HIPAA 42 CFR Part 2 and FERPA Rules For Managing Student Health Informaton

This Blog focuses on the issues of managing health information when it may that of students and may involve substance abuse treatment information. HIPAA and FERPA allow a number of disclosures without consent that SAMHSA prohibits without consent.

How HIPAA relates to information management and release and explain the processes required for various releases of information under the HIPAA and FERPA rules, including release according to individual access requests, and under consents and HIPAA authorizations.

While FERPA overrides HIPAA, both HIPAA and FERPA take a back seat to the rules under 42 CFR Part 2. When substance abuse treatment information is involved, first you need to understand how to identify it. This blog explains how to make it distinguishable from “regular” health information, so that the appropriate extra protections can be provided. You may be able to use functions in your EHR to flag the information, or you may create a manual process for tracking the information,if it is rarely handled in your organization.

HIPAA ransomware

And the substance abuse treatment information you collect may or may not be under SAMHSA depending on whether or not you have a department or even a response team that specializes in SAMHSA-related situations. You need to understand your status under the rules before you release information inappropriately.What qualifies treatment that falls under SAMHSA.

If your organization provides services that create information that is under the SAMHSA regulations, you will need to establish the consent and release of information processes that are required to be followed for information releases under 42 CFR Part 2. This involves getting the proper consents upon establishment of the relationship, as well as managing consents for releases that may be necessary after the initial establishment of the relationship.

When you release information under HIPAA, there are no special notices required to be placed on the records. But when you release information under SAMHSA, each document must have a notice that explains that re-disclosure is not permitted without a new consent.

hipaa audit5

Complicating matters are updated rules going into effect that will allow a consent that permits a re-release to a defined team of providers caring for the individual, but then require meticulous documentation of to whom the information has been released under such a consent.

This blog will explore the complications and requirements of each of the rules controlling student health information, HIPAA, FERPA, and 42 CFR Part 2, and provide insights into how to apply the rules in an education setting.

This Blog covers the below topics

  • What FERPA controls and how to Determine where it Applies
  • How FERPA and HIPAA Interact
  • What HIPAA allows, what SAMHSA requires, and the Differences will be Explained
  • We will Examine how to Deternmine if the Services you Provide Place you under FERPA or 42 CFR Part 2
  • We will Explore the means for Making sure Substance Abuse Treatment Information Receives the Appropriate Protections
  • The consent and release Requirements under HIPAA, FERPA, and 42 CFR Part 2 will be Explained
  • Re-release of Information Released under 42 CFR Part 2 will be Discussed
  • Sharing of information with Family and Friends in an overdose Incident will be Explored
  • The latest Guidance from the US Department of Health and Human Services on HIPAA and FERPA, as well as Harmonization of SAMHSA and HIPAA will be Explained

Read More

This Blog Is going to helpful for these professionals

  • Compliance Director
  • CEO
  • CFO
  • Privacy Officer
  • Security Officer
  • Information Systems Manager
  • HIPAA Officer
  • Chief Information Officer
  • Health Information Manager
  • Healthcare Counsel/Lawyer
  • Office Manager

Top Facts about HIPAA Texting

The Health Insurance Portability and Accountability Act (HIPAA) came into being in 1996 with the purpose of ensuring the privacy of data and safeguarding medical information through a set of security provisions. Its three core provisions relate to portability, integration with Medicaid, and simplification of the administration of the Act. Ever since the technology of Short Messaging Service (SMS) was introduced into healthcare, rules relating to what should be sent and how have become a very important component of HIPAA.

There is a misconception that texting is not allowed in HIPAA. Texting is not prohibited under HIPAA, which means that anyone can send text messages about health information. However, one of the top facts about HIPAA texting is that there are reasonable restrictions relating to what should be sent in text format and how. The core objective for HIPAA is to safeguard the integrity of Protected Health Information (PHI) and ensure that it complies with the provisions set out in HIPAA. The laws regarding this are set out in the Privacy and Security Rules.

Hipaa texting

Why is texting an issue under HIPAA?

