Q: Does the HIPAA Privacy Rule strictly prohibit the disclosure or request of an entire medical record? If not, does there need to be a case-by-case justification every time an entire record is disclosed?
Many healthcare organizations aren’t doing a great job assessing the HIPAA risks associated with third parties. Some are having a hard time devoting resources. And many are worried that their current manual risk management processes cannot keep pace with cyberthreats.
The Office for Civil Rights (OCR) reached a settlement with Bayfront Health St. Petersburg, a Florida hospital, for allegedly violating the HIPAA Privacy Rule’s right of access provision when it failed to give a mother timely access to her unborn child’s records, according to an OCR press release.
Q: I work for a small rural hospital, and we have a lot of budget limitations for technology upgrades. Can we allow clinical staff to use their personal cell phones and mobile devices to communicate with patients? If so, how can we keep our calls, email, and text messages HIPAA compliant?
Patients are getting emboldened in the digital age and want quicker, more efficient—immediate, really—access to medical records. Further, the government is reinforcing existing regulations and creating new rules around data sharing that require entities to make healthcare records more accessible and deliver records to patients in their desired electronic format. Technology innovation has made this much easier for healthcare facilities to accomplish.