Core security and privacy training content often falls short of good practice. Sometimes, the information security officer and privacy officer do not have the resources to create robust content. Furthermore, organizations often limit training time to avoid any impact on productivity. However, providing incomplete information is short-sighted. An inadequately trained workforce is more likely to directly or indirectly cause regulatory violations and breaches.
St. Peter’s Surgery & Endoscopy Center notified patients that their protected health information (PHI) may have been impacted in January during a breach when an unauthorized third-party accessed their servers. Letters notifying patients were mailed out on February 28, reported St. Peter’s Surgery & Endoscopy Center in a statement.
One of the most challenging barriers to patient health is often patients’ own behavior. Case managers encounter them daily: the patient who won’t follow the treatment plan, the patient who persists with unhealthy habits, or the patient who opts against making lifestyle changes that can improve his or her condition.
This week's note digs into the details of how healthcare providers should manage the transition to the new Medicare cards, which is slated to begin in April 2018.
Q. We acquired a home health agency and now employ home health nurses, physical therapists, speech therapists, etc. Can we permit workforce members to use their personal cell phones to communicate with patients? Is there a HIPAA-compliant means of doing so for calls, email, and text messages?
