health care industry as well as the health information management profession. HITECH (Health Information Technology for Economic and Clinical Health Recovery and Reinvestment Act-2009) has served to increase the emphasis on HIPAA by adding further regulatory regulations.

Breach notification regulations (as required in HITECH) require healthcare providers, health plans, and other HIPAA covered entities to notify individuals when their health information is breached. Therefore, entities must have a process in place to investigate each disclosure and determine if it rises to the level of a breach. If a breach has occurred then the entity must notify the individual as well as report it to the appropriate federal agency.

When a breach involves more the 500 individuals not only does the entity have to notify the Department of Health and Human Services (HHS), they must also notify the news media. So, it becomes very public.

During a recent River Valley Health Information Management Association meeting, Betsy Hall, VP, Compliance and Privacy at Jewish Hospital and St. Mary’s HealthCare, Inc. reported the following Kentucky breaches of greater than 500 individuals: 
 

Entity # Breach Date Type Location
CumberlandGastroenterology 2,207 9-18-2010 Theft Paper
Green RiverHealth Dept 18, 871 1-12-2011 Hacking Network Server
Humana 2, 631 6-25-2010 Unauthorized Access/disclosure Paper
Jewish Hospital 2,089 7-16-2010 Theft Laptop
MedicalCenterat Bowling Green 5, 418 3-24-2010 Theft PED
Omnicare 8,845 1-19-2011 Theft Laptop
Our Lady of Peace 26, 600 3-31-2010 Theft/Loss PED
U of L Research Foundation 708 5-17-2010 Unauthorized Access/disclosure Hacking Network Server
UK 2,027 6-18-2010 Theft Laptop

 
Note: PED is portable electronic device.

In addition, HITECH requires the Secretary of the Department of Health and Human Services (HHS) to report yearly to Congress and the Senate. For September 23, 2009 to December 31, 2009 and calendar year 2010 there were 252 breaches involving 500 or more individuals. This totaled 7.8 million individuals. In addition, there have been more than 31,000 reports of breaches involving less than 500 individuals. The most common causes of a breach are: 

●Theft.
 
●Intentional unauthorized access to use, or disclosure of protected health information.

●Human error.
 
●Loss of electronic media or paper records containing protected health information.
 
●Improper disposal.

 
So, what can entities do to mitigate or prevent these breaches?
 
●Improve physical security by installing new security systems or by relocating equipment
or records to a more secure area.
          
●Adopt encryption technologies.
 
●Change passwords.
 
●Provide extensive training and retraining of employees that handle protected health
information.
 
●Revise policies and procedures.
 
●Impose sanctions on workforce members who violate policies and procedures regarding
protect health information including unauthorized access.
 
●Collaborate with others in health care (include those that are outside of compliance,
i.e. legal/outside counsel, computer forensics).