News & Analysis

Tips for working with OCR investigators

January 1, 2014
Briefings on HIPAA

Ask HIPAA privacy and security officers what they dread most and an OCR investigation will be high on their list.

Security Q&A: Accounting of disclosures, notices of privacy practices, cloud vendors, smartphone apps

December 1, 2013
Briefings on HIPAA

I am updating the notice of privacy practices and accounting of disclosures policy for my organization. Do any of the new, finalized rules indicate that the accounting of disclosures covers disclosures for treatment, payment, and healthcare operations?

How encryption can help prevent breaches of PHI at your organization

December 1, 2013
Briefings on HIPAA

Encryption. Encryption. Encryption. It's almost impossible to listen to a HIPAA security expert talk about healthcare security and not hear that word.

'Tis the season for giving: Privacy and security officers share HIPAA tips and strategies

December 1, 2013
Briefings on HIPAA

It's the season of giving and in that spirit, BOH asked some privacy and security officers to share their best tips to help others.

An inside look at one healthcare organization's OCR audit experience

December 1, 2013
Briefings on HIPAA

UK HealthCare's Chief Compliance Officer R. Brett Short knew he was in for a rough day as soon as he saw the email from his organization's privacy officer.

HIPAA Q&A: Encrypted emails, facility directories, BA agreements, and voice mail

November 1, 2013
Briefings on HIPAA

Q. My email remains encrypted until it is opened. I have received two requests-via email and certified letter-from the patient's parent requesting records be sent by email or mail. I know legally a person may request this, but we must provide this service when we can ensure that the person requesting is who he or she says he or she is. Does a certified letter with recognizable signature or email from a known email address of a parent qualify as verification of the parent's identity?

Pages