Promotes topics in how patient health information is secured, created, stored, shared, and transferred.
The purpose of the document is to help HI professionals comply with the complex requirements in the Reproductive Health Care Privacy Final Rule by outlining the recommended process for releasing reproductive healthcare PHI.
Publication Date: August 2024 Author: AHIMA WorkgroupThe purpose of the Release of Information Toolkit is to help an individual develop an effective ROI process across any setting. It is to be used as a framework and reference guide to ensure disclosures of PHI are made in accordance with all state and federal regulations in a timely manner to guarantee the integrity of the PHI is maintained. For adequate response and turnaround times, types of requests must be anticipated before they are received with appropriate policies and procedures in place to facilitate smooth business process flow. This includes addressing the common types of disclosures anticipated and how they would be handled, the quality management and tracking procedures, as well as research of state and federal laws that will impact the processes.
Publication Date: January 2022 Author: AHIMA WorkgroupThe Copy Functionality Toolkit is designed to support and guide organizations, HIM professionals, providers, and information technology (IT) professionals to examine the issues and circumstances in which the healthcare industry needs to define, support, and execute best practices managing copy technology in the EHR. This toolkit is intended to assist in developing policies and procedures surrounding this functionality. This toolkit will reaffirm that a trustworthy EHR system begins with technology but succeeds only with appropriate and effective information management and governance.
Publication Date: January 2016 Author: AHIMA WorkgroupThe External HIPAA Audit Readiness Toolkit is created and designed to be a single resource to provide details about external HIPAA audits and to include government resources as well as other helpful tools to help an organization prepare for any external HIPAA audit. This toolkit will enable the reader to understand the requirements for OCR HIPAA Phase 2 audits, including ongoing future audits, and offers guidance regarding audit preparation and recommended practices. This toolkit can also assist CEs and BAs in meeting requirements, ascertaining how to identify which documents contain what information (and where such documents are located), and developing documentation that may be absent from a CE’s or BA’s HIPAA policies and procedures.
Publication Date: January 2017 Author: AHIMA WorkgroupThe purpose of the Breach Management Toolkit is to provide a comprehensive collection of resources and best practices to help healthcare organizations and health information management (HIM) professionals navigate their way through the HIPAA breach notification rule and the overall breach management process. It is to be used as a framework and reference guide to assist with the breach investigation, determination, mitigation, notification, reporting processes, and to provide assistance with understanding and complying with federal regulations within the required time frame required by federal law. It is intended to bring awareness of the importance and responsibility of training work force members in breach notification, identification, and prevention.
Publication Date: January 2018 Author: AHIMA WorkgroupThe Disaster Planning and Recovery Toolkit addresses multiple Information Governance Principles for Healthcare (IGPCH). Healthcare entity information assets must be protected to ensure they are secure, reliable, available, and used in an efficient, ethical, lawful, and secure manner even in the face of a disaster. Disruptions, both planned and unplanned,
may make electronic health records (EHRs) and other IT assets unavailable to clinicians and other workforce mentor for day-to-day business operations. When planned and accomplished successfully, disaster planning provides several benefits designed to account for the overall recoverability and resiliency of a healthcare organization. The Disaster Planning Toolkit addresses these requirements with emphasis on data backup plan availability as well as integrity of information.
This Practice Brief offers guidance for covered entities and health information exchanges for the management of the redisclosure of protected health information by outlining challenges and providing recommendations and best practices in compliance with federal and state regulations.
Publication Date: November 2018 Author: Janelle Burns JD CHPS, Stephanie Costello MS RHIA, Dana DeMasters MN RN CHPS, et alThis Practice Brief outlines the issues to be addressed by a covered entity as it puts the necessary policies and processes in place for amending an electronic health record that has been shared with other healthcare providers through a health information exchange.
Publication Date: January 2018Author: Janelle Burns JD CHPS, Stephanie Costello MS RHIA, Sharon Lewis MBA RHIA CHPS CPHQ FAHIMA, et al
This Practice Brief provides guidance regarding health record amendment rights granted under federal and state law.
Publication Date: April 2017 Author: Ben Burton JD MBA RHIA CHP CHC, Katherine Downing MA RHIA CHP PMPThis Practice Brief summarizes information about various health IT standards, standardization processes and entities, national and international standardization efforts working to enable health IT interoperability, and the role of AHIMA in developing health information management practice standards.
Publication Date: November 2016Author: Anna Orlova PhD, Harry Rhodes MBA RHIA CHPS CDIP CPHIMS FAHIMA, Diana Warner MS RHIA CHPS FAHIMA
This Practice Brief discusses guidelines for a compliant business associate agreement.
Publication Date: October 2016 Author: Charlotte S. Barrett RHIA MBA FACHE, Nancy A. Davis MS RHIA CHPS, et alThis Practice Brief provides insight on the surge in cybercriminal activity and to serve as a reference for how to increase awareness as well as strategies that may be employed to assist in reducing the risk of cyber attacks in healthcare.
