Patients are getting emboldened in the digital age and want quicker, more efficient—immediate, really—access to medical records. Further, the government is reinforcing existing regulations and creating new rules around data sharing that require entities to make healthcare records more accessible and deliver records to patients in their desired electronic format. Technology innovation has made this much easier for healthcare facilities to accomplish.
Many healthcare organizations aren’t doing a great job assessing the HIPAA risks associated with third parties. Some are having a hard time devoting resources. And many are worried that their current manual risk management processes cannot keep pace with cyberthreats.
Q: We do in-depth HIPAA assessments for our clients, but some clients want a simple assessment that they can keep up with them to maintain compliance. Do you have any recommendations for streamlining security assessments?
Q: I work in a residential care facility, and we have smart speakers in some resident rooms. Patient information is discussed where these smart devices can “hear” it. Although most manufacturers claim speakers are not “listening in,” we all hear about how speakers sometimes do what manufacturers say they do not. Could these speakers lead to a HIPAA violation?