Some healthcare administrators and executives consider the notice of privacy practices (NPP) another government administrative burden. From a privacy perspective, however, the NPP is not a waste of time.
Q.As part of its fundraising effort, Hybrid Entity's cancer center wants to send a patient list (demographic information only) to Hybrid's development office, which is not designated as a healthcare component of Hybrid. Is this permissible?
Paula Moran, MEd, and Jennifer Edlind, JD, CHC, know what they're talking about when they say having an incident response team in place when a data breach occurs is important. Moran is privacy and security manager at Massachusetts General Hospital (MGH) in Boston. Edlind is director of privacy and compliance operations at University Hospitals Health System (UH) in Cleveland.