Publication Date: April 2016 Author: Mark W. Dill CISM CRISC, Susan Lucci RHIA CHPS CHDS AHDI-F, Tom Walsh CISSPThis Practice Brief addresses the primary challenges in receiving unsolicited health information, followed by key recommendations to help manage it.
Publication Date: January 2016 Author: Lesley Kadlec MA RHIAThis Toolkit is intended to raise awareness of the importance and responsibility of everyone within the healthcare organization to report HIPAA breaches to the appropriate designated personnel, as well as provide breach prevention education and training.
Publication Date: June 2014 Author: Katherine Downing MA RHIA CHPS PMPCovered entities should have in place the mechanisms for limiting disclosure of protected health information under minimum necessary policies and procedures. This Practice Brief provides guidance to assist organizations in complying with restriction requirements.
Publication Date: April 2014 Author: Barb Beckett, Ben Burton, Kenneth D. Clyburn, Katherine Downing, et alThis Practice Brief identifies and defines the components necessary for a successful security audit strategy. It also outlines considerations for legal and regulatory requirements, how to evaluate and retain audit logs, and the overall audit process.
Publication Date: March 2014 Author: Tom Walsh CISSPThe purpose of this Practice Brief is to understand the relationship between health information management and consumer/patient engagement, and examine how HIM professionals can advance and support engagement. Its focus is on policies and practices that enable the individual’s access to and use of health information.
Publication Date: February 2014 Author: Lydia Washington MS RHIA CPHIMSThis Practice Brief provides a general overview of the laws and regulations impacting the timely and appropriate release of Protected Health Information (PHI).
Publication Date: January 2014 Author: Judi Hofman BCRT CHPS CAP CHP CHSS, Angela Dinh Rose MHA RHIA CHPS FAHIMAThis Practice Brief provides an overview of information security, including some of the background and basic concepts involved in securing the privacy of health information. Included are key roles and responsibilities as well as a list of specific policies and procedures that should be considered when developing an organizational security program.
Publication Date: January 2014 Author: William M. Miaoulis CISA CISMThis Practice Brief will explore the requirements for the appropriate disclosure of protected health information (PHI) including authorization content. It will also provide an overview of other federal and state laws and regulations and the impact to specific types of PHI disclosures (i.e. substance abuse records, psychotherapy notes).
Publication Date: November 2013 Author: Rose T. Dunn MBA RHIA CPA CHPS FACHE, Angela Dinh Rose MHA RHIA CHPS FAHIMAThis practice brief provides a succinct overview of the HIPAA security rule, along with some of the background and basic concepts necessary to understand the security rule. In addition, it highlights the skills HIM professionals possess to maintain HIPAA security compliance within their organizations.
Publication Date: November 2013 Author: Chuck Kessler, MBA, CISSP, CISM, PMPThis Practice Brief serves as a guideline to help ensure that due diligence has been exercised on the part of healthcare organizations and that information risks pertaining to wireless technologies are adequately identified and managed.
Publication Date: November 2013 Author: Brian Evans CISSP CISM CISAThis Practice Brief outlines the federal requirements for the Notice of Privacy Practices (NPP).
Publication Date: October 2013 Author: Kelly McLendon, RHIA, CHPSThis Practice Brief outlines the 10 security knowledge domains that individuals with a Certified Information Systems Security Professional (CISSP) credential must possess.
Publication Date: October 2013 Author: Tom Walsh CISSPThe HIPAA omnibus final rule significantly modified the definition of marketing to require authorization for treatment and healthcare operations communications where the covered entity receives financial remuneration from a third party whose product or service is being marketed.
Publication Date: August 2013 Author: Peg Schmidt RHIA CHPS, Kathy Downing MA RHIA CHPThis Practice Brief reviews the federal regulations that affect research and the requirements regarding the use and protection of an individual's information.
Publication Date: May 2013 Author: John P Young III RHIA CHPS CPHIMSThis Practice Brief will discuss a variety of issues related to OHRs, including privacy and security principles as well as content and record management practices for the healthcare provider.
Publication Date: April 2013 Author: Benjamin Burton, Carey Cothran, Nancy Davis, et al.This Practice Brief provides guidance on managing health information during a facility closure in all practice settings.
Publication Date: August 2011 Author: Anne Tegen RHIA, Diana Warner MS RHIA CHPA, Lou Ann Wiedemann MS RHIA FAHIMAThis practice brief is intended to bring awareness for a united industry message of the seriousness regarding the handling of violations by workforce members. This brief offers methods for sanction management within organizational policies. This guidance mirrors the breach category approach now codified by HITECH, which encourages sanctions fitting to breach motivation, whether civil or criminal in nature.
Publication Date: January 2013Author: Barb Beckett, RHIT, CHPS Kathy Downing, MA, RHIA, CHP, PMP Angie Fergen, RHIA, CHPS Peg Schmidt, RHIA, CHPS