Q: I work at a pediatric practice, and we receive a lot of holiday cards from our patients, many of which feature family photos. We hang them up because the patients love to see themselves displayed in our lobby. We have reached out to a HIPAA security officer at a nearby hospital who told us it is not a HIPAA violation to display holiday cards received from patients. Is this accurate?
Q: If someone calls a facility to schedule an appointment for a patient, is it a violation of HIPAA to admit the patient receives care at the practice? For example, the practice where I work often helps victims of domestic abuse.
A mobile workforce in the healthcare industry presents a unique set of HIPAA privacy and security challenges. As the number of large HIPAA breaches increases and OCR ramps up audits, organizations cannot afford to risk their bottom line and reputation by failing to protect patient privacy and security.
Q: I am currently working on a social media usage policy for the organization where I work. I often notisce that some of my friends in the healthcare industry will post about patients on social media website.
1. Phase 2 of OCR's HIPAA audits will be desk audits, which means OCR will not conduct on-site audits of covered entities (CE) and business associates (BA) unless resources are available.