On Tuesday July 27^th, 2010 it was announced that drugstore giant Rite Aid had agreed to a $1 million settlement to atone for their HIPAA transgressions. The settlements apply to all of Rite Aid’s nearly 4,800 retail pharmacies and follow an extensive joint investigation by the HHS Office for Civil Rights (OCR) and the FTC.

The problems began for Rite Aid and its 40 affiliated entities – collectively known as RAC – when the television news media began producing video footage of various RAC employees in several cities across the country disposing of prescription bottles containing individuals’ identifiable information in industrial dumpsters that were accessible by the public – a huge HIPAA violation that one would have assumed a giant corporation would have known better than to ever risk.

In addition to the fines Rite Aid has had to forge agreements with both the OCR (Office for Civil Rights) and the FTC (Federal Trade Commission) who conducted the joint investigation as to the steps they have to take to ensure that such violations never occur again.

You can read the full press statement announcing the settlement here

HIPAA / EDI Healthcare QA Tester

Company:           TEKsystems

Location:              Chicago, IL

Salary:   $42.00 – $0.00 /hour

Position Type:   Full Time, Temporary/Contract/Project

Job Category:    Quality Assurance/Safety

This position is responsible for evaluating requirements for testing new or modified products and documentation prior to production release; designing, developing, creating, and executing test plans and cases based on software requirements and technical understanding of product architecture; executing various system, performance, integration, and ad-hoc tests according to approved test plans and testing schedule; troubleshooting, in conjunction with end users and development teams, on issues of reproducing, investigating and debugging software; generating defect reports for issues found during testing, and providing accurate testing status to project stakeholders; focusing on project quality issues, but also makes contributions beyond immediate assignments; possessing broad overall knowledge of business applications; working independently; managing multiple testing projects concurrently.

Read more about this position here

SENIOR BUSINESS ANALYST – HIPAA 5010 PROJECT

Location: New York, NY 10011

Employment Type: Full Time, Temporary/Contract/Project

Experience Required : 5+ to 7 Years

Strong Senior Business Analyst to begin work on our HIPAA 5010 implementation. The scope of work in the beginning of the engagement will be a GAP analysis of our current/future state for planning purposes, prior to beginning work on the actual requirements for the implementation itself.

Learn more about this job here

HIPAA RELEASE OF INFORMATION SPECIALIST

Verisma Systems, Inc.​

Rochester, NY 14642

Industries Healthcare Services

Job Type Full Time

Years of Experience 2+​ to 5 Years

Education Level  High School or equivalent

The ROIS is a vital position in our growing company (we have Distribution Centers in Colorado and New York serving customers in 16 states and the District of Columbia).

A great personality, tenacious concern for quality and detail are critical. You will use a computer and scanning equipment and our proprietary software to process requests for release of confidential patient information and will work onsite at our customer facility in Rochester, NY.  You will be part of a team tasked to provide superior service to this very important customer.

Read more about this position here

BUSINESS ANALYST (Medicaid and HIPAA)

Company: Infokons

Location: Nebraska

Position: Business Analyst (Medicaid and HIPAA)

Location: Nebraska

Duration: Long Term

This is with State of Nebraska. Candidates with prior experience working with State Clients would be preferred.

Job Description:Required:-Bachelor’s degree.-Three years experience (current within the last year) working with a Medicaid agency or commercial health/casualty insurance organization.-Must have five- (5) or more years experience in working with business clients and technical staff.-Must have five- (5) or more years experience working independently within guidelines and documenting program policy.-Must have experience conducting complex regulatory analysis.-Must have experience developing Medicaid business and organizational impact analysis.-Experience with Medicaid business processes.

Read more about this opportunity here

CLINICAL ADMINSTRIATIVE COORDINATOR

Company: UnitedHealth Group

Location: Wausau, WI

Position Description: * Assist with benefit and eligibility verifications * Appropriate referrals to Case Management staff * Perform data collection and quality monitoring activities as applicable * Document case information completely, accurately and in a timely manner * Demonstrate sensitivity to issues and show pro-active behavior in addressing customer needs * Enabling and supporting responsibilities include all activities associated with supporting processes within Utilization Management; this includes all non clinical functions * Provide ongoing support and education to team members * Optimize customer satisfaction, and positively impact productivity * Clinical Support Specialist will not conduct any evaluation or interpretation of clinical data and will be supervised by licensed physicians.