If the Department of Health and Human Services, which administers HIPAA, is so clear in its goal, why is there any confusion at all about the provisions relating to texting? This question needs to be put in perspective: A good part of the confusion relating to SMS under HIPAA is attributed to facts that are inherent with the concept of short messaging services:

  • Most apps, which healthcare professionals rely on heavily to send PHI, are open and don’t have login and logoff requirements
  • The accountability for messages’ origin is very low in SMS since senders have little control over the origin and receipt of messages by SMS
  • Identity is a major concern in SMS because anyone who uses somebody else’s phone could send messages
  • There is very little trackability of stolen or damaged cellphones that could transmit PHI.
  • Other sources of confusionIn addition to this, complex legalese used in this text compounds the confusion about HIPAA. In fact, among the top facts about HIPAA texting is that HIPAA does not explicitly mention the word SMS or texting at all; SMS is covered under the rules set out under the broad heading of electronic communication.protected health infoThis has led to confusion in many cases because rules that apply to certain kinds of electronic communication do not apply to others. Texting is a classic instance of this ambivalence. Since HIPAA has framed very broad guidelines to cover all electronic communication; some of its definitions of phrases are open to subjective interpretation.Resort to the Privacy and Security Rule

    It is to avoid scenarios such as these that healthcare providers who come under HIPAA regulations need to get a thorough understanding of how to safeguard patient information while texting.

    The basis for preventing being hauled up by the HHS for privacy violations while texting patient information should be an understanding of what texting HIPAA considers a violation of its Privacy and Security Rule. Business Associates and their Covered Entities, who are required to comply with HIPAA, need to be guided by the HIPAA Security Rule, which defines all the elements of texting including:

    • Access controls
    • Audit controls
    • Transmission security mechanisms when PHI is being transmitted electronically
    • Methods for ID authentication
    • Integrity controls

    Another of the top facts about HIPAA texting is that the HIPAA Privacy and Security Rule considers any message containing PHI that is sent in standard, non-encrypted, non-controlled and non-monitored SMS or IM as violation of its requirements.hipaa security 2

    Secure Messaging Solutions are the answer

    The most viable and acceptable solution is to resort to secure messaging for sending PHI. These are some of the ways by which a Secure Messaging Solution can ensure the security of PHI sent by a HIPAA entity while messaging:

    • It encapsulates PHI within a private communications network. This network can be accessed only by authorized users
    • Access is through a secure gateway which makes it easy to track and prevent misuse
    • SMS containing PHI cannot be sent to email addressed outside the communications network
    • After a period of inactivity for a set period of time on the app, it logs off automatically
    • Copying and pasting any information contained in the PHI, as well as the feature of saving the data into a hard drive is disabled.

For More Updates Follow Us on Social Media



Things You Should Know About Physician Employment Agreements

Physician Employment Agreements are a core part of the relationship between healthcare providers and the physicians who work for them. Physician Employment Agreements have evolved with the consolidation of the healthcare industry in which physicians are hired and due to the passage of the Affordable Care Act (ACA), more commonly called Obamacare. These developments have given rise to physician practice acquisitions. Let us understand some of the reasons for which Physician Employment Agreements have risen over the past few years:

Business group and doctor

  • Acquisition of physician practices offers healthcare providers the opportunity for consolidation and better integration of their business by aligning the business prospects of the referral networks with the hospital’s strategic goals
  • The perceptible fall in reimbursement rates of a few specialties has made specialists in these areas feel the need to tie up with an established hospital brand. The main advantage they get by doing this is that in addition to gaining some latitude and flexibility in negotiating contract rates; these specialists can also earn an assured income, which is very uncertain if they practice on their own
  • A few of the recent amendments into the Medicare and Medicaid reimbursement systems have been facilitating bundled and integrated payments for providers. This system is suitable and profitable for healthcare providers that have more physician practice acquisitions
  • Both experienced and new physicians gain when their physician practices get acquired by hospitals. This is how: it gives experienced physicians the opportunity to enhance their incomes, while younger physicians can look forward to more flexibility in their working hours, which earns them the much-desired ability to balance life and work, a rarity for a young practitioner in this profession.


What are the things you should know about physician employment agreements?

Now, having understood the concept of physician employment agreements, let us look at the things you should know about physician employment agreements. These are some of the things you should know about physician employment agreements while signing them:

Physician compensation: Undoubtedly, one of the most important things you should know about physician employment agreements is the compensation the physician is going to get for working with the hospital. In professions such as those of the physician, the practitioners would have put in years and years of sheer hard work and perseverance and would have sacrificed a lot of comforts in their personal lives. They certainly look forward to getting compensated suitably for this effort. The physician should look into the structure of compensation, such as whether she is going to be paid a fixed salary, whether it is going to be in proportion to the number of case, or anything else. This should be negotiated in a forthright manner without any ambiguity.

Physician Emp Agrmnts

Working hours: Another of the important things you should know about physician employment agreements is working hours. As noted earlier, flexibility in the working hours is one of the criteria for choosing to get acquired by a practice. The physician should consider how much flexibility the healthcare provider offers, so that she can plan her schedule for the working days or allot time for family or other commitments.

