Category Archives: Privacy and Security (Staff)

Cyber Crime Reporting

by

The following message is from CMS.

If you are the victim of ransomware or have cyber threat indicators to share

If you or your organization is the victim of a ransomware attack, please contact law enforcement immediately.

  1. Contact your FBI Field Office Cyber Task Force, at https://www.fbi.gov/contact-us/field-offices/field-offices , immediately to report a ransomware event and request assistance.  These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
  2. Report cyber incidents to both of the following:
  3. For further analysis and healthcare-specific indicator sharing, please also share these indicators with the HHS Healthcare Cybersecurity and Communications Integration Center (HCCIC) via email to HCCIC_RM@hhs.gov

HIPAA FAQ re Loved Ones

by

The HHS Office of Civil Rights (OCR) has issued a new FAQ clarifying that the HIPAA Privacy Rule permits disclosures to loved ones regardless of whether they are recognized as relatives under applicable law.  The FAQ, while applicable in a variety of circumstances, was developed in large part to address confusion following the 2016 Orlando nightclub shooting about whether and when hospitals may share protected health information with patients’ loved ones.  In particular, the FAQ makes clear that the potential recipients of information under the relevant permissive disclosure provisions of the law are not limited by the sex or gender identity of the person.  

In tandem, OCR is updating its existing Guidance on several provisions within the HIPAA Privacy Rule that recognize the integral role that a spouse often plays in a patient’s health and health care.  Consistent with a recent Supreme Court decision, OCR is issuing updated guidance that makes clear that the terms marriage, spouse, and family member include, respectively, all lawful marriages (whether same-sex or opposite-sex), lawfully married spouses and the dependents of all lawful marriages, and clarifies certain rights of individuals under the Privacy Rule.

Find the Guidance and a link to the FAQ at https://www.hhs.gov/hipaa/for-professionals/special-topics/same-sex-marriage/index.html .

Holiday Eating

by

The November issue of the Northwest Renal Network’s provider newsletter, Network 16 News, is all about eating at other people’s houses during the holidays without disrupting your dialysis routine.  Find a copy at https://www.nwrn.org/providers-and-professional-staff/nw16n.html .  The National Kidney Foundation has a different list of tips for holiday eating – both lists are very useful – which you can find at https://www.kidney.org/content/tips-happy-healthy-holidays-dialysis-diet .

The November Network 16 News also includes an Announcement on the Network’s 2017 Quality Improvement Activities, a Question Corner on protected health information, and Hot Dates for the NWRN Annual Conference in Seattle March 2-3, 2017, and the NKF Spring Clinical Meetings in Orlando FL April 18-22, 2017.  Get the latest information on these and other professional and staff education meetings from the Facility Calendar in the menu bar at the top of this page.

11/1 SSN Removal Call

by

On November 1, 2016 CMS will hold an Open Door Forum conference call on the removal of Social Security Numbers from Health Insurance Claim Numbers (HICN).  HICNs will be replaced by randomly created Medicare Beneficiary Identifiers (MBIs) starting in 2018.  For more information see https://nwrnbulletins.wordpress.com/2016/09/29/mbi-replaces-hicn/ .  

The call well be held at 11am PDT, 800-837-1935, conference ID 98745631.  For TTY services, dial 800-855-2880.  CMS requests that participants dial in at least fifteen minutes before the scheduled start time.  

CMS has also advised that between now and 2018, all patients and facilities should make sure that their mailing addresses are kept current.  MBIs will be mailed to patients, and facilities will have to ask patients for their MBI.  Patient addresses in the Medicare, SSA, and CROWNWeb databases should all agree, with a correct and complete address to which the US Postal Service delivers.

MBI Replaces HICN

by

Over the next three years, CMS will replace their traditional Health Insurance Claim Number (HICN) patient identifiers with a new Medicare Beneficiary Identifier (MBI).  New Medicare Cards will be sent to all Medicare beneficiaries starting in April 2018, and all providers will be expected to have modified their software to accept MBIs by then.  Between April 2018 and December 2019, either the HICN or the MBI will be accepted by CMS.  After December 2019, the HICN will no longer be accepted.  

The MBI will have eleven characters, numbers and upper-case letters only.  A 2015 law (MACRA) requires CMS to remove Social Security Numbers (SSN) from Medicare identifiers.  You may encounter the new acronym SSNRI, for the CMS SSN Removal Initiative.  For more information see https://www.cms.gov/Medicare/SSNRI/Index.html and https://www.cms.gov/Medicare/SSNRI/Providers/Providers.html .

Medical Consumer Protection

by

Medicare acknowledges Consumer Protection Week by publishing a table of guidelines to help medical consumers make important choices about finances, health, privacy, and more, in their “Five Ways to Become an Informed Medical Consumer” post on the official Medicare Blog.  Each of the Five Ways links to in-depth information.  Find the post at http://blog.medicare.gov/2016/03/07/informed-medicare-consumer/ .

Another effort to increase protections for medical consumers is the CDC Foundation Safe Injection Practices Coalition’s “One and Only Campaign,” using the motto “One Needle, One Syringe, Only One Time.”  You can find a great deal more information about this campaign at http://www.oneandonlycampaign.org/ .

3/21 NANT Symposium, Las Vegas

by

Including the pre-symposium workshops, the 2016 NANT Annual Symposium in Las Vegas NV March 21-24 will include sessions on professional development, water treatment, machine troubleshooting, empathy and patience with patients, patient needs, disaster preparedness, body and dialysis chemistry, cyber security, infection control, fluid management, vascular access, dialysis modalities, reuse, biofilms, and dialysate composition.  For details and registration see http://dialysistech.net/events/2016-annual-symposium .