Who would have thought that buying gas with a credit card or wearing a pacemaker could leave a person's information exposed? Yet highly sophisticated credit card skimming devices at gas stations are stealing from consumers, and healthcare organizations are concerned about the potential for malicious tampering or the theft of PHI from wireless medical devices such as pacemakers. Hidden vulnerabilities lie in everyday activities like these, and some of those vulnerabilities can expose PHI and put healthcare organizations at risk.
If many acute care hospitals struggle to protect patient privacy, long-term care organizations face their own challenges in ensuring the privacy of residents who live in their nursing homes and assisted living facilities.
One task that almost every healthcare organization is going to have to tackle to comply with the HIPAA omnibus final rule is amending its Notice of Privacy Practices (NPP).
Q. If an organization’s human resources officer is also the plan administrator for the organization’s group health plan (self-insured), does that individual have the right under HIPAA to access records of high-dollar pharmacy/medical claims for the purpose of targeting the insured for wellness programs or other alternative treatment plans?