To learn more click here

Medical Record Technician

Company: United States Department of Veterans Affairs

Location: California

DUTIES: Assigns codes utilizing International Classification of Diseases, Clinical Modification (ICD-9-CM), Diagnostic and Statistical Manuel of Mental Disorders (DSM), Current Procedural Terminology (CPT) and Healthcare Common Procedure Coding System (HCPCS) to each diagnosis/procedure/operation listed in the encounter. Assists staff and reviews each recorded diagnosis and operation/procedure for accuracy, completeness and supportive documentation. Identifies diagnosis and procedures to determine proper Diagnostic Related Group (DRG) through proper sequencing of secondary diagnoses according to their impact on resource usage and provides correct code assignment for all outpatient visits/procedures to ensure proper reimbursement to the facility.

Click here to view the full job description

Compliance Officer

Company: Eastern Maine Healthcare System

Location: Brewer, ME

Compliance Officer Department: Compliance & Internal Audit Schedule: Regular Full-time Shift: Day Hours: 8-5 Hours per Week: 40 Job Details: * Under the direction of the Director of Compliance & Internal Audit, the selected candidate will help develop, implement, and maintain the EMHS Compliance Program to assure compliance with EMHS policies and procedures and all applicable federal and state health care laws and regulations, with a particular emphasis on HIPAA issues. The selected candidate will help prevent, detect, and resolve instances of conduct that do not conform to EMHS policies or federal and state laws and regulations. The selected candidate will provide service, assistance, and guidance to all departments within EMHS and all affiliates on compliance and HIPAA related issues

For more details about this job click here

HIPAA Security Compliance Expert

QSSI, Inc. Columbia MD

This is an opportunity to work as a full time employee delivering innovative solutions to key Healthcare organizations in managing HIPAA Privacy and Security Compliance.The candidate will lead the practice, develop processes and standards, manage operations and interface with the customers supervising the delivery of solutions to them.

Develop the process and procedures for HIPAA Privacy and Security assessment, Gap analyses and Corrective action plan (CAP).

Document and present CAP and create a detailed implementation plan

Interface with the clients during the various phases. This will involve interactions with Executive team, IT staff and others

Manage the active implementation of suggested recommendations by working with Technical teams

Learn more about this position here

X12 HIPAA Business Analysts

Diversified Services Network Springfield, IL 62706

We need a X12 hippa business analyst to fill a position in Springfield, IL. If qualified we will work with you on a w-2. The Job starts end of July.

The correct qualified person will refine requirements and document user requirements for the programming consultants working on HIPAA 2.

Read the full job description here

Technical Lead Application Development

Beacon Health Strategies – Boston, MA

The TLAD (Technical Lead Application Development) is responsible for analyzing, developing, and deploying software applications to meet Company and client requirements in a Visual basic, SQL server multi-tier environment.  This individual will analyze requirements for the design, development and implementation of application development projects, front-end applications used to support web, client/server and data warehousing requirements.  This individual will play an integral role within the development team, providing hands-on development, maintenance and implementation of EDI systems utilizing HIPAA transactions and other application development projects involving client-server, Internet and Intranet functionality.  This individual will have a high level of technical ability, good project management skills, and a full understanding of development lifecycles and formal methodologies.  This individual will lead application design and development activities for enterprise scale multi-tier applications using open industry standard technologies and participate in enterprise architecture strategy development and the implementation plan development and execution.  This individual will lead Web application design and development activities for enterprise scale multi-tier applications using open industry standard technologies and participate in enterprise architecture strategy development and the implementation plan development and execution.

Read more about this job here

The suit came about as a result of  Health Net’s loss of a hard drive containing over 500,000 individuals’ records including clinical data, social security numbers, addresses, and other financial information. According to Blumenthal, Healthnet then compounded the gaffe (which they chalked up to theft) by failing to inform those affected about what had occurred for over six months after the incident occurred.

Under the terms of the settlement Healthnet will be ordered to pay $250,000 directly to the state of Connecticut representing statutory damages (and to serve as a warning to other health insurance companies as well no doubt) They will also have to put aside a further $500,000 to cover damages should it eventually be found that the missing hard drive was accessed and that members personal information was ever used in an illegal manner. Guessing that there are still a lot of crossed fingers at Healthnet on that issue..

