As privacy officer of a healthcare organization that includes about 12,000 employees in 14 hospitals and 30 clinics, Nancy Davis, MS, RHIA, CHPS, is a realist about one thing related to HIPAA compliance: Employees will make mistakes. They are human, after all.
The HIPAA Privacy, Security and Breach Notification Rules require the development and implementation of policies. Covered entities must address all the standards in the rules
Q: The company I work for has long debated what to do about medical records that are sent out on CDs. We concluded that since paper records could not be encrypted, we shouldn't have to worry about encrypting the CDs.