Many healthcare organizations have pondered these questions. Now OCR has turned its attention to this topic, and healthcare organizations need to prepare for compliance.
Account numbers reported to the state are considered patient-identifiable information. Therefore, you must include them in an accounting of disclosures in response to patient requests.
Jaspinder Grewal is a self-described "techie" who knows that developing cost-effective techniques to ensure HIPAA compliance is important for healthcare organizations.
Grewal, who is project lead for application services at Mount Sinai Hospital and Medical Center in Chicago, shared his ideas during the 18th National HIPAA Summit, held February 2–5 in Washington, DC.
Connecticut Attorney General Richard Blumenthal sued Health Net of Connecticut, Inc., for failing to secure private patient medical records and financial information involving 446,000 Connecticut enrollees. The health-care insurer also failed to promptly notify consumers endangered by the security breach, according to a press release from Blumenthal’s office.
A patient underwent diagnostic testing in the hospital where she was employed. She received a copy of the laboratory results, and when she read them, she noticed that a physician had noted her employee status. Does this violate HIPAA?