As many anticipated, the Department of Health and Human Services (HHS) has pushed out a flurry of proposed rules in the months leading up to the Trump administration’s departure. Among them is a Notice of Proposed Rulemaking (NPRM) that would make significant changes to the HIPAA Privacy Rule.
Q: If we end a contract with a business associate (BA), does the BA need to provide us with assurance that all protected health information (PHI) has been destroyed? Is this something that should be written into the initial contract? What are the steps to take if the BA does not respond to requests to confirm deletion of PHI?
Your facility’s information security officer has ultimate responsibility for information security policies implemented at your facility. However, everyone has an important role to play in keeping information secure by following policies and procedures.
Q: I am confused on the HIPAA rules for patients needing to show their driver’s license at the doctor’s office, hospital, or any other medical facility so the driver’s license can be scanned and put into their systems. I have refused to do that, but the facilities informed me that they were required by Medicare to scan the driver’s license. Is there a rule that clearly states that this is a requirement?
It’s time to circle back to the topic of remote access. Last month you were provided a checklist to send to your remote employees to assess workspace and workstation security. With new portable devices and web apps that support working from home, including transmitting large amounts of data with minimum resources, it’s important to share additional information that can help you protect your organization and your data.
