Data such as patient names, birthdates, and Social Security numbers from more than 16 million medical images of patients worldwide are unprotected on the Internet, according to a new report.
Q: Does the HIPAA Privacy Rule strictly prohibit the disclosure or request of an entire medical record? If not, does there need to be a case-by-case justification every time an entire record is disclosed?
Many healthcare organizations aren’t doing a great job assessing the HIPAA risks associated with third parties. Some are having a hard time devoting resources. And many are worried that their current manual risk management processes cannot keep pace with cyberthreats.
The Office for Civil Rights (OCR) reached a settlement with Bayfront Health St. Petersburg, a Florida hospital, for allegedly violating the HIPAA Privacy Rule’s right of access provision when it failed to give a mother timely access to her unborn child’s records, according to an OCR press release.
Q: I work for a small rural hospital, and we have a lot of budget limitations for technology upgrades. Can we allow clinical staff to use their personal cell phones and mobile devices to communicate with patients? If so, how can we keep our calls, email, and text messages HIPAA compliant?
