Incidents involving paper records and desktop computers are second and third most common on the growing list of privacy breaches reported on the OCR website. (The No. 1 reason for privacy breaches re-mains the loss or theft of laptop computers and other portable devices. Briefings on HIPAA looked at ways to prevent those types of privacy breaches in the June issue.)
The HITECH Act includes new privacy requirements that allow for stronger individual rights to access electronic health records (EHR) and restrict the disclosure of certain PHI.
On July 8, HHS released a proposed rule to modify the HIPAA privacy, security, and enforcement rules, extending HIPAA compliance requirements to subcontractors of business associates (BA) and strengthening patient rights to health information privacy.
The HIPAA Security Rule requires covered entities (CE) to conduct periodic evaluations of their information security programs.
However, Phyllis A. Patrick, MBA, FACHE, CHC, wonders how many organizations have completed the kind of evaluation the Security Rule standard requires.