Insurance: The terms of the malpractice insurance is another of the things you should know about physician employment agreements. Different insurance companies offer various kinds of malpractice insurance. The terms of the physician employment agreement should be clear about what the provider is offering to the physician.

Working conditions: In addition to the specialization, the physician should also look into the working conditions, such as where the hospital is located, how much time to takes to commute to work and back home, and so on. Spending too much time on commute eats into the productive hours.

Reputation of the hospital: This certainly is one of the core things you should know about physician employment agreements. In addition to the reputation the hospital enjoys, the physician should also consider the kind of cases the hospital is known for. This will help her determine if it is suited for her specialization.

Leave and other benefits: Physicians are usually overburdened with work. This makes the leave policy a key factor while considering working with the hospital. The physician should also look into other aspects such as leave, employment benefits and other issues.

Termination: This is another of the things you should know about physician employment agreements. The terms under which the contract gets terminated should be very well thought out and spelt out in the agreement.

The Next Big Thing in Hospital Management

Is the US hospital management sector waiting for the next big thing in hospital management? What is it going to be and what shape is it going to take? Any change in the hospital management sector needs to be watched for, because it is part of the $ three-trillion healthcare sector in the US, the world’s largest.

Which are the major changes that one can expect in this Pan-American sector of hospital management? Like many other sectors related to healthcare, will hospital management be technology-led too? The prognosis presents a mixed bag because when we look at some of the trends while looking for the next big thing in hospital management, we could be looking at changes that could be both technology dependent and non-technological ones.


Self-care is set to be the next trend in hospital management

This sounds rather paradoxical, when one considers how technologies have been making serious inroads into hospital management and are facilitating a vast number of functions relating to areas such as helping to monitor core hospital management areas such as patient visits, for instance.

Yet, hospital management is moving towards more focus on patient self-care. The main reason attributed to this is the fact that hospitals are seeing self-care as a means to control patient inflows and help them avoid unnecessary visits to hospitals. This is all the handier when it comes to old aged patients, for many of whom making visits to hospitals could be a challenge.


Take the case of patients with diabetes. Many patients can avoid multiple visits to hospitals with the aid of apps and other tools which help them monitor the condition on a daily basis and interact with the healthcare giver only in the case of serious variations or adverse symptoms in their condition. Not visiting hospitals does not mean lesser care. On the contrary, it is quite likely that they could receive better attention because of the presence of automated tools such as emails and text messages and interaction through the social media that send out quicker signals to care providers. As technologies and tools become more patient-centric, there is a good chance that the hospital sector will undergo a few major changes with lessened footfalls from patients.

Telemedicine could alter hospital management

One cannot discount the possibility of telemedicine taking over the role of being the next big thing in hospital management. Telemedicine has been around for quite a while now. So, what is new, you may ask. Well, telemedicine has been around for some time now, but what makes it the potential next big thing in hospital management is that its ability to lead to virtual care is now being explored more vigorously. If telemedicine serves as the foundation for the growth of virtual care, it will have more than served its purpose of hastening medical care where it matters the most and is needed the most.

The technologies that go into making virtual care a reality, are being considered favorably for eliminating many of the drawbacks of telemedicine, such as heavy dependence on staff for call centers and wired systems. Telemedicine is being seen as the technology that could alter itself for the better and alter the face of hospital management in the US.

Technologies will transform hospital management

This is a fact all too well known for anyone to be surprised by. Technologies are pervading every area of our lives and are transforming them beyond our comprehension. How does one expect hospital management to be different? Areas such as operations, microsurgery, hospital financial management, laboratory management and a bunch of areas that work in close sync with hospital management could undergo drastic changes with technologies such as Artificial Intelligence and Machine Learning. These technologies are likely to bring in paradigm changes by altering the very foundation on which hospital management is built. They could be bringing about real changes in nearly every area of hospital management in the next few years.

Healthcare Entity

Hospital data needs to be secured

No technology, practice or process being touted as the next big thing in hospital management will be of any use unless hospital management learns how to deal with malware attacks. Hackers are very enticed by patient medical data, which now commands a higher rate in the black market than even credit cards and social security data. The next big thing in hospital management should look at how to nip this evil in the bud.

Follow us for more updates

Why You Need Medical Coding

Medical coding has been around as a profession in the healthcare insurance sector for a while now. Let us get down to understanding medical coding then. Medical coding is a practice in which the full set of medical data relating to a patient, which could range from diagnosis to medication, is converted into set codes for the insurance companies to take further.