You can view the full settlement details here

Link: http://www.youtube.com/watch?v=6wRDorQ73Ng

HIPAA Christmas poem – Santa in the ER:

A Visit to the ER from St. Nick

Twas the night before surgery, and all ‘cross the floor

The patients were buzzing ’bout the guy in Room Four.

His chart was hung on his door with great care

To make sure his name was not shown anywhere.

The patients were nestled all snug in their beds

While telemetry monitors beeped overhead.

And I in my gown, with its crack in the back,

Had just settled down for my clear liquid snack.

When down the hall there arose such a clatter,

I sprang from my bed to see what was the matter.

I pulled off my leads and flew out the door,

With my IV pole dragging behind on the floor.

Away to Room Four I hurriedly dashed

Unaware of my gown and the nurses I flashed.

As I slid to a halt and leaned to peek in

I heard the nurse say, “Sir, you mustn’t go in!”

And what did I see when I looked in Bed A

But ole Mr. Claus; on his belly he lay.

Covered in gauze and stuck high in the air

Oh what a sight, ’twas St. Nick’s derriere!

He was yelling at Doris, the nurse at his side

To be tied to this bed, he just could not abide.

He moaned and he bellowed about his ill luck

But there was just nothing for it; the old man was stuck.

“What happened to Santa?” to Doris I said,

“Why’s he on his belly in this hospital bed?”

With a grin she whispered, “He did something stupid.

He injured his butt when he backed into Cupid.”

But the old man’s ears were sharp as tack.

He heard what she said there behind his back.

“You had no right to speak, and that is a fact!

Don’t you know about HIPAA, the privacy act?”

“You’re out of compliance, Doris, my dear.

You had no right to tell him ’bout my injured rear!

I’ll sue you for breach, and this hospital, too!

You won’t have a job when I’m through with you!”

“When I check my list and then check it twice,

You’ll be in the column labeled ‘Not Nice.’

The HIPAA patrol will likewise drop by

To find out why you, Doris, did not comply!”

“They’ll want to know why you opened your yap,

A big, hefty fine on your butt they will slap.

And from me every Christmas you will now see

Nothing but switches and coal ‘neath your tree.”

Merry Christmas and HIPAA New Year!

Once again we’ve brought you the best of the best.  From Monster.com, SimplyHired.com, MedicalWorkers.com and Dice.com, here are the top 10 HIPAA jobs as of October 29, 2009 nationwide.

1. Chief Privacy Administrator

2. HIPAA Specialist

3. HIPAA Business Analyst

4. Corporate HIPAA Compliance Manager

5. EDI Lead Developer

6. HIPAA Privacy Manager

7. Manager, Patient Relations

8. Lead Correspondence Clerk

9. HIPAA Auditor

10. Privacy Specialist

Here are the brief summaries and details of the jobs we’ve found for you:

Job Title: Chief Privacy Administrator

Company: Catholic Healthcare West (CHW)

Location: San Francisco, CA

Job description: The Chief Privacy Administrator is appointed by the CHW Board to direct the organization’s activities related to development, implementation, maintenance of, and adherence to policies and procedures covering the privacy of, access to, and protection of patient, provider, employee, and business information in compliance with CHW policies and procedures, and as required by the HIPAA privacy rule, the FTC Red Flag Rule, and other applicable regulations and laws.

The Chief Privacy Administrator collaborates with CHW legal counsel to monitor or interpret the requirements of HIPAA and other applicable federal and state privacy laws and regulations. The Chief Privacy Administrator receives complaints and requests for further information regarding CHW privacy policies and notices; in collaboration with CHW legal counsel, oversees investigations and required state and federal reporting and notification involving breaches of confidentiality; coordinates all activities with privacy implications; and monitors systems and services to assure meaningful privacy practices. The Chief Privacy Administrator also monitors and coordinates all requests for information from federal and state regulators investigating privacy.

Click  here to read more about this position.

Job Title: HIPAA Specialist

Company: AETEA Information Technology

Location: Olympia, WA

Job description: Our Olympia, WA customer needs a Consultant with strong HIPAA experience and knowledge to help with getting through HIPAA/EDI testing. We are looking for someone who knows the Federal HIPAA transaction implementation guides well and can understand the companion guide and help providers troubleshoot why their files are failing.

