HRSA HIPAA contacts
Jessica Townsend
Senior Staff Fellow
Office of Planning and Evaluation
301 443-0371 - Phone
jtownsend@hrsa.hhs.gov
Michael Kogan
Office of Data and Information Management
Maternal and Child Health Bureau
301 443-8041 – phone
mkogan@hrsa.hhs.gov
Forrest W. Calico, MD, MPH
Health Systems Advisor
Office of Rural Health Policy
301 443-0614 – phone
fcalico@hrsa.hhs.gov
Sandra Karen
Division of Knowledge Management
Office of Information Technology
301 443 -4138 - phone
skaren@hrsa.hhs.gov
Shannon Dunne Faltens
Public Health Analyst
DHHS/HRSA/Bureau of Primary Health Care
Office of Program & Policy Development
SFaltens@hrsa.hhs.gov
[Top]
HIPAA
Overviews and Updates
Here is a document that will help the writer of a Notice
of Privacy Practices create a notice that does not require
a high literacy level. The document describes principles for writing
plain English, clear layout, and presentation. It also suggests
some easily understandable words and phrases that can be used.
HIPAA Security Standards Final Rule Published - The final
Rule adopting HIPAA standards for the security of electronic health
information was published in the Federal Register on February
20, 2003. This final rule specifies a series of administrative,
technical, and physical security procedures for covered entities
to use to assure the confidentiality of electronic protected health
information. The standards are delineated into either required
or addressable implementation specifications. Click
here to view the Final Rule (PDF 914K).
For a brief discussion of the Security Rule and ways in which
it dovetails with the Privacy Rule click on the link below
http://www.aishealth.com/ManagedCare/Alerts/mmm3-4.html
Are you a covered entity under HIPAA? To find out use
the decision tools put out by CMS http://www.cms.gov/hipaa/hipaa2/support/tools/decisionsupport/default.asp
For new Frequently Asked Questions and
facts about the modifications to the Privacy rule, use the link
below http://hhs.gov/ocr/hipaa/whatsnew.html
http://www.hhs.gov/ocr/hipaa/
-- This site gives the Final Modifications to the Privacy Rule
published in the Federal Register, on August 14, 2002. Also included
is a DHHS press release, and a fact sheet.
http://aspe.hhs.gov/admnsimp
-- Good starting point for access to HIPAA documentation submitted
to or by the government. This
Administrative Simplification site offers calendars, proposed
rules, implementation timetables, news, meeting minutes, full
text regulatory documents and FAQs on HIPAA.
It also has published the public comments to proposed HIPAA
regulations.
http://hhs.gov/ocr/hipaa
-- The Office of Civil Rights (OCR) is the Departmental component
responsible for implementing and enforcing the privacy regulation.
Provides viewing of the Final Privacy
Regulation in various formats and policy guidance.
http://cms.hhs.gov/hipaa
-- Centers for Medicare and Medicaid Services (formerly HCFA),
official HIPAA site. Provides
general information on Administrative Simplification, the Transactions
and Code Sets and HIPAA related information on Medicare and Medicaid.
CMS has compiled a useful guide to the HIPAA
resources that it has developed for its web page ....... (Word
Document 680K)
http://snip.wedi.org/public/articles/index.cfm?cat=9
(Not a Federal Government Site) -- This site was developed by
the Workgroup for Electronic Data Interchange-- Strategic National
Implementation Process. Succinct summary of the various parts of HIPAA.
http://www.samhsa.gov/hipaa/index.html
-- This site was developed by the Substance Abuse and Mental Health
Administration to provide information and assistance to grantees. In addition to providing an overview of HIPAA
it addresses some issues of importance to substance abuse and
mental health providers.
[Top]
HRSA Bureaus and Offices
http://bphc.hrsa.gov:80/hipaa/
-- Bureau of Primary Health Care. Site includes an example of a HIPAA specific
Risk Assessment Plan for Community Health Centers and what health
centers need to know about Transactions and Code Set Standards.
http://telehealth.hrsa.gov/pubs/hipaa.htm
-- Privacy Rule discussion and section section
on how HIPAA may affect Telemedicine providers.
http://regions.hrsa.gov/atlantafield/hippa.htm
-- Useful links assembled by the Southeast Regional Office
[Top]
Compliance
http://hhs.gov/ocr/hipaa/contractprov.html
Sample Business Associate Contract Provisions from OCR.
www.hhs.gov/ocr/hipaa/finalmaster.html
-- OCR is responsible for enforcement of the privacy rule. Here is an excellent overview. Uses an easy to follow question and answer format
for providing guidance. Answers the “who, what, when…” of compliance issues.
http://sharpworkgroup.com/index.html
(Not a Federal Government Site) --
Southern HIPAA Administrative Regional Process. All-volunteer workgroup. Focused on regional coordination
for successful HIPAA compliance for all stakeholders in the southern
regional healthcare industry.
They have useful links and information on transactions,
code sets, identifiers and implementation assistance.
http://www.ama-assn.org/ama/pub/category/6438.html
(Not a Federal Government Site) -- AMA site. Guides the reader through
a compliance process. Physicians
are the target audience, but useful for clinics and others provider
groups.
http://www.hipaadvisory.com/regs/index.htm
(Not a Federal Government Site) -- Commercial resource sponsored
by Phoenix Health Systems. Site
has many useful links on compliance countdowns, privacy, tools
and commercial products. Daily updates on wide range of HIPAA issues.
www.nchica.org
(Not a Federal Government Site) -- The North Carolina
Healthcare Information and Communications Alliance. This site has HIPAA information including tools
(checklists, how to get started etc.) white papers, FAQs and resource
links. It also provides a job description for Privacy
Officer.
[Top]
Toolkits
and Checklists
www.afehct.org/securityeval.html
(Not a Federal Government Site) -- A self-evaluation checklist
offered to help entities in evaluating their compliance with HIPAA
security requirements.
http://snip.wedi.org/public/articles/index.cfm?Cat=17 (Not a Federal Government Site) -- Security
and Privacy White Papers developed by the Workgroup for Electronic
Data Interchange—Strategic National Implementation Process. Detailed discussion of implementation of privacy
and security provisions including immediate and longer terms steps
to take..
www.hipaadvisory.com/action/HIPAAssessment.htm
(Not a Federal Government Site) -- Recommends achieving senior
management buy-in as a first step to HIPAA implementation.
Site has risk assessments and evaluation checklists.
http://www.wpc-edi.com/hipaa/HIPAA_40.asp
(Not a Federal Government Site) -- Washington Publishing Company,
publisher of HIPAA implementation guides.
Guides may be purchased or downloaded for free in PDF format.
http://www.ama-assn.org/ama/pub/category/6698.html
(Not a Federal Government Site) -- AMA offers model forms: authorizations,
consent and Notice of Privacy Practices. Reproduction and use
of the forms by physicians and their staff is permitted. Any other
use, duplication or distribution of the forms by any other party requires the prior
written approval of the American Medical Association, Health Law
Department.
http://www.hospitalconnect.com/aha/key_issues/hipaa/index.html
(Not a Federal Government Site) -- Extensive
HIPAA information site. Offers model forms and documents, including
an Authorization Form and a Business Associate Agreement. Also provides discussions, articles, publications
and links.
Meetings, Conferences and Training Opportunities
www.sharpworkgroup.com/index.html
(Not a Federal Government Site) -- Lists various
conferences and meetings.
Public Health