In the months before a transition to a new administration, the Office for Civil Rights (OCR) released the long-awaited 2016-2017 HIPAA Audits Industry Report, offering a look at the successes and shortcomings of select covered entities (CE) and business associates (BA).
Q: Are there any clauses in HIPAA that mandate the sharing of health information of a public figure (such as the president) whose health is of legitimate interest to the American public? Or do normal HIPAA rules apply for the president?
Q: What are the encryption requirements when using Google Drive™, Dropbox®, or other information-storing applications? How do we ensure HIPAA compliance when using them?
Q: If a patient writes his or her email address in an illegible fashion and the provider misreads it and then inadvertently sends appointment reminders and other communication to the wrong email address, is the provider at fault? What steps can be taken to avoid such a situation?
Q: Telemedicine may not be the best fit for all patients. How can case managers help facilitate in-person visits for those patients that cannot engage in telemedicine visits?
Ever run into a vendor who claims to be a conduit versus a business associate (BA)? It happens all too often, in my experience. Here’s the problem: The conduit exception is a narrow one. If you’re storing protected health information (PHI), even encrypted PHI where you don’t have the encryption key, you’re a BA. Once you sign the business associate agreement (BAA), it applies to you.
