OCR's HIPAA audits will resume

November 1, 2013
Briefings on HIPAA

Although it hasn't released many details yet, OCR plans to resume its audits to assess compliance with HIPAA privacy, security, and breach notification requirements in 2014. The government agency also plans to expand the audit focus to include business associates (BA).

Healthcare organizations need to fight medical identity theft, including 'family fraud'

November 1, 2013
Briefings on HIPAA

Medical identity theft is on the rise and healthcare organizations need to ensure they are authenticating a patient's identity before providing medical services and products.

Looking beyond the omnibus deadline: Challenges on the horizon

November 1, 2013
Briefings on HIPAA

September 23 was a big day in the HIPAA world. It was the deadline to comply with most of the provisions of the HIPAA omnibus final rule.

Tools for complying with the HIPAA omnibus rule

November 1, 2013
Briefings on HIPAA

Are you still struggling to comply with the new requirements of the HIPAA omnibus final rule? A new toolkit offers sample policies, forms, and checklists that can help.

MiddleGate toolkit aims to reduce the risk of a breach

November 1, 2013
Briefings on HIPAA

Knowing when a breach occurred is one of the keys to reducing the risks associated with a breach of unsecure protected health information (PHI). Another is speedy mitigation.

HIPAA Q&A: Encrypted emails, facility directories, BA agreements, and voice mail

November 1, 2013
Briefings on HIPAA

Q. My email remains encrypted until it is opened. I have received two requests-via email and certified letter-from the patient's parent requesting records be sent by email or mail. I know legally a person may request this, but we must provide this service when we can ensure that the person requesting is who he or she says he or she is. Does a certified letter with recognizable signature or email from a known email address of a parent qualify as verification of the parent's identity?