If healthcare organizations take a lesson from Blue Cross Blue Shield of Tennessee's (BCBST) $1.5 million settlement for its 2009 HIPAA breach, it's that they should wake up and pay attention to where their ePHI is contained and stored, says Ali Pabrai, MSEE, CISSP, CSCS.
With 20 initial "trial" audits completed, OCR expects to move forward with another 95 audits to measure HIPAA compliance before year's end, said Susan McAndrew, JD, OCR's deputy director for health information privacy. This represents a reduction in the number of audits (150) that were originally planned for 2012.
Q. Please explain in an understandable way for nontechnical individuals what level of encryption is needed for e-mail to be considered secure as defined in the interim final breach notification rule.
Navigating the new world of social media is challenging for many professions, but perhaps none more so than the medical profession, where physicians and other healthcare professionals must balance a tell-all online culture with the HIPAA Privacy Rule's mandate to protect patient privacy.
