Q: The company I work for has long debated what to do about medical records that are sent out on CDs. We concluded that since paper records could not be encrypted, we shouldn't have to worry about encrypting the CDs.
As privacy officer of a healthcare organization that includes about 12,000 employees in 14 hospitals and 30 clinics, Nancy Davis, MS, RHIA, CHPS, is a realist about one thing related to HIPAA compliance: Employees will make mistakes. They are human, after all.
Q: Is it permissible to write down a patient's pending exams (e.g., MRI, ultrasound) on the patient boards located by the patient's bed in his or her room even if that patient has a roommate?
Phase 2 of OCR's HIPAA audit program is coming down the pipeline, and although privacy and security officers are typically tasked with all things HIPAA, there's a seat at the table for HIM when it comes to preparing for audits.
Ready or not, Phase 2 of OCR's HIPAA audit program is nearly ready to begin, and healthcare organizations and their business associates (BA) should be prepared to open their books to federal regulators.
There are a number of tools on the market to assist covered entities (CE) and business associates (BA) in addressing their compliance needs. Solutions range from large governance, risk, and compliance programs to tools that assist in the development of a compliance program. When it comes to ongoing compliance management, Ostendio's My Virtual Compliance Manager™ (MyVCM™) offers a solution that is more than just a tool for an occasional look at the compliance stance of an organization.
