Q: Can a healthcare provider be a business associate of another provider? In other words, do providers need to have business associate agreements between one another?
Data such as patient names, birthdates, and Social Security numbers from more than 16 million medical images of patients worldwide are unprotected on the Internet, according to a new report.
Q: Does the HIPAA Privacy Rule strictly prohibit the disclosure or request of an entire medical record? If not, does there need to be a case-by-case justification every time an entire record is disclosed?
Many healthcare organizations aren’t doing a great job assessing the HIPAA risks associated with third parties. Some are having a hard time devoting resources. And many are worried that their current manual risk management processes cannot keep pace with cyberthreats.
The Office for Civil Rights (OCR) reached a settlement with Bayfront Health St. Petersburg, a Florida hospital, for allegedly violating the HIPAA Privacy Rule’s right of access provision when it failed to give a mother timely access to her unborn child’s records, according to an OCR press release.
