Q: I am employed by an acute care psychiatric hospital. The hospital's police department will sometimes take photographs of injuries patients have at the time of admission.
The HIPAA Security Rule requires implementing risk management tools and techniques to adequately and effectively safeguard ePHI. Risk analysis and management provides the foundation for an organization's Security Rule compliance efforts, and reinforces its strategy to protect the confidentiality, integrity, and availability of vital information.
Hardware end-of-life data destruction presents a challenge in the world of healthcare. Whether the data is stored on a laptop, server, or even large biomedical equipment, the data needs to be properly destroyed before being repurposed. Green Delete, Inc., (GDI) offers secure, on-site data destruction that is efficient, quick, and environmentally friendly.
Q: Are there any penalties for sending an unencrypted email containing PHI to the intended recipient? Would this just be a violation of the CE's policy and not a privacy breach under HITECH?