Click  here to read more about this position.

Job Title: HIPAA Business Analyst

Company: CATS

Location: Washington, DISTRICT OF COLUMBIA

Job description: This initiative requires the resource to evaluate the existing District agencies requiring HIPAA Security measures and to offer a comprehensive and logical approach in providing HIPAA Security for those agencies.

Meets with customer and reads designs and uses software tools to gather requirements, analyze needs, identify risks, propose designs, wrote documentation, remediate and carry out analysis. This initiative requires the resource to evaluate the existing District agencies requiring HIPAA Security measures and to offer a comprehensive and logical approach in providing HIPAA Security for those agencies. Any HIPAA IT security assessment experience is a plus. Conduct risk analysis of various agencies here after referred to as a covered entity, to identifying deficiencies in standards, to resolving problems where applicable, to develop and amend HIPAA associated Policies, Plans, and Procedures. Implement preventive compliance measures as it relates to Part 164 of the HIPAA Security Rule described in the Work Plan.

Click  here to read more about this position.

Job Title: Corporate HIPAA Compliance Manager

Company: HMA – Corporate (Health Management Associates)

Location: Naples, FL

Job description: Assists with all ongoing activities related to the development, implementation, training, maintenance of, and adherence to the organization’s policies and procedures covering the privacy of, and access to, patient health information in compliance with federal and state laws and the healthcare organization’s information privacy and security practices…

Click  here to read more about this position.

Job Title: EDI Lead Developer

Company: CATS 

Location: San Francisco, CA

Job description: The tech lead for the EDI Program is responsible for building and implementing the technology solutions which are part of EDI Roadmap. Responsibilities include analyzing the requirements, detailed system design, development, testing and support of technical solutions…. The candidate should experience in architecting and implementing EDI in healthcare industry with knowledge of HIPAA standards…

Click  here to read more about this position.

Job Title: HIPAA Privacy Manager

Company: Cedars-Sinai Medical Center

Location: Los Angeles, CA

Job description: Works with the CCO/Privacy Officer in implementing and administering federal and state regulatory requirements on patient privacy and the confidentiality of patient information. Primary customers include physicians and CSHS employees…

Click  here to read more about this position.

Job Title: Manager, Patient Relations

Company: MetroWest Medical Center

Location: Framingham, MA

Job description: Under the general supervision of the Director of Quality and Patient Safety, is responsible for managing patient relations and complaint activity. Serves as liaison between the patients, their families, and the organization’s departments, administration, and physicians for thorough and timely resolution of issues, concerns, and complaints. Acts as the organization’s HIPAA / Privacy Officer assuring adherence to all HIPAA and privacy of information regulations and standards.

Click  here to read more about this position.

Job Title: Lead Correspondence Clerk

Company: UCSF Medical Center

Location: San Francisco, CA

Job description: The Lead Correspondence Clerk is responsible for processing requests for medical records. This individual must have general overall knowledge of The HIPAA Privacy Rule (Federal Registry, Title I, Health Care Access) along with laws governing State and Local Release of Information and Patient Access…

Click  here to read more about this position.

Job Title: HIPAA Auditor

Company: COMSYS

Location: Boise, ID

Job description: The Internal Auditor for Information Security is responsible for the auditing and testing of IT controls for HIPAA, PCI, and other regulatory based auditing and testing. This person will audit routine information systems and the most complex of new and existing systems to ensure that appropriate controls exist, and that system procedures are in compliance standards. Provides timely periodic reports on findings and identifies controls needing improvement.

Click  here to read more about this position.

