Q: What type of protected health information (PHI) can be used for marketing? Are authorizations always necessary when using PHI for marketing purposes? If not, what are some situations when patient authorization would not be required?
Risk is defined as the possibility that an event will occur that will adversely affect the achievement of objectives. Numerous internal and external risks can negatively affect the business intentions of management and the board. The healthcare industry is complex, and risk is everywhere.
Q: If we end a contract with a business associate (BA), does the BA need to provide us with assurance that all protected health information (PHI) has been destroyed? Is this something that should be written into the initial contract? What are the steps to take if the BA does not respond to requests to confirm deletion of PHI?
As we cope with the COVID-19 pandemic, it is important to take a few extra measures to protect your organization, your patients, and your clients—as well as your data.
Q: What are the essential steps when conducting a risk analysis? Are there any sample tools out there to provide guidance on best practices for risk analyses? How often should organizations be conducting these tests?