Why is it necessary to convert these data into codes? Medical reports are usually very lengthy and detailed in nature. They are written in very highly medical jargon, as well. If the entire history of an admission were to be described, it would run into pages sometimes. The medical history is usually not only detailed, but also many times diffuse in that it describes all the symptoms, the history, the allergies, the medications and several other details.


Why you need medical coding is best understood if one takes a look at what would happen without it: If insurance providers receive this form of reports about a patient, they will have to spend all their resources and time in just understanding the reports. When one considers the fact that there are close to one-and-a-half billion visits to doctors across the nation in a year, one can understand why medical coding is crucial. Imagine the size of the problem if insurance companies were to handle just a handful of details per case.

Helping to classify diseases

Having codes for each ailment helps the insurance companies to quickly understand the nature of the illness and the treatment given. This will help them process the steps necessary for the claims. This is why internationally standardized codes are made available for helping the healthcare sector as well as the insurance companies streamline the humungous documentation that goes into medical coding. This is the primary reason why you need medical coding.

The coder is thus required to have a clear grasp of the conditions, diagnoses, the doctor’s interpretations of the symptoms, the nature of the disease to an extent and of course, the ins and outs of coding and how these fit into coding and billing. This calls for extreme attention to detail, which is why you need medical coding.

medical billing

At present, medical coders need to have knowledge of three internationally accepted code systems:

International Classification of Diseases (ICD)

The ICD was set up by the World Health Organization in the 1940’s to set a uniform terminology for the causes of illnesses, injuries and deaths. From the time of its inception, it has undergone many changes, with each updated version being represented by a new number. The current ICD version is the tenth one, which is why the code now in use is called ICD 10. It has what is called Clinical Modification, with expands the list of diseases and helps coders a little more in their interpretation. The Clinical Modification for the current ICD 10 code enlarges the scope of codes by almost five times.

clinical-trials 4

Current Procedure Terminology (CPT)

CPT is used to code medical procedures carried out in a physician’s’ practice. CPT consists of three categories that are spelt out in five-digit codes.

Healthcare Common Procedure Coding System (HCPCS)

The HCPCS codes are those that the CPT does not cover. These typically include items such as ambulance rides, prosthetics, durable medical equipment, and some types of medicines and drugs.

Another fact about the HCPCS is that it is the official code set for a variety of services such as Medicaid, Medicare, drugs given for chemotherapy, care given to outpatients at hospitals, and others. It being the code for Medicaid and Medicare makes it one of the primary codes in use.

Given the complexity of the nature of coding and the innumerable uses they serve, it is not difficult to grasp why you need medical coding in the healthcare sector.

Follow Us and get more updates

Top risk management issues in healthcare

Healthcare, like every other area, has its own risks. In the case of healthcare, the risks have to be contained well because of the obvious fact that any unseen or unaddressed risk can be a potential source of danger to the patient’s health or very life. This is the most urgent need for addressing risk management issues in healthcare.

When talking about the top risk management issues in healthcare, one has to take a rather holistic look at this topic. This is because risks can arise in healthcare from any source, obvious or obscure. The healthcare unit has to be completely and fully open to the possibility of finding risks in almost any area of their work.

risk management

This is why top risk management issues in healthcare concern the whole gamut of the field of healthcare. Let us take a look at some of these top risk management issues in healthcare:

Risk from technology

Technology has the magical power to transform lives in a way that humans of an earlier era could not have dreamt. But wait a minute. For all the fantastic things that technology is capable of doing, it comes with a huge risk that is inherent into it. We are witnessing the explosion of all kinds of changes that life will see under technologies such as Artificial Intelligence, data science, Internet of Things, Big Data and their siblings.  These technologies have unimaginable implications for healthcare.

While many changes can be seen in areas such as the way health and health administration are going to progress, there is no denying the fact that technology is primarily responsible for cyberattacks on healthcare records. To say that this is a dangerous trend is to understate a problem of gigantic proportion. The consequences of data breaches are terrible.

Hipaa data breach

Individual healthcare providers may face penalties and other fines but how does the healthcare sector deal with it? What is to be done when critical data about patients go into unscrupulous hands? It sends the whole sector and the lives of millions of people into a tizzy, depending on the severity and consequences of the cyberattack. Data security ranks right among the top risk management issues in healthcare.

