Q: If a patient writes his or her email address in an illegible fashion and the provider misreads it and then inadvertently sends appointment reminders and other communication to the wrong email address, is the provider at fault? What steps can be taken to avoid such a situation?
Q: Telemedicine may not be the best fit for all patients. How can case managers help facilitate in-person visits for those patients that cannot engage in telemedicine visits?
Ever run into a vendor who claims to be a conduit versus a business associate (BA)? It happens all too often, in my experience. Here’s the problem: The conduit exception is a narrow one. If you’re storing protected health information (PHI), even encrypted PHI where you don’t have the encryption key, you’re a BA. Once you sign the business associate agreement (BAA), it applies to you.
Q: What type of activity must be audited to comply with the HIPAA requirement to audit electronic medical record (EMR) activity? Does this include every action a user takes within a record and the length of time a user spends in a record?
As many anticipated, the Department of Health and Human Services (HHS) has pushed out a flurry of proposed rules in the months leading up to the Trump administration’s departure. Among them is a Notice of Proposed Rulemaking (NPRM) that would make significant changes to the HIPAA Privacy Rule.
Q: If we end a contract with a business associate (BA), does the BA need to provide us with assurance that all protected health information (PHI) has been destroyed? Is this something that should be written into the initial contract? What are the steps to take if the BA does not respond to requests to confirm deletion of PHI?
