The Department of Health and Human Services, Office for Civil Rights (OCR) announced yesterday that it has reached separate settlements with three facilities for compromising the privacy of patient protected health information during the filming of “Boston Med,” an ABC television documentary series.
Although HIPAA laws do not specify any time frame on updating policies and procedures, OCR has expectations. Here are three recent settlements where OCR has included mandates to update policies and procedures. You can apply some of these lessons in your organization.
The Office of Civil Rights (OCR) offered considerations to healthcare organizations for securing electronic devices and media in its August Cybersecurity Newsletter.
Q: I work at the front desk at a clinic. My neighbor is one of our patients, and recently he asked if I could see when some test results would be available. Since I already had access to his records, is it a HIPAA violation to fulfill his request?
HIPAA covered entities that maintain poor policies and procedures related to HIPAA compliance—those that are unfinished in draft form, not updated in years, and basically not followed to the letter—have cost them dearly.
