July 27, 2017

H I Mentors Guest Blog Post

“What’s new with HIPAA for HIM for 2017”

By Kelly McLendon, RHIA, CHPS

Two major issues are in play this year for our industry that we need to be aware of.

Privacy and patient access continues to be a major topic of discussion. Last year, the Office for Civil Rights (OCR) clarified that if a patient requests their own records you should not use a third party authorization form; yet nobody knew this! Your own information for getting copies of records and where to send the records is covered by specific HIPPA regulations. The problem is attorneys may not be complying with this regulation because most of the time they should be using a third party authorization. Some attorneys are requesting records as if they are the patients doing the asking. Whether or not the request is from a patient or another party has become quite complex. We are waiting for further guidance from the OCR. As of now, legislation is pending.  The new OCR director named March 22 is Roger Severino. Stay tuned for the OCR response. Refer to more information about access on the OCR web site here.

Another red hot issue is on the security side of our profession. We continue to have problems with ransomware, hacking and phishing. Users need to be vigilant as to what emails they should open. We are preaching user vigilance and use of technology. Some of these practices are in play with users that have savvy IT. I receive calls regularly from sites with a breach. It’s still happening and we are working with the OCR and the FBI. Some are preparing Bitcoin accounts to prepare for caving in to Ransomware. The FBI does not recommend paying ransom for your files.  If you have a business continuity plan and back up appropriately and are hacked, all you have to do is go to your latest backup, as long as you ensure it is not corrupted! We just had World Backup Day March 31 – Don’t be an April fool. Check out the resource page from Compliance Pro Solutions for applicable checklists. I’ve seen a single office provider who did not close all of the ports. A hacker found the ports, put a ransomware on them and encrypted all of their data but they were able to get by with no penalty from OCR because they were very diligent in creation of their HIPAA compliance program.


It’s a challenging time with all of the administrative changes and unknown changes coming. Don’t get anxious about it just continue what you’ve always been doing – being good stewards for health information management protection.


Kelly McLendon, RHIA, CHPS is a well-known consultant and industry expert in patient privacy and security, with specific expertise in the areas of privacy, incident, detection and automation. He is also an industry expert in legal health records, HIM operations, electronic document management and EHR project planning. Visit us on social media:

Twitter – @HIMprivacyGURU and @Comply_Pro

LinkedIn – Compliance Pro Solutions

Facebook – Compliance Pro Solutions