Job Title: Privacy Specialist

Company: St. Luke’s Hospital

Location: Houston, TX

Job description: Provide input on the development, implementation, and on-going review of privacy policies and procedures.  Provide information about matters covered by the System’s Notice of Privacy Practices, Receive, respond to, and document privacy complaints from patients, employees, business associates, and others. Coordinate correction, mitigation, and disciplinary action as requested.  Prepare, as directed, periodic privacy reports to the Governing Board and management regarding the status of implementing and maintaining the privacy program.  Oversee, direct, deliver or ensure delivery of initial HIPAA/privacy training on applicable policies to all employees, volunteers, medical and professional staff.  Initiate, facilitate, and promote activities to foster HIPAA/privacy awareness.  Work with the Privacy Officer to establish a process for receiving, documenting, tracking, investigating, and taking corrective action on all complaints concerning the organization’s HIPAA/privacy matters. Implement corrective action to mitigate effects of inappropriate use or disclosure of PHI and document such actions.  In collaboration with legal counsel, identify business associates that receive PHI and review existing contracts with these entities for compliance with HIPAA. Assist regulatory bodies and organization officers in compliance reviews or investigations.  Work in conjunction with the Privacy Officer to address such reviews or investigations.  Set and track potential HIPAA/privacy compliance performance measures, which may include: Breach of confidentiality/privacy related complaints; Determine number of internal incidents involving violations of privacy policies;Determine and improve compliance with HIPAA training;Act as a liaison to St. Luke’s IM Department to review all system-related information security plans to ensure compliance;Respond to other compliance matters as appropriate or as assigned by the Compliance Officer.

Click  here to read more about this position.

There’s a new solution on the market to make HIPAA and HITECH compliance faster and easier, and the real draw is that it makes it easier for physicians to qualify for the stimulus incentives and bonuses from the ARRA, PQRI and E-Prescribing initiatives.  In a business wire issued on October 22^nd Reuters highlights the new “Surveillance Program” offered by Doctations.

The Surveillance Program allows physicians to meet requirements for the E-prescribing initiative for a 2% bonus, the Physicians Quality Reporting Initiative (PQRI) for a 2% bonus as well as to qualify for up to $44,000 in incentives from the ARRA via the High-Tech bonus. Doctations’ COO Jerry Kolosky highlights the benefits: “By implementing the Surveillance functionality, we are providing online tools that make it simple for doctors to meet new government requirements, help ensure positive patient outcomes and receive the associated financial benefits.”

Reuters states that “By implementing the medical practice management and digital documentation solutions as web-native tools, Doctations provides doctors and patients with advanced, secure, HIPAA compliant, comprehensive solutions that are substantially less expensive than any other options currently available.”

And yes, the Certification Commission for Health Information Technology (CCHIT) has certified this application.  Doctations has committed to updating this program for immediate compliance with HIPAA and HITECH rules as well as other regulations.

Once again we are in the midst of hurricane season.  I thought this would be a good time to review a few points about HIPAA and natural disasters – always helpful reminders, since “the big one” could be here soon (earthquake, tornado or hurricane…you just never know).

When hurricane Katrina struck the US, time was of the essence in providing care to those injured.  The Department of Health and Human Services issued a bulletin titled Hurricane Katrina Bulletin: HIPAA Privacy and Disclosures in Emergency Situations to succinctly address the issue of patient information while responding to an emergency.  It covers treatment, notification, imminent danger and facility directories.

In short, “the HIPAA Privacy Rule allows patient information to be shared to assist in disaster relief efforts, and to assist patients in receiving the care they need.”  The Red Cross is also mentioned specifically: “Of course, the HIPAA Privacy Rule does not apply to disclosures if they are not made by entities covered by the Privacy Rule.  Thus, for instance, the HIPAA Privacy Rule does not restrict the American Red Cross from sharing patient information.”

For a more in-depth analysis of hurricane Katrina and HIPAA Privacy, you can access the CRS Report for Congress on Hurricane Katrina: HIPAA Privacy and Electronic Health Records of Evacuees.

For hurricane updates from the National Weather Service, click here.

What do you call a provider if he/she is found to have violated patient confidentiality?

HIPAAcrit

What do you call a theory for HIPAA success?

HIPAAthesis

What does one experience once they’ve grown cold to HIPAA compliance threats?

HIPAAthermia

What do you call someone who complains incessantly about HIPAA?

HIPAAchondriac

What do you call urgent HIPAA issues?

HIPAAcritical

What do you call the uphill slope toward HIPAA compliance?

HIPAAtenuse

What do you call someone who thinks HIPAA is sweet?

HIPAAglycemic

What is the disease you get from too much HIPAA?

HIPAAtitis

What do you call someone who is delighted with HIPAA?

HIPAA-go-lucky

These were originally posted here by D. Hager, Paramedic.