Welcome to the Fourth Quarter 2010 edition of our HIPAA Flash Newsletter.

As the new decade begins, there are new HIPAA compliance deadlines to which all organizations must pay close attention. After February 17, 2010, all Business Associates that handle patient health data and files that are not in compliance with current HIPAA privacy and security regulations may face penalties. Read the advice column for more information.

In recent news, patients question why they can’t receive their health data; the non-profit Patient Privacy Rights Foundation explores HIPAA privacy, and healthcare continues to see a rise in fraud and abuse.

Begin 2010 with staff compliance training, whether its refresher or new training, before you get caught in a breach.

(CNN) -- For five days as her husband lay in his hospital bed suffering from kidney cancer, Regina Holliday begged doctors and nurses for his medical records, and for five days she never received them. On the sixth day, her husband needed to be transferred to another hospital -- without his complete medical records.

"When Fred arrived at the second hospital, they couldn't give him any pain medication because they didn't know what drugs he already had in his system, and they didn't want to overdose him," says Holliday, who lives in Washington. "For six hours he was in pain, panicking, while I ran back to the first hospital and got the rest of the records."

In contrast to those who think that the “meaningful use” proposed rule that the CMS released goes too far, Deborah Peel, the founder the not-for-profit Patient Privacy Rights Foundation, said the rules don’t go far enough. Specifically, she said, the rule-makers left out key requirements providers need to abide by both old and new privacy laws.

Peel, an Austin, Texas psychiatrist, said that for years federal law has required the keepers of medical records of federally funded programs for mental health and alcohol- and drug-abuse treatment to obtain a patient’s consent before those records were moved or shared.

Fraudsters in Healthcare

NEW YORK (CNNMoney.com) -- There's a group of people who really love the U.S. health care system -- the fraudsters, scammers and organized criminal gangs who are bilking the system of as much as $100 billion a year.

Health care identity theft dominated all other crimes in the sector last year, according to Louis Saccoccio, executive director of the National Health Care Anti-Fraud Association (NHCAA), an advocacy group whose members include insurers, law enforcement and regulatory agencies.

HIPAA HITECH – Starting February 18, 2010 all Business Associates must be fully compliant with current HIPAA Privacy and Security regulations or face penalties. Train yourself and staff on these important updates with our newly revised online education and manuals. More Details >>>

Fraud & Abuse – Teach employees to recognize and respond to healthcare fraud and abuse before it happens in your organization. More Details >>>

Sexual Harassment – As required by the federal government, all organizations must train their employees how to mitigate and report sexual harassment in the workplace. Meet these requirements with BridgeFront’s two new courses, coming soon.

Customer Service Skills Library – From telephone to face-to-face skills, train your frontline staff members to exceed patient and customer expectations with BridgeFront's new course library, coming soon.

Privacy rule changes set to go into effect in 2010 could catch some health care staff off guard — and leave organizations at risk.

The changes extend HIPAA privacy and security requirements to associated businesses that handle patient health data and files.

But only about one-third of those businesses realize the new rules would cover them. That’s just one of the findings from a recent survey by the Healthcare Information and Management Systems Society.