Workstation and physical security should be a collaborative effort between the privacy officer and security officer in your organization, but someone, regardless of who, should take the lead on physical security issues.
UnityPoint Health in Des Moines, Iowa, notified approximately 1.4 million patients in late July that their personal information may have been breached after hackers used phishing techniques to enter the company’s email system.
Q: Are we allowed to use case studies involving real incidents that occurred at our facility as part of training for things like safety and policies, or is there a risk that someone could identify the real people who were involved?
Most HIPAA covered entities have become steadfast in ensuring their digital environments that house ePHI are safe and secure, but this should not be your organization’s only concern. In its May OCR Cybersecurity Newsletter, OCR encouraged healthcare organizations to not forget about workstation security and physical security when it comes to protecting ePHI.
HHS is planning to reform HIPAA and 42 CFR Part 2 in an effort to improve care coordination. In remarks to the Heritage Foundation July 26, HHS Secretary Alex Azar conveyed that HHS is starting a review of regulations that interfere with coordination among doctors, hospitals, and payers.
Q: Is texting an acceptable way to communicate with a patient? Do we need to ask the patient to sign a form with a statement to the effect that they prefer that we text information on test results, etc., rather than leave a voicemail asking them to call?
