Q: Are we allowed to use case studies involving real incidents that occurred at our facility as part of training for things like safety and policies, or is there a risk that someone could identify the real people who were involved?
Most HIPAA covered entities have become steadfast in ensuring their digital environments that house ePHI are safe and secure, but this should not be your organization’s only concern. In its May OCR Cybersecurity Newsletter, OCR encouraged healthcare organizations to not forget about workstation security and physical security when it comes to protecting ePHI.
HHS is planning to reform HIPAA and 42 CFR Part 2 in an effort to improve care coordination. In remarks to the Heritage Foundation July 26, HHS Secretary Alex Azar conveyed that HHS is starting a review of regulations that interfere with coordination among doctors, hospitals, and payers.
Q: Is texting an acceptable way to communicate with a patient? Do we need to ask the patient to sign a form with a statement to the effect that they prefer that we text information on test results, etc., rather than leave a voicemail asking them to call?
Your organization does not have to look far to see how important it is for your business associates (BA) to comply with HIPAA. Take a glance at the OCR website for breaches involving 500 or more patients. BAs are regularly involved in these breaches along with covered entities (CE). However, the bad press almost always goes to the CEs.
Boys Town National Research Hospital, in Omaha, Nebraska, announced July 20 that it had discovered a data security incident that may have affected the personal health information of 105,309 individuals.
