Gaps in mobile security remain a threat to your protected health information and leave you vulnerable to HIPAA violations, so train and, if necessary, restrain employees to reduce the risk.
Hospital mergers and acquisitions remain the trend, and many hospital systems and other healthcare organizations cover multiple states, so understanding and keeping track of different state privacy laws can get complicated.
Once you understand the basics of privacy and disclosure of PHI under HIPAA, strive to keep staff trained. According to Section 164.530 (b) of the Privacy Rule, a covered entity must train all members of their workforce on the policies and procedures with respect to PHI as necessary and appropriate.
There are fewer hoops to jump through when another provider requests a practice’s patient records than when an attorney requests them, but the requesting providers don’t have an automatic right to those records, and you can’t just hand them over.
In this month's security Q&A, our expert answers questions on the location of data backups, telehealth services using video conferencing, cloud service providers outside the U.S., and more!