The healthcare industry is changing rapidly, and if you've been paying attention to the news you've probably noticed the recent wave of hospital mergers.
Q. Is it acceptable for admitting and patient registration staff to photograph patients upon check- in for identification purposes? Is it permissible to take pictures of behavioral health patients for the same purpose?
Q. Is it a HIPAA violation if a hospital receives a faxed Healthcare Effectiveness Data and Information Set (HEDIS) request and the hospital cannot identify the patient by full name, last name, or date of birth? These requests contain name, date of birth, provider, and the HEDIS Measure (Chlamydia screening, cervical cancer screening, cholesterol management, etc.) and last date of service of the patient. Typically, these faxed requests are from business associates of the patient's health insurance, but occasionally they come directly from the insurance company.
If there's one conclusion you can reach looking back at data breaches over the last decade, it's that organizations face more threats than ever, according to HIPAA professionals.
To comply with the HIPAA omnibus final rule, healthcare organizations need to revise their risk assessment process to determine whether they must notify affected individuals of a breach.
