Q: Are there any penalties for sending an unencrypted email containing PHI to the intended recipient? Would this just be a violation of the CE's policy and not a privacy breach under HITECH?
Q: I am employed by an acute care psychiatric hospital. The hospital's police department will sometimes take photographs of injuries patients have at the time of admission.
The HIPAA Security Rule requires implementing risk management tools and techniques to adequately and effectively safeguard ePHI. Risk analysis and management provides the foundation for an organization's Security Rule compliance efforts, and reinforces its strategy to protect the confidentiality, integrity, and availability of vital information.
The OCR continues to crack down on HIPAA breaches, but it also paused to take a look back at past incidents in two annual reports to Congress. The reports, which were released in May, summarize the reported 2011?2012 HIPAA breach and compliance activities as required by the HITECH Act. Although the data presented in the reports details the events from prior years, the causes of the breaches reported to and investigated by OCR are still relevant?and problematic?for healthcare organizations today.
