Q: The company I work for has long debated what to do about medical records that are sent out on CDs. We concluded that since paper records could not be encrypted, we shouldn't have to worry about encrypting the CDs.
As privacy officer of a healthcare organization that includes about 12,000 employees in 14 hospitals and 30 clinics, Nancy Davis, MS, RHIA, CHPS, is a realist about one thing related to HIPAA compliance: Employees will make mistakes. They are human, after all.
The HIPAA Privacy, Security and Breach Notification Rules require the development and implementation of policies. Covered entities must address all the standards in the rules
Phase 2 of OCR's HIPAA audit program is coming down the pipeline, and although privacy and security officers are typically tasked with all things HIPAA, there's a seat at the table for HIM when it comes to preparing for audits.
