The Office for Civil Rights’ (OCR) July Cybersecurity Newsletter, released last week, gave advice on disposing electronic devices and media to protect sensitive information like financial records and electronic personal health information.
Q: Is it permissible to take pictures of patients (including behavioral health) for identification purposes as a part of the registration process? Do the patients need to sign a consent form before their picture can be taken?
Implementing a denial avoidance initiative can help facilities and health systems realize lost revenue, achieve cost savings, and improve an organization’s financial performance.
Workstation and physical security should be a collaborative effort between the privacy officer and security officer in your organization, but someone, regardless of who, should take the lead on physical security issues.
UnityPoint Health in Des Moines, Iowa, notified approximately 1.4 million patients in late July that their personal information may have been breached after hackers used phishing techniques to enter the company’s email system.
Q: Are we allowed to use case studies involving real incidents that occurred at our facility as part of training for things like safety and policies, or is there a risk that someone could identify the real people who were involved?
