The HIPAA Privacy, Security and Breach Notification Rules require the development and implementation of policies. Covered entities must address all the standards in the rules
As privacy officer of a healthcare organization that includes about 12,000 employees in 14 hospitals and 30 clinics, Nancy Davis, MS, RHIA, CHPS, is a realist about one thing related to HIPAA compliance: Employees will make mistakes. They are human, after all.
There are a number of tools on the market to assist covered entities (CE) and business associates (BA) in addressing their compliance needs. Solutions range from large governance, risk, and compliance programs to tools that assist in the development of a compliance program. When it comes to ongoing compliance management, Ostendio's My Virtual Compliance Manager™ (MyVCM™) offers a solution that is more than just a tool for an occasional look at the compliance stance of an organization.
Ready or not, Phase 2 of OCR's HIPAA audit program is nearly ready to begin, and healthcare organizations and their business associates (BA) should be prepared to open their books to federal regulators.
Q: Is it permissible to write down a patient's pending exams (e.g., MRI, ultrasound) on the patient boards located by the patient's bed in his or her room even if that patient has a roommate?
