Q: We’ve had a breach of unsecured PHI regarding an out-of-state patient. What is your recommended first step in terms of which breach notification laws—state vs. federal—we need to comply with?
In an interview with Briefings on HIPAA, Tim Noonan, deputy director for the Division of Health Information Privacy at OCR, discussed cybersecurity and trends in reports of unsecured PHI to OCR. This article includes the highlights.
Elite Dental Associates has agreed to pay $10,000 to the Office for Civil Rights (OCR) for allegedly posting protected health information (PHI) on the social networking site Yelp, according to the U.S. Department of Health and Human Services.
Q: If you discover that you have accidentally accessed a patient’s information on your facility’s computer system, what’s the best course of action? Who should you notify first? Are you at risk of being in trouble if you looked at the information before realizing the error?
OCR meant what it said in February of this year about patients’ right of access to their medical records. The HIPAA Privacy and Security Rule enforcer issued its first enforcement action under its “Right of Access Initiative” in September.
The Food and Drug Administration (FDA) on Tuesday warned patients, healthcare providers, and manufacturers that some medical devices and hospital networks may be vulnerable to cyberattacks due to 11 vulnerabilities known as URGENT/11.
