I am updating the notice of privacy practices and accounting of disclosures policy for my organization. Do any of the new, finalized rules indicate that the accounting of disclosures covers disclosures for treatment, payment, and healthcare operations?
UK HealthCare's Chief Compliance Officer R. Brett Short knew he was in for a rough day as soon as he saw the email from his organization's privacy officer.
Q. My email remains encrypted until it is opened. I have received two requests-via email and certified letter-from the patient's parent requesting records be sent by email or mail. I know legally a person may request this, but we must provide this service when we can ensure that the person requesting is who he or she says he or she is. Does a certified letter with recognizable signature or email from a known email address of a parent qualify as verification of the parent's identity?
Knowing when a breach occurred is one of the keys to reducing the risks associated with a breach of unsecure protected health information (PHI). Another is speedy mitigation.
Although it hasn't released many details yet, OCR plans to resume its audits to assess compliance with HIPAA privacy, security, and breach notification requirements in 2014. The government agency also plans to expand the audit focus to include business associates (BA).