Compliance risks

With healthcare being such a vast and varied field and being one that carries immense potential for misuse, governments have realized that the need for regulation is acute. Regulation is always done with very good intentions, but it has a major bearing on the healthcare providers. Why? They have to comply with a myriad set of regulations and rules concerning almost all areas of their work. The cost of compliance is high, but the cost of noncompliance is inestimably higher. Complying with all the regulations such as HIPAA is a gigantic task. Getting it right is something healthcare organizations spend a lot of their resources on.

Hipaa Compliance

Dealing with patients

One of the top risk management issues in healthcare is dealing with patients. Not all patients are expected to be sober and patient. In addition, patients having unrealistically lofty expectations of the treatment outcomes are common. Patient expectations are high when it comes to the provision of services, too. Many patients are difficult to handle because they think they have entitlement rights over many aspects of the health administration without being fully knowledgeable about the difficulties faced by healthcare providers.


Telemedicine is emerging as a novel means to provide healthcare across remote areas. While this technology is itself not totally new, it has undergone a few technological leaps that make it a lot easier to adapt and grow into more areas. This has exciting possibilities for the patient and for the field of healthcare but comes with its own challenges of implementation. Implementing telemedicine practices in accordance with the rules and within the regulatory framework opens up new avenues for healthcare but one cannot rule out the practicality of the challenges it comes with.

Dealing with the setup

People are part of the healthcare industry. There are both healthcare professionals and patients that need to be managed. This may be part of the job but still, it comes across among the top risk management issues in healthcare. To organize and streamline work on a daily basis, especially in very huge hospitals, is quite a task, even with all the support people and technologies provide. Dealing with issues and preventing and eliminating the smallest problem in the setup is a herculean task for even the most experienced healthcare professionals. This makes it important for healthcare professionals to learn ways of dealing with such top risk management issues in healthcare.

Hospital Management: Expectations vs. Reality

Hospital management is one of the giant areas of healthcare in the US, estimated at over $ three trillion. This is the world’s largest healthcare market by a long stretch. The sheer size of this market, however, belies the realities that hospital management has to face in their daily administration of health to patients in the thousands of healthcare settings in the US.

It is interesting to look at hospital management, its expectations vs. reality. Hospital management: expectations vs. reality from a healthcare provider’s perspective offers a rather less sunnier perspective into hospital management. While it is tempting to paint a rosy picture of the overall healthcare market in the US, it is imperative to look at how hospitals face issues in their day-to-day functions.


From a hospital’s point of view, it is faced with many aspects that it has to confront with patients. When care is not given in line with patient expectations, it results in bad reputation. Hospitals have to take utmost care to convey that the patients are being taken care of to the best of the hospital’s ability and with all the resources it has within its reach.

In addition to specificities such as this, there are also the other general matters concerning hospital management: expectations vs. reality. Let us look at some of these:

Differing expectations between caregiver and patient

One of the crucial issues of hospital management: expectations vs. reality is that there is almost always a difference between the expectations that patients have of the healthcare service being provided and the expectations from the caregivers’ perspective. If the doctor or any other caregiver has one set of expectations of the outcome of care, the patient has another, often very differing one.

It is almost always true that the patient expectations of a treatment outcomes are much higher than those of the patient. A lot of it has to do with perceptions. The patient is now exposed to an overload of information from various sources such as the Internet. This availability of information leads to assumptions about the possible outcome, which could be at variance with the facts on the ground. The healthcare provider has to handle this with sensitivity and care and set things in the proper position before commencing the treatment. Conveying the best and worst possible outcomes can go a long way in assuaging patient expectations.


Patients have wide choices

Along with information about the disease or condition a patient has, there is also the prevalence of a lot of options for patients. If they are not satisfied with one hospital, it is simply never difficult for them to go to another. This is one of the challenges for a hospital. A vital component of hospital management: expectations vs. reality; this alerts in hospitals the need to up the quality of their service if they have to retain patients.

Dealing with patients’ patience

This is another of the core issues relating to hospital management: expectations vs. reality. The sheer onslaught of the social media has ensured that jumping from one hospital to another is as simple as a few clicks. A patient spends more than 1300 hours a year just waiting for her turn to see the doctor. It is estimated that the average waiting period for seeing an ultra-specialist physician is about two-and-a-half weeks in the US cities. This of course, is the average, with the shortest and longest time varying between five and 66 days between the prime cities.

hospital aquired infections3

Imagine if one were a patient. Who would have the patience to wait for such a long time? With several others being available more easily, it is but natural for patients to go in search for more convenience. This is one of the key areas of hospital management: expectations vs. reality. Hospitals have to bear facts such as this in mind when offering their services.