Q: We still use a color-coded filing system at my organization that uses specific colors to identify patient types, like whether an individual is a Medicaid/CHIP patient. These files are mostly used for billing documentation. Because the colors identify patient type, would this be considered a HIPAA violation?
A recent HIPAA breach that involved transmission of PHI to only one party—a reporter—nonetheless cost a Connecticut practice $125,000, in part because the practice didn’t take simple precautions.
Vitagene Inc. stored data such as consumers' email addresses, dates of birth, and gene-based health information on a publicly accessible cloud-based database.
The Nemadji Research Corp., a patient eligibility and billing service based in Minnesota, announced that the protected health information of thousands of patients may have been exposed earlier this year after a Nemadji employee fell victim to a phishing attack.
