Q: Does a hospital need to obtain the patient's written consent before obtaining physician office notes? Can I contact the physician office and request the needed information without obtaining a written consent from the patient? The office notes are needed for payment purposes.
Auditing of technical controls is increasingly important as both the level of use and technical sophistication of applications, hardware, and networking increase.
Q: Is it necessary for organizations to provide HIPAA training for all workforce members, even those who are not involved in patient care? Does that include cafeteria staff, workers employed through a temp or staffing agency, etc.?
If your organization is regulated by HIPAA, either as a covered entity (CE) or as a business associate (BA), you probably started a HIPAA training program years ago when the privacy and security rules mandating training were published. Whether old or recently created, your training program may not have met reasonable expectations to begin with. Now may be a good time to review, refresh, and refine that program to take it to a new level.
