In a year of uncertainty, the healthcare industry can rely on one thing: OCR is taking HIPAA enforcement seriously. As of July 1, OCR has collected more than $17 million in monetary settlements from nine organizations.
Consumer-facing health apps and personal health records are booming, and some covered entities such as health plans or clinics leverage these services to help patients. But it can sometimes be difficult to determine whether these vendors fall under HIPAA or not.
This month's security Q&A answers readers' questions about accounting of disclosures, providing information to marketing departments, unencrypted emails, and terminating BAAs.
This due digilence checklist will help track and evaluate document requests, warn of privacy and security issues, and provide a basis for determining action plans and resources required to integrate privacy and security programs.
Effective privacy and information security programs start with attention to governance. These eight guidelines will help establish and measure privacy and information security structure and processes.
