Knowing when a breach occurred is one of the keys to reducing the risks associated with a breach of unsecure protected health information (PHI). Another is speedy mitigation.
Medical identity theft is on the rise and healthcare organizations need to ensure they are authenticating a patient's identity before providing medical services and products.
Are you still struggling to comply with the new requirements of the HIPAA omnibus final rule? A new toolkit offers sample policies, forms, and checklists that can help.
Q. My email remains encrypted until it is opened. I have received two requests-via email and certified letter-from the patient's parent requesting records be sent by email or mail. I know legally a person may request this, but we must provide this service when we can ensure that the person requesting is who he or she says he or she is. Does a certified letter with recognizable signature or email from a known email address of a parent qualify as verification of the parent's identity?
It's a brave new world out there for business associates (BA). BAs needed to comply with the HIPAA Security Rule and the use and disclosure provisions of the Privacy Rule in February 2010 as a result of the HITECH Act. However, the Office for Civil Rights (OCR) held off on any enforcement activities-that is, until recently.
